Popup intempest. [ihecdujsnb] et mailskinner?
geedoo
Messages postés
5
Statut
Membre
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
bonjour à vous tous anges du net,
Tout a commencé par des popups intempestives que rien ne bloquait.
Séb08 a fournit une marche à suivre pour quelque chose de très similaire, j'ai reproduit scrupuleusement les manips et les fenêtres se sont tûes:
pop up probleme de pop up svp#8
Mais voilà, selon le log de BFU (point2 des manips) il semble y avoir des traces d'autres bêbêtes malveillantes, et comme je ne comprends pas si BFU a seulement détecté ou détecté et supprimé (failed: ... file not found)...
J'ai ajouté à la fin de ce post le log de HijackThis, qui mentionne entre autres une trace dans le registre du "[ihecdujsnb] c:\windows\system32\ihecdujsnb.exe ihecdujsnb" supprimé
Puis je bénéficier de vos conseils chers amis pour savoir que faire ?
-début des manips-
1. identification du pb avec F-Secure BlackLight:
05/13/07 23:43:48 [Info]: BlackLight Engine 1.0.61 initialized
05/13/07 23:43:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/13/07 23:43:48 [Note]: 7019 4
05/13/07 23:43:48 [Note]: 7005 0
05/13/07 23:43:58 [Note]: 7006 0
05/13/07 23:43:58 [Note]: 7011 596
05/13/07 23:43:58 [Note]: 7026 0
05/13/07 23:43:58 [Note]: 7026 0
05/13/07 23:43:58 [Note]: 7024 3
05/13/07 23:43:58 [Info]: Hidden process: C:\windows\system32\ihecdujsnb.exe
05/13/07 23:43:59 [Note]: FSRAW library version 1.7.1021
05/13/07 23:46:10 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb.dat
05/13/07 23:46:10 [Note]: 10002 1
05/13/07 23:46:10 [Info]: Hidden file: C:\windows\system32\ihecdujsnb.exe
05/13/07 23:46:10 [Note]: 10002 1
05/13/07 23:46:11 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb_nav.dat
05/13/07 23:46:11 [Note]: 10002 1
05/13/07 23:46:11 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb_navps.dat
05/13/07 23:46:11 [Note]: 10002 1
05/13/07 23:46:52 [Note]: 2000 1012
05/14/07 00:39:44 [Note]: 7007 0
2. exécution de BFU avec EGDACCESS.bfu:
BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 02:19:27, on 14/05/2007
Option Delete files to Recycle Bin: Yes
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MC (key not found)
Failed: RegDelValue HKCU\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0|ELECTRONIC GROUP (key not found)
Failed: DllUnregister C:\WINDOWS\system32\MSWBM32.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MailSkinner\OESkinner.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\HotTVPlayer.dll|1 (file not found)
Failed: FolderDelete C:\Program Files\dialpass (folder not found)
Failed: FolderDelete C:\Program Files\eghtmldialer (folder not found)
Failed: FolderDelete C:\Program Files\egroup (folder not found)
Failed: FolderDelete C:\Program Files\Instant Access (folder not found)
Failed: FolderDelete C:\Program Files\MailSkinner (folder not found)
Failed: FolderDelete C:\Program Files\InternetGameBox (folder not found)
Failed: FolderDelete C:\Program Files\GoRecord2 (folder not found)
Failed: FolderDelete C:\Program Files\GoAstro (folder not found)
Failed: FolderDelete C:\Program Files\WebMediaPlayer (folder not found)
Failed: FolderDelete C:\Program Files\MessengerSkinner (folder not found)
Failed: DllUnregister C:\WINDOWS\mslagent\2_mslagent.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\navmpc\2_navmpc.dll|1 (file not found)
Failed: FolderDelete C:\WINDOWS\mslagent (folder not found)
Failed: FolderDelete C:\WINDOWS\navmpc (folder not found)
Failed: FolderDelete C:\WINDOWS\msskinner (folder not found)
Failed: FolderDelete C:\WINDOWS\wintrim (folder not found)
Failed: FolderDelete C:\WINDOWS\wincomp (folder not found)
Failed: FolderDelete C:\WINDOWS\winmgts (folder not found)
Failed: FolderDelete C:\WINDOWS\simcss (folder not found)
Failed: FolderDelete C:\WINDOWS\mc (folder not found)
Failed: FileDelete C:\DOCUME~1\jean-do\LOCALS~1\Temp\RTEGPRS.rlg (operation failed)
Failed: FileDelete C:\DOCUME~1\jean-do\LOCALS~1\Temp\~DF4F29.tmp (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\TMP000000592AD17E110CCA7C19 (operation failed)
Script completed.
