Page web s'ouvrant toute seuleRésolu/Fermé

Question

Bonjour, j'ai un petit problème mais qui soule a la fin : quand je surf sur le net meme sans surfer des pages web s'ouvrent telque des offres pour acheter un antivirus (WinAntivirusPro 2006), casinos, pages de cul,.... 
J'ai fait une analyse avec hijackthis et la voici :
Logfile of HijackThis v1.99.1
Scan saved at 11:30:55, on 29/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes téléchargements\Kitbar4$.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - Startup: Kitbar4$.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NetYft - Unknown owner - \?\C:\Program Files\Fichiers communs\prn.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Merci de votre aide et je vois que je ne suis pas le seul avec ce problème, bonne journée

Utilisateur anonyme · Answer

Bonjour

Poste aussi ce rapport.

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.
https://www.f-secure.com/en
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres)

Copie et colle le contenu de ce rapport dans ta prochaine réponse.

Jeff · Answer

En plus de ça, je te conseille de commencer par un coup de spybot et ad-aware !

tonyhr · Answer

Merci pour les réponse très rapide alors j'ai fait ce que tu ma dit j'ai télécharger Blacklight mais lorque je lance blbeta.exe ca m'ouvre une fenetre mais ca la referme aussitot sinon j'ai essayer avec ad-aware, bitdefender,avast,spyware doctor, kaspersky, spy sweeper et avec un truc de windows GiPo@MoveOnBoot mais rien a faire ca me fait toujours la meme chose

Utilisateur anonyme · Answer

Si BlackLight ne fonctionne pas, fais ceci.

Télécharge Silent Runners
https://www.silentrunners.org/Silent%20Runners.zip

Si tu as une alerte de ton antivirus  au cours du téléchargement, ou au cours de son utilisation au sujet de ce script, n'en tiend pas compte.

Une fois téléchargé,tu le dézippes dans un dossier dédié.
Puis tu double cliques sur ce fichier,il va travailler, patiente jusqu'à l'affichage d'un message.
Un rapport est généré dans le meme dossier, colle le ici.
La fin doit ressembler à ceci

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 104 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 14 seconds.
---------- (total run time: 162 seconds)

Pattex · Answer

"salut tonyrh, j'ai eu le meme probleme et cela c'est resolu avec un nettoyage de base sur ce site :https://leblogdeclaude.blogspot.com/2006/10/informatique-procdure-de-nettoyage.html

a la fin du nettoyage les pubs avait disparu

tonyhr · Answer

J'ai essayer de faire ce que tu ma dit Pattex mais rien a faire la pluparts des logiciels ce bloquent et n'avancent plus. Voici le rapport Silent Runners : "Silent Runners.vbs", revision 49, https://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string] "AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."] "LSBWatcher" = "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" ["Hewlett-Packard Company"] "BDMCon" = ""C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."] "BDAgent" = ""C:\Program Files\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."] "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."] "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."] "PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"] "ukafndsygv" = "c:\windows\system32\ukafndsygv.exe ukafndsygv" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView" -> {HKLM...CLSID} = "SampleView" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"] "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{46E22146-59C0-4136-9233-52E412E2B428}" = "EzCddax extension" -> {HKLM...CLSID} = "EzCddax Class" \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Mes dossiers de partage" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures" -> {HKLM...CLSID} = "My Logitech Pictures" \InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."] "{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension" -> {HKLM...CLSID} = "FileTimeShlExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\TISHAR~1\TICONN~1\TIShlExt.dll" ["Texas Instruments Incorporated"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> "AppInit_DLLs" = "sockspy.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EzCddax\(Default) = "{46E22146-59C0-4136-9233-52E412E2B428}" -> {HKLM...CLSID} = "EzCddax Class" \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll" [null data] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Default executables: -------------------- HKCU\Software\Classes\batfile\ HKCU\Software\Classes\cmdfile\ Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "AllowLegacyWebView" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "AllowUnhashedWebView" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "HP_Propriétaire" & "All Users" startup folders: ----------------------------------------------------------------- C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage "Kitbar4$" -> shortcut to: "C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes téléchargements\Kitbar4$.exe" [empty string] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "WiFi Station" -> shortcut to: "C:\Program Files\Hercules\WiFi Station\WifiStation.exe -s" ["Hercules"] Enabled Scheduled Tasks: ------------------------ "Maintenance en 1 clic" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"] "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDetect.exe" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f" Missing lines (compared with English-language version): [Strings]: 2 lines HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] BitDefender Communicator, XCOMM, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"] BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."] BitDefender Scan Server, bdss, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data] BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service" ["SOFTWIN S.R.L."] iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."] Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]} TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, ""C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe"" ["TuneUp Software GmbH"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Bluebeam PDF Monitor\Driver = "BBPDFPortMon.dll" [null data] EPSON STM3 2KMonitor3\Driver = "E_SL2003.DLL" ["SEIKO EPSON CORPORATION"] HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 41 seconds, including 7 seconds for message boxes) Merci a toi Pattex meme si sa n'a pas marcher

