Machine et internet qui se bloque

[palomi]

Salut,

Au bout de quelques minutes (variable 5-15-25 minutes) ma connection internet ne fonctionne plus. A partir de là d'autres applications ne veulent plus fonctionner et il n'est plus possible d'avoir accès au gestionnaire des taches par Alt+Ctrl+Sup.

J'ai fait passer Antivir, qui ne voit rien.

Voici le rapport par HijackThis en mode sans échec :

 

Logfile of HijackThis v1.99.1

Scan saved at 18:02:57, on 08/05/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll

O2 - BHO: PlugIns loader for GalaxiShip-Agent - {5A699E3F-08EA-46E4-A9AC-E6F1570D07C2} - C:\GalaxiShip - maximiles\PlugIns.3002\GS_Loader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [CookiePatrol] C:\PestPatrol\CookiePatrol.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Extrafilm FotoFacil\Agent.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunServices: [soundtask] soundtask.exe

O4 - HKLM\..\RunServices: [schedulingAgent] C:\WINDOWS\System32\mstask.exe

O4 - HKLM\..\RunServices: [windows system notepad] wnpsm.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109023769750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130080196218

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.gagne-un-max.com/acces/WebInstall.dll

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/import/ImageUploader3.cab

O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2...yer5.2AxWin.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v42/golfsol/golfsol.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...603/mcfscan.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

 

Quelqu'un peut-il m'aiguiller ?

Merci

[bruce lee]

bonsoir,

 

analyse en cours retour dans 15 minutes

[bruce lee]

re,

 

 

 

1/Télécharge la version d'évaluation d'Ewido:

http://www.ewido.net/en/download/

 

Installe et mets à jour.

 

Important: Pendant l'installation, sur la page "Additional Options" décoche les deux options "Install background guard" et "Install scan via context menu".

 

Démarre Ewido avec l'icône qui se trouve sur ton Bureau. Clique sur mise à jour, attendre la fin de cette mise à jour puis, ferme le programme.

 

2/demarre en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

 

 

 

3/lance hijackthis en cliquant sur scanner seulement coche ces lignes:

 

O4 - HKLM\..\RunServices: [soundtask] soundtask.exe

O4 - HKLM\..\RunServices: [windows system notepad] wnpsm.exe

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.gagne-un-max.com/acces/WebInstall.dll

O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/import/ImageUploader3.cab

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fixez objet

 

 

4/pour supprimer les fichiers nefastes on va tous les afficher en faisant comme ceci:

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

5/

demarrer,rechercher,clique sur tous les fichiers et tout les dossiers, clique sur les deux petites fleches a cotes de options avancées

et coche rechercher dans les fichiers et dossiers cachés.

 

 

6/recherche ces fichiers (si trouvé tu supprimes):

 

soundtask.exe

 

wnpsm.exe

 

 

7/Relance Ewido et clique sur scanner puis sur scan complet du système.

 

Si des fichiers infectés sont trouvés, garde l'option par défaut Supprimer (avec la ligne "Créer des copies de sauvegarde cryptées dans la quarantaine" cochée), et coche "Effectuer cette action avec toutes les infections".

 

A la fin du scan, sauvegarde le rapport (Fichier/Enregistrer sous...) sur le Bureau.

 

8/redemarre en mode normal

 

9/poste le rapport d'ewido ainsi qu'un nouveau log hijackthis.

 

bon courage, et si tu as la moindre question n'hesite surtout pas

 

@+

[palomi]

Merci pour ton aide, malheureusement cela n'a pas réglé le problème. Et antivir et avast ne voient rien

Voici le dernier log de hijack :

 

Logfile of HijackThis v1.99.1

Scan saved at 22:04:52, on 12/05/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll

O2 - BHO: PlugIns loader for GalaxiShip-Agent - {5A699E3F-08EA-46E4-A9AC-E6F1570D07C2} - C:\GalaxiShip - maximiles\PlugIns.3002\GS_Loader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [CookiePatrol] C:\PestPatrol\CookiePatrol.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Extrafilm FotoFacil\Agent.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunServices: [schedulingAgent] C:\WINDOWS\System32\mstask.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109023769750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130080196218

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2...yer5.2AxWin.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v42/golfsol/golfsol.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...603/mcfscan.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

 

et celui de ewido :

 

---------------------------------------------------------

ewido anti-malware - Rapport de scan

---------------------------------------------------------

 

+ Créé le: 22:03:56, 12/05/2006

+ Somme de contrôle: 8BF90EE9

 

+ Résultats du scan:

 

