Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e)

Bonjour,

 

Je viens de parcourir la partie sécurité du forum et j'ai appliqué la recette contenue dans le message du dimanche 24 avril 2005 à 02h26 appelé "popup intempestif".

 

Malheureusement j'ai toujours le problème suivant : mon ordinateur tourne au ralenti, je n'ai plus la main sur l'image de mon bureau qui m'affiche : "a fatal error in IE has occured at 0028:COO11E36 in VXD VMM<01> + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c" (sur fond bleu).

 

Avant ça j'avais aussi des popup intempestifs qui voulaient me vendre des anti spyware.

 

Si quelqu'un peut m'aider, je l'en remercie par avance.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:24:09, on 01/05/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Soft4Ever\looknstop\_looknstop.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\Mixer.exe

C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\bsw.exe

C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Macmaltr\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.qfind.net/search.php?qq=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize

O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Efface Historique 2.0] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [service Host] C:\WINDOWS\System32\Services\{0C6B9EE7-2CEA-4311-B7AF-C8B06B14B597}\SVCHOST.EXE

O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe

O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Harmony Monitor.lnk = C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Microsoft AntiSpyware helper - {83921BF4-EE79-4937-9432-BA894F1E842C} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {83921BF4-EE79-4937-9432-BA894F1E842C} - (no file) (HKCU)

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/4Nr7ehNJk-WCYvJZkVE6WXg.chm::/on-line.exe

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.171.149/5/s1//q.chm::/file.exe

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104086761564

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

Posté(e)

Bonjour jjboost, bonjour à tous,

 

Bienvenue sur Zebulon -Sécurité !

 

Télécharge ce fichier

http://www.silentrunners.org/Silent%20Runners.zip

 

Une fois téléchargé,tu le dézippes dans un dossier dédié.

Puis tu double cliques sur ce fichier,il va travailler,patiente jusqu'à l'affichage d'un méssage.

Un log est généré dans le meme dossier,colle le log ici.

Posté(e)

"Silent Runners.vbs", revision 36, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"WindowsFY" = "c:\bsw.exe" [null data]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"notepad.exe" = "msmsgs.exe" [null data]

"winlogon.exe" = "msole32.exe" [file not found]

"notepad2.exe" = "popuper.exe" [file not found]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"KAVPersonal50" = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize" ["Kaspersky Lab"]

"Look 'n' Stop" = ""C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto" [null data]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]

"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]

"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"Efface Historique 2.0" = "C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s" [null data]

"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"Service Host" = "C:\WINDOWS\System32\Services\{0C6B9EE7-2CEA-4311-B7AF-C8B06B14B597}\SVCHOST.EXE" [file not found]

"MSN Messenger" = "C:\WINDOWS\System32\msmsgs.exe" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = "AcroIEToolbarHelper Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{8F7261D0-D2B9-11D2-9909-00605205B24C}" = "CuteFTP Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\GlobalSCAPE\CuteFTP\Cuteshell.dll" ["GlobalSCAPE, Inc."]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

INFECTION WARNING! "Shell" = "explorer.exe, msmsgs.exe" [file not found]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

 

 

Enabled Wallpaper and Active Desktop:

-------------------------------------

 

Active Desktop is disabled.

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\wp.bmp"

 

 

Startup items in "Macmaltr" & "All Users" startup folders:

----------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Assistant d'Acrobat" -> shortcut to: "C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]

"Harmony Monitor" -> shortcut to: "C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe" ["Intrigue Technologies Inc"]

"NkbMonitor.exe" -> shortcut to: "C:\Program Files\Nikon\PictureProject\NkbMonitor.exe" ["Nikon Corporation"]

"Pinnacle Scheduler" -> shortcut to: "C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe" ["Pinnacle Systems GmbH, Braunschweig"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {CLSID}\(Default) = "Adobe PDF"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {CLSID}\(Default) = "Adobe PDF"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {CLSID}\(Default) = "Yahoo! Companion"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {CLSID}\(Default) = "Adobe PDF"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {CLSID}\(Default) = "Yahoo! Companion"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\

-> {CLSID}\(Default) = "Adobe PDF"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

Dormant Explorer Bars in "View, Explorer Bar" menu

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\

(Default) = "&Rechercher"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKCU\Software\Microsoft\Internet Explorer\Extensions\

{83921BF4-EE79-4937-9432-BA894F1E842C}\

"ButtonText" = "Microsoft AntiSpyware helper"

"MenuText" = "Microsoft AntiSpyware helper"

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Recherche"

 

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\

"ButtonText" = "ICQ 4.1"

"MenuText" = "ICQ Lite"

"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]

iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]

kavsvc, kavsvc, "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe" ["Kaspersky Lab"]

 

 

----------

This report excludes default entries except where indicated.