Utilisateur anonyme · Answer

On voit le coupable.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les  manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.


Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)


FAIS UN CLIC-DROIT sur le lien suivant
http://metallica.geekstogo.com/EGDACCESS.bfu 
et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note: si tu utlises Internet Explorer, lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).


Ouvre le Bloc-note et copie-colle les lignes ci-dessous 


RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ukafndsygv
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ukafndsygv
FileDelete %SYSDIR%\ukafndsygv_navps.dat
FileDelete %SYSDIR%\ukafndsygv_nav.dat
FileDelete %SYSDIR%\ukafndsygv.dat
FileDelete %SYSDIR%\ukafndsygv.exe

FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0

SystemEmptyTempFolder
SystemEmptyRecycleBin

Sauvegarde dans le dossier créé (C:\BFU) (Nom du fichier : "Fixme.bfu " -sans inclure les guillemets- ; Type : Tous les fichiers).


$$ Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.


$$ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

--- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

EGDACCESS.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.

--- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Fixme.bfu

Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci :C:\BFU\Fixme.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK

Clique Exit pour fermer le programme BFU.


$$ Redémarre normalement 


Poste un nouveau hijackthis avec le rapport situé ici C:\egd.txt

tonyhr · Answer

Ok merci a toi Chercheurbis mais je vais faire tout cela samedi car le temps me manque en ce moment sinon toute la procédure se déroulera sans internet ? Je peut le couper ca ne gênera rien ?

Utilisateur anonyme · Answer

Re

Au contraire, il faut faire la manip hors connection et en mode sans échec.

tonyhr · Answer

Merci de ton aide et voici le nouveau hijackthis  que tu m'a demandé :
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe"
"iTunesHelper"="\"C:\Program Files\iTunes\iTunesHelper.exe\""
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE"
"AlcxMonitor"="ALCXMNTR.EXE"
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
"BDMCon"="\"C:\Program Files\Softwin\BitDefender10\bdmcon.exe\" /reg"
"BDAgent"="\"C:\Program Files\Softwin\BitDefender10\bdagent.exe\""
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe"
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe"
"PS2"="C:\WINDOWS\system32\ps2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

Utilisateur anonyme · Answer

Bonsoir

egd.txt est propre, mais il manque le nouveau rapport HijackThis.

tonyhr · Answer

Bonjour, voici le nouveau rapport HijackThis 
Logfile of HijackThis v1.99.1
Scan saved at 13:02:47, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes téléchargements\Kitbar4$.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - Startup: Kitbar4$.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NetYft - Unknown owner - \?\C:\Program Files\Fichiers communs\prn.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Merci et bon week end

Utilisateur anonyme · Answer

Bonjour

On continue.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les  manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer

1 Télécharge 
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

AVG Anti-Spyware
https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

clean.zip 
http://www.malekal.com/download/clean.zip 
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 


2 Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows. 
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.