3. renomer les fichiers avec BlackLight:
05/14/07 02:24:45 [Info]: BlackLight Engine 1.0.61 initialized
05/14/07 02:24:45 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/14/07 02:24:46 [Note]: 7019 4
05/14/07 02:24:46 [Note]: 7005 0
05/14/07 02:24:48 [Note]: 7006 0
05/14/07 02:24:48 [Note]: 7011 596
05/14/07 02:24:48 [Note]: 7026 0
05/14/07 02:24:48 [Note]: 7026 0
05/14/07 02:24:48 [Note]: 7024 3
05/14/07 02:24:48 [Info]: Hidden process: C:\windows\system32\ihecdujsnb.exe
05/14/07 02:24:49 [Note]: FSRAW library version 1.7.1021
05/14/07 02:27:10 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb.dat
05/14/07 02:27:10 [Note]: 10002 1
05/14/07 02:27:11 [Info]: Hidden file: C:\windows\system32\ihecdujsnb.exe
05/14/07 02:27:11 [Note]: 10002 1
05/14/07 02:27:11 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb_nav.dat
05/14/07 02:27:11 [Note]: 10002 1
05/14/07 02:27:11 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb_navps.dat
05/14/07 02:27:11 [Note]: 10002 1
05/14/07 02:27:58 [Note]: 2000 1012
05/14/07 02:30:55 [Note]: 7007 0
4. redémarrage, suppression des fichiers *.*.ren et vérif avec BlackLight:
05/14/07 02:38:03 [Info]: BlackLight Engine 1.0.61 initialized
05/14/07 02:38:03 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/14/07 02:38:04 [Note]: 7019 4
05/14/07 02:38:04 [Note]: 7005 0
05/14/07 02:38:07 [Note]: 7006 0
05/14/07 02:38:07 [Note]: 7011 508
05/14/07 02:38:07 [Note]: 7026 0
05/14/07 02:38:07 [Note]: 7026 0
05/14/07 02:38:08 [Note]: FSRAW library version 1.7.1021
05/14/07 02:40:47 [Note]: 2000 1012
05/14/07 02:40:47 [Note]: 2000 1012
05/14/07 02:41:01 [Note]: 7007 0
-Fin des manips-
Logfile of HijackThis v1.99.1
Scan saved at 11:55:40, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [ihecdujsnb] c:\windows\system32\ihecdujsnb.exe ihecdujsnb
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Tout a commencé par des popups intempestives que rien ne bloquait.
Séb08 a fournit une marche à suivre pour quelque chose de très similaire, j'ai reproduit scrupuleusement les manips et les fenêtres se sont tûes:
pop up probleme de pop up svp#8
Mais voilà, selon le log de BFU (point2 des manips) il semble y avoir des traces d'autres bêbêtes malveillantes, et comme je ne comprends pas si BFU a seulement détecté ou détecté et supprimé (failed: ... file not found)...
J'ai ajouté à la fin de ce post le log de HijackThis, qui mentionne entre autres une trace dans le registre du "[ihecdujsnb] c:\windows\system32\ihecdujsnb.exe ihecdujsnb" supprimé
Puis je bénéficier de vos conseils chers amis pour savoir que faire ?
-début des manips-
1. identification du pb avec F-Secure BlackLight:
05/13/07 23:43:48 [Info]: BlackLight Engine 1.0.61 initialized
05/13/07 23:43:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/13/07 23:43:48 [Note]: 7019 4
05/13/07 23:43:48 [Note]: 7005 0
05/13/07 23:43:58 [Note]: 7006 0
05/13/07 23:43:58 [Note]: 7011 596
05/13/07 23:43:58 [Note]: 7026 0
05/13/07 23:43:58 [Note]: 7026 0
05/13/07 23:43:58 [Note]: 7024 3
05/13/07 23:43:58 [Info]: Hidden process: C:\windows\system32\ihecdujsnb.exe
05/13/07 23:43:59 [Note]: FSRAW library version 1.7.1021
05/13/07 23:46:10 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb.dat
05/13/07 23:46:10 [Note]: 10002 1
05/13/07 23:46:10 [Info]: Hidden file: C:\windows\system32\ihecdujsnb.exe
05/13/07 23:46:10 [Note]: 10002 1
05/13/07 23:46:11 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb_nav.dat
05/13/07 23:46:11 [Note]: 10002 1
05/13/07 23:46:11 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb_navps.dat
05/13/07 23:46:11 [Note]: 10002 1
05/13/07 23:46:52 [Note]: 2000 1012
05/14/07 00:39:44 [Note]: 7007 0
2. exécution de BFU avec EGDACCESS.bfu:
BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 02:19:27, on 14/05/2007
Option Delete files to Recycle Bin: Yes
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MC (key not found)
Failed: RegDelValue HKCU\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0|ELECTRONIC GROUP (key not found)
