Ouverture popup intempestive

[goldmund]

Bonjour,

 

Depuis quelques jours, sur un de mes pc, j'ai des fenêtres de pub qui s'ouvrent avec I.E. alors que j'utilise par défaut Firefox. J'ai scanner avec HijackThis v1.99.1 et voici le rapport :

 

Logfile of HijackThis v1.99.1

Scan saved at 13:50:58, on 15/05/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Documents and Settings\GoLdAnGinA\Application Data\orot.exe

C:\WINDOWS\System32\??chost.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

E:\A supprimer\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {60FDBC26-05C0-563A-CEAB-79D20FDDD8C6} - C:\WINDOWS\System32\iior.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [install_BlueDSL] G:\Install.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"

O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Elme] C:\Documents and Settings\GoLdAnGinA\Application Data\orot.exe

O4 - HKCU\..\Run: [Ybrnczoi] C:\WINDOWS\System32\??chost.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114967853164

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab

O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)

O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)

 

J'ai aussi passé AdAware et SpyBot, mais rien n'y fait.

 

Merci de m'éclairer

[queruak]

Bonjour goldmund, bonjour à tous,

 

Bienvenue sur Zebulon-Sécurité !

 

Je regarde ton rapport,réponse dans quelques instants.

[queruak]

Rebonjour,

 

-1-Télécharge et installe CleanUp!

http://cleanup.stevengould.org/

 

-2-Assure toi d'avoir accés à tous les fichiers.

Poste de travail

Menu "Outils", "Option des dossiers", onglet "Affichage" :

Activer la case : "Afficher les fichiers et dossiers cachés"

Désactiver la case : "Masquer les extensions des fichiers dont le type est connu"

Désactiver la case : "Masquer les fichiers protégés du système d'exploitation"

Puis "Appliquer".

 

-3-Termine le(s) processus suivant(s).

-orot.exe

-??chost.exe

Appuyer simultanement sur les touches Ctrl+Alt+supp-->le gestionnaire des taches s'ouvre-->onglet processus--->terminer processus.

 

-4-Lance Hijackthis,scan,et coche les lignes en gras ci-dessous.

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {60FDBC26-05C0-563A-CEAB-79D20FDDD8C6} - C:\WINDOWS\System32\iior.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [install_BlueDSL] G:\Install.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"

O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Elme] C:\Documents and Settings\GoLdAnGinA\Application Data\orot.exe

O4 - HKCU\..\Run: [Ybrnczoi] C:\WINDOWS\System32\??chost.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114967853164

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab

O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)

O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)

 

-5-Ferme toutes les fenetres Internet Explorer,Outlook Express sauf Hijackthis,puis clique sur "Fix checked"

 

-6-Redémarre en mode sans echec.

Comment démarrer Windows XP en mode sans échec

 

-7-Supprime les fichiers suivants.

 

C:\Documents and Settings\GoLdAnGinA\Application Data\orot.exe<-le fichier

 

C:\WINDOWS\System32\??chost.exe<-le fichier

 

C:\WINDOWS\System32\iior.dll<-le fichier

 

G:\Install.exe<-le fichier

 

-8-Lance et éxécute CleanUp!

 

-9-Redémarre normalement et poste un nouveau log Hijackthis pour verification.

[goldmund]

Merci beaucoup, à première vue je n'ai plus de problème de popup. Par contre, je suis repassé en mode classique sur l'affichage et je n'ai plus la possibilité de passer en mode "style Windows Xp" dans les propriétés d'affichage

Aurais-tu une solution pour ça aussi s'il te plait ?

Merci

[queruak]

Bonjour,

 

Poste s'il te plait un rapport hijackthis pour verification.

[goldmund]

Re bonjour,

 

Merci pour ta vitesse de réponse

Voici le nouveau rapport :

 

Logfile of HijackThis v1.99.1

Scan saved at 10:28:50, on 16/05/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

E:\A supprimer\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"

O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114967853164

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab

O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)

O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)

 

Encore merci

[queruak]

Bonjour,

 

Télécharge ce fichier

http://www.silentrunners.org/Silent%20Runners.zip

 

Une fois téléchargé,tu le dézippes dans un dossier dédié.

Puis tu double cliques sur ce fichier,il va travailler,patiente jusqu'à l'affichage d'un méssage.

Un log est généré dans le meme dossier,colle le log ici.