3 Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab 
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab 
O23 - Service: NetYft - Unknown owner - \?\C:\Program Files\Fichiers communs\prn.exe (file missing) 
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer


5 Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.
Dans la liste des services, cherche et sélectionne 
"NetYft" / double clique sur la ligne 
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\Program Files\Fichiers communs\prn.exe" / dans Type de démarrage, 
sélectionne Désactiver / valide la modification.


6 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Program Files\Fichiers communs\prn.exe


7 Lance le nettoyage avec CCleaner

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.


8 Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. 
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.


9 Ouvre le dossier Clean qui se trouve sur ton bureau, et double-clic sur clean.cmd.
Une fenêtre noire va apparaître pendant un instant, laisse la ouverte. 


10 Redémarre normalement

Poste un nouveau log HijackThis avec le rapport d'AVG Anti-Spyware et le rapport qui se trouve ici C:apport_clean.txt

tonyhr · Answer

Voici le nouveau log HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 19:53:55, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ps2.exe
C:\Problème\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes téléchargements\Kitbar4$.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Problème\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Kitbar4$.lnk = ?
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Problème\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

le rapport d'AVG Anti-Spyware 

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	19:41:45 02/12/2006

 + Résultat de l'analyse:	



	Rien à signaler.



Fin du rapport


le rapport qui se trouve ici C:\rapport_clean.txt 

Script clean par Malekal_morte - http://www.malekal.com 

Microsoft Windows XP [version 5.1.2600]
Script execute en mode sans echec 
 
*** Suppression de fichiers sur C: 
 
*** Suppression des fichiers dans C:\WINDOWS\ 
C:\WINDOWS\ALCXMNTR.EXE FOUND 
 
*** Suppression des fichiers dans C:\WINDOWS\system32 
C:\WINDOWS\system32\bdod.bin FOUND 
 
 
*** Suppression des clefs du registre effectuee..

Encore merci et depuis un moment plus aucune page internet ne c'est ouverte.

Utilisateur anonyme · Answer

Ces rapports sont propres.

Encore une petite chose.
Dénonce ton infection pour faire condamner les auteurs.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections conforme au règle du forum (age, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé.
---> https://malwarecomplaints.info/

Plus d'informations ici
http://forum.zebulon.fr/index.php?showtopic=88688

tonyhr · Answer

Ok et merci beaucoup pour ton aide

herbjane · Answer

Bonjour,
J'enchaîne sur ce sujet puisque je pense qu'il m'arrive les mêmes pb sauf que lorsque le lance FireFox (qui s'ouvre d'ailleurs) une autre page sous IE s'ouvre me vantant les mérites de ceci ou cela.
Là ou mon affaire se corse c'est que ne n'arrive pas à lancer XP en mode sans échec (F8). Le démarrage se fait, un défilement fait apparaître qu'il y a un chargement en mémoire puis plus rien et l'ordi se bloque. J'ai essayé à plusieurs reprises d'affilés. Et puis mon ordi met un temps "fou" à charger XP.
Merci à chercheurbis de bien vouloir me faire savoir s'il y a similitude avec le présent sujet.

Utilisateur anonyme · Answer

Bonjour  herbjane 

Difficile de dire si c'est la même chose.

Télécharge HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm

Fais un scan et poste le rapport.


Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.
https://www.f-secure.com/en
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres)

Copie et colle le contenu de ce rapport dans ta prochaine réponse.

herbjane · Answer

Salut et merci pour la réponse,
voici le HJ :

Logfile of HijackThis v1.99.1
Scan saved at 23:02:45, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Documents and Settings\Standard\Mes documents\Ma musique\Volkey\Volkey.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Palm\AlarmApp.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [Volkey] C:\Documents and Settings\Standard\Mes documents\Ma musique\Volkey\Volkey.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [exitpure] C:\DOCUME~1\Standard\APPLIC~1\ATOMMI~1\BEND KNOB SIXTH.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\ADOBE\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\Palm\AlarmApp.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\ADOBE\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kdance23.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www3.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:  sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

et voici la fenêtre que j'ai après avoir lancé blacklight :

(désolé, je ne peux coller la fenêtre ici), voici donc le texte :