To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

----------

Posté(e) (modifié)

Bonjour jjpost, bonjour à tous,

 

Imprime ou sauvegarde cette page,toutes les corrections devront etre faites hors connexion.

 

-1-Télécharge les outils suivants

 

CleanUp

http://cleanup.stevengould.org/

 

CWShredder

http://cwshredder.net/bin/CWShredder.exe

 

Lopremover

http://www.thespykiller.co.uk/files/lopremover.exe

 

DelDomains INF

http://www.mvps.org/winhelp2002/DelDomains.inf

 

-2-Désinstalle via Ajout/suppression des programmes du panneau de configuration ,le programme suivant.(s'il est présent)

- IGuard

 

-3-Assure toi d'avoir accés à tous les fichiers.

Poste de travail

Menu "Outils", "Option des dossiers", onglet "Affichage" :

Activer la case : "Afficher les fichiers et dossiers cachés"

Désactiver la case : "Masquer les extensions des fichiers dont le type est connu"

Désactiver la case : "Masquer les fichiers protégés du système d'exploitation"

Puis "Appliquer".

 

-4-Termine le processus suivant.

bsw.exe

Appuyer simultanement sur les touches Ctrl+Alt+supp-->le gestionnaire des taches s'ouvre-->onglet processus--->terminer processus.

 

-5-Lance Hijackthis,scan,et coche les lignes en gras ci-dessous.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.qfind.net/search.php?qq=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize

O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Efface Historique 2.0] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [service Host] C:\WINDOWS\System32\Services\{0C6B9EE7-2CEA-4311-B7AF-C8B06B14B597}\SVCHOST.EXE

O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe

O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Harmony Monitor.lnk = C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Microsoft AntiSpyware helper - {83921BF4-EE79-4937-9432-BA894F1E842C} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {83921BF4-EE79-4937-9432-BA894F1E842C} - (no file) (HKCU)

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/4Nr7ehNJk-WCYvJZkVE6WXg.chm::/on-line.exe

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.171.149/5/s1//q.chm::/file.exe

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104086761564

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

 

-6-Ferme toutes les fenetres Internet Explorer,Outlook Express sauf Hijackthis,puis clique sur "Fix checked"

 

-7-Redémarre en mode sans echec.

Comment démarrer Windows XP en mode sans échec

 

-8-Supprime les fichiers suivants. Fais trés attention,applique toi !

 

.C:\bsw.exe<-le fichier

 

.C:\foo.mht<-le fichier

 

.C:\tsk.mht!<-le fichier

 

.C:\WINDOWS\System32\Services <-le dossier (C'est ici,que tu dois faire trés attention,ne touche pas au bon qui est C:\WINDOWS\system32\services.exe )

 

.C:\WINDOWS\System32\msmsgs.exe<-le fichier

 

-9-Lance et éxécute CleanUp

 

-10-Redémarre en mode sans echec

 

-11-Passe CWShredder.

--installer CWShredder dans un répertoire dédié

-- fermer toutes les fenêtres

-- lancer CWShredder et cliquer sur "Fix".

 

-12-Clic droit sur deldomains.inf-->Installer

 

-13-Passer l'outil lopremover.exe

 

-14-Redémarre normalement et poste un nouveau rapport Hijackthis,ainsi que le rapport de SilentRunners.

 

Installe Hijackthis correctement,sous C,par exemple,pas sur le bureau,ni dans temp.

Modifié par queruak
Posté(e)

Je viens de terminer la procedure.

 

Je n'ai pas trouvé :

 

.C:\foo.mht

.C:\tsk.mht!

