pb avec explorer.exe

[tuff2]

Re,

 

Je ne ferai pas cela ce soir par manque de temps mais ce week end ce sera fait.

 

Merci +

[bruce lee]

Re,

 

Fait ca quand tu le peux. La manip dur a peine 5 minutes

 

@+

[tuff2]

Bonjour,

 

Donc voilà je vous poste le dernier rapport fait par smithfraud ci-dessous, après avoir installer les mise à jour.

 

 

SmitFraudFix v2.171

 

Rapport fait à 14:48:47,14, 22/04/2007

Executé à partir de F:\spy ware\Smitfraud\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\RemoteControlService.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\LiteStep\litestep.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David Chotard

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David Chotard\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVIDC~1\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"system"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.1.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{82CDF756-8C8A-4FA8-BEFA-B24EAC67CCFE}: DhcpNameServer=85.255.116.41,85.255.112.125

HKLM\SYSTEM\CCS\Services\Tcpip\..\{99AD3368-FD68-4D9D-AD96-3094B15B40A2}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}: DhcpNameServer=85.255.116.41,85.255.112.125

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}: DhcpNameServer=85.255.116.41,85.255.112.125

HKLM\SYSTEM\CS1\Services\Tcpip\..\{82CDF756-8C8A-4FA8-BEFA-B24EAC67CCFE}: DhcpNameServer=85.255.116.41,85.255.112.125

HKLM\SYSTEM\CS1\Services\Tcpip\..\{99AD3368-FD68-4D9D-AD96-3094B15B40A2}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}: DhcpNameServer=85.255.116.41,85.255.112.125

HKLM\SYSTEM\CS1\Services\Tcpip\..\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}: DhcpNameServer=85.255.116.41,85.255.112.125

HKLM\SYSTEM\CS3\Services\Tcpip\..\{82CDF756-8C8A-4FA8-BEFA-B24EAC67CCFE}: DhcpNameServer=85.255.116.41,85.255.112.125

HKLM\SYSTEM\CS3\Services\Tcpip\..\{99AD3368-FD68-4D9D-AD96-3094B15B40A2}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}: DhcpNameServer=85.255.116.41,85.255.112.125

HKLM\SYSTEM\CS3\Services\Tcpip\..\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}: DhcpNameServer=85.255.116.41,85.255.112.125

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

[bruce lee]

Bonjour,

 

Ok. Tu as du wareout.

 

Telecharge la version original de hijackThis http://www.merijn.org/files/hijackthis.zip

 

Déconnecte toi du net et installe le sur ton bureau

 

Lance le en cliquant sur Do a system scan and save a logfile a la fin du scan le bloc note va s'ouvrir tu fais un copier coller de tout son contenu.

[tuff2]

Re,

 

Voici le sca, avec HJT :

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:48:09, on 22/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\RemoteControlService.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\LiteStep\litestep.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\Rar$EX00.171\HijackThis.exe

C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\Rar$EX18.078\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [dragonsayenprocessus] C:\Documents and Settings\David Chotard\Mes documents\Mes fichiers reçus\Dragonsayenprocessus.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O4 - Global Startup: explorer.lnk = C:\WINDOWS\explorer.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: litestep.lnk = C:\LiteStep\litestep.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

[bruce lee]

Re,

 

Télécharge RegSearch.exe (Registry Search de Bobbi Flekman) -> http://www.bleepingcomputer.com/files/misc/RegSearch.zip

- Dézippe dans un répertoire dédié tel que C:\Program Files

 

- Double clique sur RegSearch.exe

 

- Copie colle {82CDF756-8C8A-4FA8-BEFA-B24EAC67CCFE} dans la première ligne de la zone de recherche

 

- Clique sur OK

 

- Après recherche, le bloc-notes ouvre une fenêtre "RegSearch.txt" avec toutes les instances trouvées

 

- Le fichier est en outre sauvegardé dans le même répertoire que celui de RegSearch

 

- Copie-colle le contenu de la fenêtre dans un post, ici

 

- Ferme le bloc-notes

 

- Ferme RegSearch par Cancel

 

Poste le rapport.

 

Fais la même manip avec {AAAF551F-A102-425D-A6DE-E0F269CAAFB1} comme recherche puis poste le rapport.