F-Secure BlackLight could not acquire necessary privileges (SeDebugPrivilege)
- Your computer settings may prevent acquiring these privileges
- A malicious program might have disabled these privileges

avec ça me voilà bien.

encore merci et @+

Utilisateur anonyme · Answer

Re

Tu as une infection Lop visible dans HijackThis.
Télécharges Lopxp.zip
http://pageperso.aol.fr/balltrap34/lopxp.zip
Dézippes le sur le Bureau
Lances le fichier lopxp.bat 
Postes le rapport


A la place de BlackLight, fais ceci.
Télécharge Silent Runners
https://www.silentrunners.org/Silent%20Runners.zip

Si tu as une alerte de ton antivirus  au cours du téléchargement, ou au cours de son utilisation au sujet de ce script, n'en tiend pas compte.

Une fois téléchargé,tu le dézippes dans un dossier dédié.
Puis tu double cliques sur ce fichier,il va travailler, patiente jusqu'à l'affichage d'un message.
Un rapport est généré dans le meme dossier, colle le ici.
La fin doit ressembler à ceci

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 104 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 14 seconds.
---------- (total run time: 162 seconds)

herbjane · Answer

Salut chercheurbis, voici le rapport de lopxp : Rapport fait à 11:53:01.98 le 13/12/2006 Le volume dans le lecteur C s'appelle HERBERT Le num‚ro de s‚rie du volume est 2739-14D3 R‚pertoire de C:\Documents and Settings\Default User\Application Data 08/05/2003 20:34 62 desktop.ini 08/05/2003 20:34 Microsoft 08/05/2003 20:34 .. 08/05/2003 20:34 . 1 fichier(s) 62 octets 3 R‚p(s) 26267435008 octets libres Le volume dans le lecteur C s'appelle HERBERT Le num‚ro de s‚rie du volume est 2739-14D3 R‚pertoire de C:\Documents and Settings\All Users\Application Data 11/12/2006 12:30 Roam Book Less Trust 21/11/2006 16:08 3120 118300.34 30/03/2006 17:54 BVRP Software 28/01/2006 11:38 1751 QTSBandwidthCache 28/01/2006 11:22 Apple Computer 23/11/2005 01:22 espionServerData 22/11/2005 20:51 Adobe Systems 07/10/2005 15:57 Windows Genuine Advantage 05/10/2005 11:18 Skype 10/08/2005 12:15 Ultima_T15 10/08/2005 12:15 20 PKP_DLea.DAT 10/08/2005 12:15 EnterNHelp 12/07/2005 12:40 muvee Technologies 20/05/2005 10:13 DataViz 30/12/2004 22:42 Pinnacle 08/07/2004 10:25 Spybot - Search & Destroy 22/06/2004 10:19 GTek 02/04/2004 09:54 Adobe 31/01/2004 18:52 nView_Profiles 24/07/2003 09:57 MSN6 10/05/2003 18:18 OLYMPUS 09/05/2003 23:13 MSN Messenger 5.0.0543 08/05/2003 20:44 Ulead Systems 08/05/2003 20:44 ACD Systems 08/05/2003 20:44 SBT 08/05/2003 20:44 Symantec 08/05/2003 20:34 62 desktop.ini 08/05/2003 20:34 Microsoft 08/05/2003 20:34 . 08/05/2003 20:34 .. 4 fichier(s) 4953 octets 26 R‚p(s) 26267435008 octets libres Le volume dans le lecteur C s'appelle HERBERT Le num‚ro de s‚rie du volume est 2739-14D3 R‚pertoire de C:\Documents and Settings\Standard\Application Data 11/12/2006 12:29 AtomMixRegs 04/11/2006 10:05 BitTorrent 04/08/2006 12:07 Real 19/07/2006 15:38 vlc 16/05/2006 17:00 TaoUSign 11/05/2006 12:04 Thunderbird 28/01/2006 11:27 Apple Computer 24/01/2006 17:31 Musicmatch 19/12/2005 15:30 Music Recognition 23/11/2005 11:24 Opera 07/09/2005 18:08 Google 24/08/2005 17:51 OLYMPUS 18/08/2005 12:20 Media Player Classic 12/07/2005 12:40 muvee Technologies 12/07/2005 00:39 Nikon 07/07/2005 18:16 Nvu 17/05/2005 11:06 Talkback 14/04/2005 11:41 .gaim 06/01/2005 20:35 Sonic Foundry 27/12/2004 13:07 Publish Providers 22/12/2004 17:09 Iomega Automatic Backup 14/12/2004 11:22 SmartFTP 09/12/2004 15:43 Sony 15/11/2004 00:28 Skype 18/10/2004 09:56 4608 Thumbs.db 25/08/2004 17:30 Lavasoft 23/06/2004 19:59 Sun 22/06/2004 10:19 GTek 29/01/2004 23:19 38501 Valeurs s‚par‚es par des virgules (Windows).ADR 20/01/2004 23:58 Arcsoft 20/01/2004 23:44 Leadertech 30/12/2003 16:02 MailWasher 29/12/2003 15:20 eConf 29/12/2003 15:16 