Failed: DllUnregister C:\WINDOWS\system32\MSWBM32.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MailSkinner\OESkinner.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\HotTVPlayer.dll|1 (file not found)
Failed: FolderDelete C:\Program Files\dialpass (folder not found)
Failed: FolderDelete C:\Program Files\eghtmldialer (folder not found)
Failed: FolderDelete C:\Program Files\egroup (folder not found)
Failed: FolderDelete C:\Program Files\Instant Access (folder not found)
Failed: FolderDelete C:\Program Files\MailSkinner (folder not found)
Failed: FolderDelete C:\Program Files\InternetGameBox (folder not found)
Failed: FolderDelete C:\Program Files\GoRecord2 (folder not found)
Failed: FolderDelete C:\Program Files\GoAstro (folder not found)
Failed: FolderDelete C:\Program Files\WebMediaPlayer (folder not found)
Failed: FolderDelete C:\Program Files\MessengerSkinner (folder not found)
Failed: DllUnregister C:\WINDOWS\mslagent\2_mslagent.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\navmpc\2_navmpc.dll|1 (file not found)
Failed: FolderDelete C:\WINDOWS\mslagent (folder not found)
Failed: FolderDelete C:\WINDOWS\navmpc (folder not found)
Failed: FolderDelete C:\WINDOWS\msskinner (folder not found)
Failed: FolderDelete C:\WINDOWS\wintrim (folder not found)
Failed: FolderDelete C:\WINDOWS\wincomp (folder not found)
Failed: FolderDelete C:\WINDOWS\winmgts (folder not found)
Failed: FolderDelete C:\WINDOWS\simcss (folder not found)
Failed: FolderDelete C:\WINDOWS\mc (folder not found)
Failed: FileDelete C:\DOCUME~1\jean-do\LOCALS~1\Temp\RTEGPRS.rlg (operation failed)
Failed: FileDelete C:\DOCUME~1\jean-do\LOCALS~1\Temp\~DF4F29.tmp (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\TMP000000592AD17E110CCA7C19 (operation failed)
Script completed.
3. renomer les fichiers avec BlackLight:
05/14/07 02:24:45 [Info]: BlackLight Engine 1.0.61 initialized
05/14/07 02:24:45 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/14/07 02:24:46 [Note]: 7019 4
05/14/07 02:24:46 [Note]: 7005 0
05/14/07 02:24:48 [Note]: 7006 0
05/14/07 02:24:48 [Note]: 7011 596
05/14/07 02:24:48 [Note]: 7026 0
05/14/07 02:24:48 [Note]: 7026 0
05/14/07 02:24:48 [Note]: 7024 3
05/14/07 02:24:48 [Info]: Hidden process: C:\windows\system32\ihecdujsnb.exe
05/14/07 02:24:49 [Note]: FSRAW library version 1.7.1021
05/14/07 02:27:10 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb.dat
05/14/07 02:27:10 [Note]: 10002 1
05/14/07 02:27:11 [Info]: Hidden file: C:\windows\system32\ihecdujsnb.exe
05/14/07 02:27:11 [Note]: 10002 1
05/14/07 02:27:11 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb_nav.dat
05/14/07 02:27:11 [Note]: 10002 1
05/14/07 02:27:11 [Info]: Hidden file: c:\WINDOWS\system32\ihecdujsnb_navps.dat
05/14/07 02:27:11 [Note]: 10002 1
05/14/07 02:27:58 [Note]: 2000 1012
05/14/07 02:30:55 [Note]: 7007 0
4. redémarrage, suppression des fichiers *.*.ren et vérif avec BlackLight:
05/14/07 02:38:03 [Info]: BlackLight Engine 1.0.61 initialized
05/14/07 02:38:03 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/14/07 02:38:04 [Note]: 7019 4
05/14/07 02:38:04 [Note]: 7005 0
05/14/07 02:38:07 [Note]: 7006 0
05/14/07 02:38:07 [Note]: 7011 508
05/14/07 02:38:07 [Note]: 7026 0
05/14/07 02:38:07 [Note]: 7026 0
05/14/07 02:38:08 [Note]: FSRAW library version 1.7.1021
05/14/07 02:40:47 [Note]: 2000 1012
05/14/07 02:40:47 [Note]: 2000 1012
05/14/07 02:41:01 [Note]: 7007 0
-Fin des manips-
Logfile of HijackThis v1.99.1
Scan saved at 11:55:40, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [ihecdujsnb] c:\windows\system32\ihecdujsnb.exe ihecdujsnb
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
A voir également:
- Popup intempest. [ihecdujsnb] et mailskinner?
- Fake mcafee popup - Accueil - Piratage
- Firefox autoriser popup - Guide
- Real popup - Télécharger - Divers Réseau & Wi-Fi
- Popup cookies - Guide
- Windows webadvisor popup ✓ - Forum Antivirus