 

Refais une derniere fois la manip (promit c'est la derniere fois ^^) avec {F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72} puis poste le rapport.

 

@+

[ph1ph1l0u]

---

Modifié le 20 février 2015 par ph1ph1l0u

[bruce lee]

Salut philipped94,

 

Sur le rapport smitfraudfix il y a :

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}: DhcpNameServer=85.255.116.41,85.255.112.125

 

 

Une recherche sur 85.255.116.41 indique :

 

85.255.112.0 - 85.255.127.255

Inhoster hosting company

OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine

 

Andrei Kislizin

OOO Inhoster,

ul.Antonova 5, Kiev,

03186, Ukraine

 

et ca c'est wareout

 

 

Ici, c'est un peu bizarre car normalement HijackThis devrait nous montrer wareout et ce n'est pas le cas.

 

Si tu as d'autres questions, merci d'utiliser les MPs

 

P.S : pour faire la recherche tu vas sur ce site : http://www.all-nettools.com/toolbox et tu copies/colles 85.255.116.41 sous SmartWhois

[tuff2]

Bonjour,

 

Bon c'est bon j'ai fais les scan que tu m'as demandé, je te les poste

 

 

REGEDIT4

 

; Registry Search by Bobbi Flekman © 2005

; Version: 1.0.2.4

 

; Results at 22/04/2007 21:24:11 for strings:

; '{82cdf756-8c8a-4fa8-befa-b24eac67ccfe}'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{82CDF756-8C8A-4FA8-BEFA-B24EAC67CCFE}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{82CDF756-8C8A-4FA8-BEFA-B24EAC67CCFE}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{82CDF756-8C8A-4FA8-BEFA-B24EAC67CCFE}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{82CDF756-8C8A-4FA8-BEFA-B24EAC67CCFE}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{82CDF756-8C8A-4FA8-BEFA-B24EAC67CCFE}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82CDF756-8C8A-4FA8-BEFA-B24EAC67CCFE}]

 

; End Of The Log...

 

 

 

 

 

REGEDIT4

 

; Registry Search by Bobbi Flekman © 2005

; Version: 1.0.2.4

 

; Results at 22/04/2007 21:34:46 for strings:

; '{aaaf551f-a102-425d-a6de-e0f269caafb1}'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\15]

"ServiceName"="{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}14]

"NetCfgInstanceId"="{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

"SymbolicLink"="\\\\?\\V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Control]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Connection]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\5]

"InterfaceName"="{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Parameters\Tcpip]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}14]

"NetCfgInstanceId"="{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

"SymbolicLink"="\\\\?\\V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Connection]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RemoteAccess\Interfaces\5]

"InterfaceName"="{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Parameters\Tcpip]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}14]

"NetCfgInstanceId"="{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

"SymbolicLink"="\\\\?\\V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#V1394#NIC1394#36a044be01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Control]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Connection]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\5]

"InterfaceName"="{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{AAAF551F-A102-425D-A6DE-E0F269CAAFB1}\Parameters\Tcpip]

 

; End Of The Log...

 

 

 

 

 

REGEDIT4

 

; Registry Search by Bobbi Flekman © 2005

; Version: 1.0.2.4

 

; Results at 22/04/2007 21:41:24 for strings:

; '{f325bc6f-f902-44d7-adc7-4acefe3c3a72}'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}03]

"NetCfgInstanceId"="{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

"SymbolicLink"="\\\\?\\SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}\Connection]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}\Parameters\Tcpip]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}03]

"NetCfgInstanceId"="{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

"SymbolicLink"="\\\\?\\SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}\Connection]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}\Parameters\Tcpip]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}03]

"NetCfgInstanceId"="{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

"SymbolicLink"="\\\\?\\SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}\Connection]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{F325BC6F-F902-44D7-ADC7-4ACEFE3C3A72}\Parameters\Tcpip]

 

; End Of The Log...

 

 

 

 

 

 

Merci pour votre aide

[JANGO-FEET]

salut bruce lee,

 

y devrais pas effacer sa:

 

O4 - Global Startup: explorer.lnk = C:\WINDOWS\explorer.exe

 

sur son dernier HijackThis??