Wanadoo visio 07/12/2003 12:53 Kazaa Lite 24/07/2003 09:57 MSN6 01/07/2003 19:01 EPSON 21/06/2003 15:12 ACAMPREF 13/06/2003 20:09 MusicLab 31/05/2003 01:19 3774 ftc_48x48_03.ico 30/05/2003 18:19 AdobeUM 29/05/2003 18:36 5182 netflixdt40.ico 29/05/2003 01:12 894 SportsInteractions.ico 25/05/2003 18:28 153368 GDIPFONTCACHEV1.DAT 11/05/2003 20:16 Help 08/05/2003 22:55 Ulead Systems 08/05/2003 20:44 Macromedia 08/05/2003 20:44 IM 08/05/2003 20:44 Mozilla 08/05/2003 20:44 Jasc 08/05/2003 20:44 ACD Systems 08/05/2003 20:44 ImageFox 08/05/2003 20:44 Adobe 08/05/2003 20:44 PhotoParade 08/05/2003 20:44 Steinberg 08/05/2003 20:44 Microsoft Web Folders 08/05/2003 20:44 Symantec 08/05/2003 20:44 Identities 08/05/2003 20:43 62 desktop.ini 08/05/2003 20:43 . 08/05/2003 20:43 .. 08/05/2003 20:43 Microsoft 07/05/2003 09:23 37203 Microsoft Excel.ADR 22/04/2002 00:54 3285 dw.log 29/01/2002 00:22 32 sversion.ini 10 fichier(s) 246909 octets 55 R‚p(s) 26267435008 octets libres Le volume dans le lecteur C s'appelle HERBERT Le num‚ro de s‚rie du volume est 2739-14D3 R‚pertoire de C:\Documents and Settings\Administrateur\Application Data 03/02/2005 20:41 Webroot 02/02/2005 20:13 Mozilla 24/01/2005 17:30 Lavasoft 27/03/2004 10:39 62 desktop.ini 27/03/2004 10:39 Microsoft 27/03/2004 10:39 .. 27/03/2004 10:39 . 1 fichier(s) 62 octets 6 R‚p(s) 26267435008 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS\tasks Le volume dans le lecteur C s'appelle HERBERT Le num‚ro de s‚rie du volume est 2739-14D3 R‚pertoire de C:\WINDOWS\Tasks 11/12/2006 12:31 290 AE1015EE91BF87F6.job 06/12/2006 12:51 330 MP Scheduled Scan.job 28/02/2001 23:19 620 Maintenance-Nettoyage de disque.job 10/06/1999 16:12 6 SA.DAT 01/01/1980 00:00 502 WINALIGN.JOB 01/01/1980 00:00 65 DESKTOP.INI 01/01/1980 00:00 502 D‚marrage du programme de r‚glages.job 01/01/1980 00:00 .. 01/01/1980 00:00 . 7 fichier(s) 2ÿ315 octets 2 R‚p(s) 26ÿ267ÿ435ÿ008 octets libres ****************************************** Recherche dans Program files Le dossier C:\Program Files\C2Media n'existe pas *************** Fin du rapport **************** et voici le rapport de Silent Runners : "Silent Runners.vbs", revision 49, https://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "TClockEx" = "C:\Program Files\TClockEx\TCLOCKEX.EXE" ["Dale Nurden"] "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS] "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "BitTorrent" = ""C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized" [null data] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "exitpure" = "C:\DOCUME~1\Standard\APPLIC~1\ATOMMI~1\BEND KNOB SIXTH.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS] "LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."] "Iomega Automatic Backup 1.0.1" = "C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" ["Iomega Corporation"] "BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."] "BDOESRV" = "C:\Program Files\Softwin\BitDefender8\bdoesrv.exe" ["SOFTWIN SRL"] "BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" [null data] "BDSwitchAgent" = "C:\Program Files\Softwin\BitDefender8\bdswitch.exe" [null data] "Volkey" = "C:\Documents and Settings\Standard\Mes documents\Ma musique\Volkey\Volkey.exe" [null data] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."] "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string] "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."] "IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\ipoint.exe"" [MS] "Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {52D06F97-5511-43FA-8FDA-C481864FD26E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Alcohol Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Bande de menus" -> {HKLM...CLSID} = "Bande de