[goldmund]

Voila ce que donne le log :

 

"Silent Runners.vbs", revision 36, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]

"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]

"WorksFUD" = "C:\Program Files\Microsoft Works\wkfud.exe" ["Microsoft® Corporation"]

"Microsoft Works Portfolio" = "C:\Program Files\Microsoft Works\WksSb.exe /AllUsers" ["Microsoft® Corporation"]

"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]

"MoneyStartUp10.0" = ""C:\Program Files\Microsoft Money\System\Activation.exe"" [MS]

"Config Loader" = (no data)

"Registry Loader" = (no data)

"MS Config Loader" = (no data)

"Microsoft Office" = (no data)

"Microsoft Office Start" = (no data)

"Windows Update" = (no data)

"Windows Backup Configuration" = (no data)

"Microsoft Windows Updater" = (no data)

"Config Loader2" = (no data)

"Office Startup" = (no data)

"Quicktime Pro 3.0" = (no data)

"Svhost Loader" = (no data)

"MS Security Hotfix" = (no data)

"Windows Communicator" = (no data)

"Config Loader for Microsoft Windows" = (no data)

"System Loaderav" = (no data)

"ConfiggLoader" = (no data)

"Configuration Loader" = (no data)

"Sound Loader" = (no data)

"Windows Config Manager" = (no data)

"Windows Loader" = (no data)

"Service Controller" = (no data)

"Ms Task" = (no data)

"Windows Explorer" = (no data)

"Mixer" = (no data)

"System Loaderap" = (no data)

"Norton Live Updater" = (no data)

"Windows Update Service" = (no data)

"Update" = (no data)

"Configuration Loading" = (no data)

"MS Config Stream" = (no data)

"Win Init" = (no data)

"Windows Startup" = (no data)

"machine-debugger" = (no data)

"Windows Media Player" = (no data)

"WindowsFS" = (no data)

"OfficeGuard RegChecker" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"" [null data]

"AVPCC" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait" ["Kaspersky Labs."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\(Default) = (no title provided)

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

[queruak]

Bonjour ,

 

Désolé pour le retard !

goldmund,le rapport de Silentrunners n'est pas complet.Tu n'as pas assez patienté.

[goldmund]

Ne te désole pas pour le retard, c'est déjà gentil à toi de répondre

J'ai relancé silentrunner et attendu son message et ça donne cette fois :

 

"Silent Runners.vbs", revision 36, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]

"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]

"WorksFUD" = "C:\Program Files\Microsoft Works\wkfud.exe" ["Microsoft® Corporation"]

"Microsoft Works Portfolio" = "C:\Program Files\Microsoft Works\WksSb.exe /AllUsers" ["Microsoft® Corporation"]

"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]

"MoneyStartUp10.0" = ""C:\Program Files\Microsoft Money\System\Activation.exe"" [MS]

"Config Loader" = (no data)

"Registry Loader" = (no data)

"MS Config Loader" = (no data)

"Microsoft Office" = (no data)

"Microsoft Office Start" = (no data)

"Windows Update" = (no data)

"Windows Backup Configuration" = (no data)

"Microsoft Windows Updater" = (no data)

"Config Loader2" = (no data)

"Office Startup" = (no data)

"Quicktime Pro 3.0" = (no data)

"Svhost Loader" = (no data)

"MS Security Hotfix" = (no data)

"Windows Communicator" = (no data)

"Config Loader for Microsoft Windows" = (no data)

"System Loaderav" = (no data)

"ConfiggLoader" = (no data)

"Configuration Loader" = (no data)

"Sound Loader" = (no data)

"Windows Config Manager" = (no data)

"Windows Loader" = (no data)

"Service Controller" = (no data)

"Ms Task" = (no data)

"Windows Explorer" = (no data)

"Mixer" = (no data)

"System Loaderap" = (no data)

"Norton Live Updater" = (no data)

"Windows Update Service" = (no data)

"Update" = (no data)

"Configuration Loading" = (no data)

"MS Config Stream" = (no data)

"Win Init" = (no data)

"Windows Startup" = (no data)

"machine-debugger" = (no data)

"Windows Media Player" = (no data)

"WindowsFS" = (no data)

"OfficeGuard RegChecker" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"" [null data]

"AVPCC" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait" ["Kaspersky Labs."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\(Default) = (no title provided)

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"

-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]

"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"

-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]

"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"

-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]

"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"

-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]

"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"

-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]

"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"

-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]

"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"

-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Enabled Wallpaper and Active Desktop:

-------------------------------------

 

Active Desktop is disabled.

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\GoLdAnGinA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Startup items in "GoLdAnGinA" & "All Users" startup folders:

------------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

"Rappels du Calendrier Microsoft Works" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]

 

 

Enabled Scheduled Tasks:

------------------------

 

"AE5674159151EBC5" -> launches: "c:\docume~1\goldan~1\applic~1\movepe~1\Free fork license.exe" [file not found]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\System32\mslsp.dll [null data], 01 - 02, 21

%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 08 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Dormant Explorer Bars in "View, Explorer Bar" menu

 

HKLM\Software\Classes\CLSID\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}\

(Default) = "MoneySide"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

 

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\

"ButtonText" = "MoneySide"

"CLSIDExtension" = "{301DA1EE-F65C-4188-A417-9E915CC8FBFA}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Messenger"

"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

AVP Control Centre Service, AVPCC, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service" ["Kaspersky Labs."]

KAV Monitor Service, KAVMonitorService, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service" ["Kaspersky Labs."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

 

 

----------

This report excludes default entries except where indicated.

To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

----------

 

 

Merci