 

.C\WINDOWS\Ststem32\Services

 

... par conséquent, pas suprimés.

 

Sinon le reste des opérations s'est déroulé sans problème.

 

Mon écran est toujours bleu avec le même message.

 

Voici les rapports :

 

Logfile of HijackThis v1.99.1

Scan saved at 13:16:30, on 02/05/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Soft4Ever\looknstop\_looknstop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe

C:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize

O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Efface Historique 2.0] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Harmony Monitor.lnk = C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Microsoft AntiSpyware helper - {83921BF4-EE79-4937-9432-BA894F1E842C} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {83921BF4-EE79-4937-9432-BA894F1E842C} - (no file) (HKCU)

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104086761564

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

 

et celui de SilentRunners

 

 

"Silent Runners.vbs", revision 36, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"notepad.exe" = "msmsgs.exe" [file not found]

"winlogon.exe" = "msole32.exe" [file not found]

"notepad2.exe" = "popuper.exe" [file not found]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"KAVPersonal50" = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize" ["Kaspersky Lab"]

"Look 'n' Stop" = ""C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto" [null data]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]

"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]

"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"Efface Historique 2.0" = "C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s" [null data]

"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = "AcroIEToolbarHelper Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{8F7261D0-D2B9-11D2-9909-00605205B24C}" = "CuteFTP Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\GlobalSCAPE\CuteFTP\Cuteshell.dll" ["GlobalSCAPE, Inc."]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

 

 

Enabled Wallpaper and Active Desktop:

-------------------------------------

 

Active Desktop is disabled.

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\wp.bmp"

 

 

Startup items in "Macmaltr" & "All Users" startup folders:

----------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Assistant d'Acrobat" -> shortcut to: "C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]

"Harmony Monitor" -> shortcut to: "C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe" ["Intrigue Technologies Inc"]

"NkbMonitor.exe" -> shortcut to: "C:\Program Files\Nikon\PictureProject\NkbMonitor.exe" ["Nikon Corporation"]

"Pinnacle Scheduler" -> shortcut to: "C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe" ["Pinnacle Systems GmbH, Braunschweig"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {CLSID}\(Default) = "Adobe PDF"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {CLSID}\(Default) = "Adobe PDF"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {CLSID}\(Default) = "Adobe PDF"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\

-> {CLSID}\(Default) = "Adobe PDF"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

Dormant Explorer Bars in "View, Explorer Bar" menu

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\

(Default) = "&Rechercher"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKCU\Software\Microsoft\Internet Explorer\Extensions\

{83921BF4-EE79-4937-9432-BA894F1E842C}\

"ButtonText" = "Microsoft AntiSpyware helper"

"MenuText" = "Microsoft AntiSpyware helper"

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Recherche"

 

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\

"ButtonText" = "ICQ 4.1"

"MenuText" = "ICQ Lite"

"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]

iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]

kavsvc, kavsvc, "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe" ["Kaspersky Lab"]

 

 

----------

This report excludes default entries except where indicated.

To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

----------

Posté(e)

Rebonjour,

 

-Télécharge cet outil

Pocket KillBox d'ici:

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Une fois téléchargé,tu le dezippes sur ton buraeu.

 

Il n'est pas nécéssaire pour le moment,mais nous pourrions y avoir recours si certains fichiers à supprimer se révelent récalcitrants.

 

 

-Assure toi d'avoir accés à tous les fichiers(comme indiqué précedemment)

 

-Redémarre en mode sans echec.

 

-Supprime les fichiers suivants:

 

.C:\wp.bmp<-le fichier

 

Toujours en mode sans echec,fais une recherche sur les fichiers suivants:

.msole32.exe

.popuper.exe

 

A titre d'indication:

-msole32.exe est d'habitude dans C:\WINDOWS\system32\msole32.exe

-popuper.exe est dans C:\WINDOWS\popuper.exe

 

Une fois localisés,tu les supprimes,si echec,tu notes s'il te plait le chemin complet et tu le communiques.

 

Une fois que tu auras supprimé tous ces fichiers,vide la corbeille.

 

-Redémarre,poste un nouveau log de silentrunners.

 

-Communique les résultats,

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...