menus" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand" -> {HKLM...CLSID} = "IShellFolderBand" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "&Liens" -> {HKLM...CLSID} = "&Liens" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Image miniature" -> {HKLM...CLSID} = "Background Thumbnail Generator" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Suivi du menu Shell" -> {HKLM...CLSID} = "Suivi du menu Shell" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site" -> {HKLM...CLSID} = "Menu Site" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Barre du Bureau" -> {HKLM...CLSID} = "Menu Barre du Bureau" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau" -> {HKLM...CLSID} = "Explorateur de Bureau" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery" -> {HKLM...CLSID} = "Logitech Gallery" \InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL" -> {HKLM...CLSID} = "SmartFTP Shell Extension DLL" \InProcServer32\(Default) = "C:\Program Files\SmartFTP\smarthook.dll" ["SmartFTP"] "{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension" -> {HKLM...CLSID} = "PropPage Class" \InProcServer32\(Default) = "C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll" ["Symantec Corporation"] "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] "{29e3fb5b-cf62-45b5-b8bf-1ad500385fc7}" = "Shell Context Menu Handler for Application References" -> {HKLM...CLSID} = "Shell Context Menu Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{29e3fb5b-cf62-45b5-b8bf-1ad500385fc6}" = "Shell Context Menu Handler for Application Manifests" -> {HKLM...CLSID} = "Shell Context Menu Handler for Application Manifests" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Mes dossiers de partage" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] "{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page" -> {HKLM...CLSID} = "Page de propriétés sans fil" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS] "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page" -> {HKLM...CLSID} = "Page des propriétés de la roulette" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS] "{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page" -> {HKLM...CLSID} = "Page des propriétés des activités" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS] "{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page" -> {HKLM...CLSID} = "Page des propriétés des boutons" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: "] <> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = ""ShellExecuteHook" von Microsoft AntiMalware" -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook" \InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> "AppInit_DLLs" = " sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> ComPlusSetup\DLLName = "C:\WINDOWS\System32\catsrvut.dll" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {B3AFAE44-F603-4456-808F-C9F8F0C76082}\(Default) = "Microsoft Digital Image Viewer Extension Column Provider" -> {HKLM...CLSID} = "CRawViewerExtension Class" \InProcServer32\(Default) = "C:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\CRawViewerExtension.dll" [MS] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}" -> {HKLM...CLSID} = "IMMenuShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\INCRED~1\bin\ImShExt.dll" ["IncrediMail, Ltd."] M2WShlExMenu\(Default) = "{DC6FA7E0-6666-11D5-8CE2-444553540000}" -> {HKLM...CLSID} = "MP3ToWave Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Acoustica MP3 To Wave Converter PLUS\M2WShlEx.dll" ["Acoustica"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ QuickFinderMenu\(Default) = "{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1}" -> {HKLM...CLSID} = "QuickFinder Shell Extension" \InProcServer32\(Default) = "C:\Corel\Suite8\Programs\PFSE80.DLL" ["Novell, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] MP3ToWave\(Default) = "{DC6FA7E0-6666-11D5-8CE2-444553540000}" -> {HKLM...CLSID} = "MP3ToWave Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Acoustica MP3 To Wave Converter PLUS\M2WShlEx.dll" ["Acoustica"] QuickFinderMenu\(Default) = "{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1}" -> {HKLM...CLSID} = "QuickFinder Shell Extension" \InProcServer32\(Default) = "C:\Corel\Suite8\Programs\PFSE80.DLL" ["Novell, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "CDRAutoRun" = (REG_BINARY) hex:00 00 00 00 {unrecognized setting} "NoNetHood" = (REG_BINARY) hex:01 00 00 00 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS] Startup items in "Standard" & "All Users" startup folders: ---------------------------------------------------------- C:\Documents and Settings\Standard\Menu Démarrer\Programmes\Démarrage "Adobe Gamma" -> shortcut to: "C:\Program Files\Fichiers communs\ADOBE\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "Alarm Manager" -> shortcut to: "C:\Program Files\Palm\AlarmApp.exe" ["Palm, Inc."] "DataViz Inc Messenger" -> shortcut to: "C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe" [null data] "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Enabled Scheduled Tasks: ------------------------ "Démarrage du programme de réglages" -> launches: "walign" [file not found] "WINALIGN" -> launches: "walign" [file not found] "MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS] "Maintenance-Nettoyage de disque" -> launches: "C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0" [file not found] "AE1015EE91BF87F6" -> launches: "c:\docume~1\standard\applic~1\atommi~1\Window active manager.exe" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: %SystemRoot%\system32\mswsock.dll [MS], 1 - 3 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] "{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2}" -> {HKLM...CLSID} = "Alcohol Toolbar" \InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2}" = "Alcohol Toolbar" -> {HKLM...CLSID} = "Alcohol Toolbar" \InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {FBD22D62-A803-11D3-8F03-00105A9965CA}\(Default) = (no title provided) -> {HKLM...CLSID} = "&EasyClick" \InProcServer32\(Default) = "C:\WINDOWS\E2BAR.DLL" ["Europe Explorer"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {HKLM...CLSID} = "Web Browser Applet Control" \InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> "MGINavigationCanceled" = "(empty string)" [file not found] <> "MGIWelcome" = "(empty string)" [file not found] <> "MGIOfflineInformation" = "(empty string)" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Active File Monitor V4, AdobeActiveFileMonitor4.0, "C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe" [null data] BitDefender Communicator, XCOMM, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"] BitDefender Scan Server, bdss, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data] BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service" ["SOFTWIN S.R.L."] ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] GhostStartService, GhostStartService, "C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE" ["Symantec Corporation"] HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"] StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe" ["Rocket Division Software"] Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt04\Driver = "hpzlnt04.dll" ["HP"] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] OLFax Ports\Driver = "OLFMNT40.DLL" [MS] PDF995 Monitor\Driver = "pdf995mon.dll" [null data] PrintMe Port\Driver = "PrintMeMon.dll" ["Electronics For Imaging, Inc."] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 115 seconds, including 9 seconds for message boxes) merci pour tout, @+

Utilisateur anonyme · Answer

Bonsoir

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les  manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer

1 Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

2 Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows. 
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp 
F2 - REG:system.ini: UserInit=userinit.exe, 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k 
O4 - HKCU\..\Run: [exitpure] C:\DOCUME~1\Standard\APPLIC~1\ATOMMI~1\BEND KNOB SIXTH.exe 
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll 
O11 - Options group: [INTERNATIONAL] International* 
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab 
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kdance23.spaces.msn.com//PhotoUpload/MsnPUpld.cab 
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab 
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www3.photoweb.fr/telechargement/Photoweb_uploader.cab 
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab 
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab 
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab 
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab 

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Documents and Settings\All Users\Application Data\Roam Book Less Trust 
C:\Documents and Settings\Standard\Application Data\AtomMixRegs 
C:\WINDOWS\Tasks\AE1015EE91BF87F6.job 

6 Lance le nettoyage avec CCleaner

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

7 Redémarre normalement

Poste un nouveau log HijackThis.

herbjane · Answer

Bonjour,

Tout d'abord je tiens à signaler qu'en ouvrant FireFox je n'ai plus eu de page s'ouvrant sous IE. Génial.

voici le nouveau rapport de HJ : 

Logfile of HijackThis v1.99.1
Scan saved at 12:05:12, on 14/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 

4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender 

Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan 

Server\bdss.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Documents and Settings\Standard\Mes documents\Ma 

musique\Volkey\Volkey.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\Palm\AlarmApp.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE 

ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet 

Settings,ProxyOverride = localhost
O2 - BHO: Alcohol Toolbar Helper - 

{52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program 

Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program 

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - 

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program 

Files\Fichiers communs\Microsoft Shared\Windows 

Live\WindowsLiveLogin.dll
O3 - Toolbar: Alcohol Toolbar - 

{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program 

Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers 

communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE 

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE 

TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program 

Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program 

Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [BDMCon] 

C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program 

Files\Softwin\BitDefender8\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] 

"C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program 

Files\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [Volkey] C:\Documents and Settings\Standard\Mes 

documents\Ma musique\Volkey\Volkey.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program 

Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program 

Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program 

Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft 

IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows 

Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TClockEx] C:\Program 

Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN 

Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" 

/nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" 

--force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers 

communs\ADOBE\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program 

Files\Palm\AlarmApp.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common 

Files\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - 

C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program 

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program 

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program 

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le 

cache Google - res://c:\program 

files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet 

Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet 

Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet 

Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet 

Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows 

Genuine Advantage Validation Tool) - 

http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall 

Control) - 

https://www.trendmicro.com/en_us/forHome/products/housecall.html

secall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan 

Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - 

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - 

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:  sockspy.dll sockspy.dll sockspy.dll sockspy.dll 

sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll 

sockspy.dll
O20 - Winlogon Notify: ComPlusSetup - 

C:\WINDOWS\System32\catsrvut.dll
O20 - Winlogon Notify: WgaLogon - 

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - 

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} - 

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program 

Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - 

Unknown owner - C:\Program Files\Adobe\Photoshop Elements 

4.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - 

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan 

Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program 

Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - 

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision 

Corporation - C:\Program Files\Fichiers 

communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - 

C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA 

Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division 

Software - C:\Program Files\Alcohol Soft\Alcohol 

52\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - 

C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - 

C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - 

C:\Program Files\Fichiers communs\Softwin\BitDefender 

Communicator\xcommsvr.exe" /service (file missing)

un grand merci

Utilisateur anonyme · Answer

Plus rien d'infectieux dans ce rapport  ; )

herbjane · Answer

Bonsoir et encore merci pour l'aide.
Puis-je savoir si l'infection était multiple ou était-ce dû à un seul malware  ?. Juste pour mieux comprendre.

@+

Utilisateur anonyme · Answer

Il s'agissait de Lop.
Cela s'attrape généralement avec le sponsor de Messenger Plus 3.

tellus · Answer

Bonjour à tous j'ai le même problème que ceux qui ont posté ici à savoir une page web s'ouvrant toute seule quand je surfe sur le net. J'ai essayé de m'en débarasser avec tous les anti-spywares connus mais rien n'y fait.
Voici mon rapport Hijack This :

Logfile of HijackThis v1.99.1
Scan saved at 22:22:06, on 18/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWSunservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\RamBoost XPambxpfr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sosconnexion.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Program For Team Heck] C:\Documents and Settings\All Users\Application Data\Online Seek Program For\Date win.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [clock okay] C:\DOCUME~1\Tellus\APPLIC~1\OBJLIV~1\Skip tool.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XPambxpfr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWSunservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Merci d'avance de votre aide

Page web s'ouvrant toute seule

27 réponses

Discussions similaires

Newsletters