HKLM\SOFTWARE\DelFin -> Adware.Delfin : Nettoyer et sauvegarder

HKLM\SOFTWARE\DelFin\PromulGate -> Adware.Delfin : Nettoyer et sauvegarder

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Adware.Delfin : Nettoyer et sauvegarder

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Nettoyer et sauvegarder

C:\A Moi\Maquette\MsgPlus-210a - messagerie instantanée.exe/70000010.exe -> Downloader.Swizzor.g : Nettoyer et sauvegarder

C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder

C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyer et sauvegarder

C:\Documents and Settings\LocalService\Cookies\system@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder

C:\Documents and Settings\LocalService\Cookies\system@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder

C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Shopathomeselect : Nettoyer et sauvegarder

:mozilla.11:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder

:mozilla.14:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder

:mozilla.20:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyer et sauvegarder

:mozilla.22:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder

:mozilla.23:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyer et sauvegarder

:mozilla.24:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyer et sauvegarder

:mozilla.57:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder

:mozilla.58:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder

:mozilla.59:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder

:mozilla.253:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder

:mozilla.254:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder

:mozilla.426:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Tfag : Nettoyer et sauvegarder

:mozilla.480:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Burstbeacon : Nettoyer et sauvegarder

:mozilla.508:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder

:mozilla.577:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder

:mozilla.578:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder

:mozilla.579:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder

:mozilla.763:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder

:mozilla.764:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder

:mozilla.765:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder

:mozilla.766:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder

:mozilla.804:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder

:mozilla.813:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder

:mozilla.815:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

:mozilla.820:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder

:mozilla.822:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

:mozilla.901:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder

:mozilla.902:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder

:mozilla.907:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder

:mozilla.915:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder

:mozilla.916:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder

:mozilla.917:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder

:mozilla.918:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder

:mozilla.924:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder

:mozilla.925:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder

:mozilla.940:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder

:mozilla.942:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\qhutfqvi.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\moi@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\moi@com[1].txt -> TrackingCookie.Com : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\moi@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\moi@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\moi@hypertracker[1].txt -> TrackingCookie.Hypertracker : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][1].txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\moi@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\moi@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\moi@vegasred[2].txt -> TrackingCookie.Vegasred : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\moi@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Etracker : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\[email protected][2].txt -> TrackingCookie.Vegasred : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Cookies\moi@yadro[1].txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder

C:\Documents and Settings\Moi\Local Settings\Temp\bar.exe -> Adware.IeSearchBar : Nettoyer et sauvegarder

C:\Microsoft AntiSpyware\Quarantine\6D2D3BF8-48BA-49B6-99FC-A9D640\79BD3154-0455-44BA-B7FF-4FE1CE -> Downloader.Lemmy.u : Nettoyer et sauvegarder

 

 

::Fin du rapport

 

Merci d'avance si quelqu'un peut m'aider

[bruce lee]

bonjour,

 

1/telecharge silent runners http://www.silentrunners.org/Silent%20Runners.vbs

 

2/déconnecte toi du net et ferme toutes les applications en cours.

 

3/lance silent runners laisse le travailler quand il aura finit de scanner tu en sauras averti par un message et un nouveau fichier texte sera crée ouvre ce fichier texte et colle la totalité du rapport.

[palomi]

voici le log obtenu sous silentrunners :

 

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CookiePatrol" = "C:\PestPatrol\CookiePatrol.exe " [file not found]

"gcasServ" = ""C:\Microsoft AntiSpyware\gcasServ.exe"" [MS]

"ExtraFilmHemmaAgent" = ""C:\Extrafilm FotoFacil\Agent.exe"" [null data]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"DSLAGENTEXE" = "dslagent.exe USB" [null data]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]

"avast!" = "C:\AVAST-~1\ashDisp.exe" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\SPYBOT~1\SDHelper.dll" [null data]

{5A699E3F-08EA-46E4-A9AC-E6F1570D07C2}\(Default) = (no title provided)

-> {HKLM...CLSID} = "PlugIns loader for GalaxiShip-Agent"

\InProcServer32\(Default) = "C:\GalaxiShip - maximiles\PlugIns.3002\GS_Loader.dll" ["WebGalaxis"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"

-> {HKLM...CLSID} = "Explorateur de Bureau"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]

"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"

-> {HKLM...CLSID} = "dBpShell Class"

\InProcServer32\(Default) = "C:\dBpower - convertisseur audio\dBShell.dll" [empty string]

"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"

-> {HKLM...CLSID} = "dMCIShell Class"

\InProcServer32\(Default) = "C:\dBpower - convertisseur audio\dMCShell.dll" [empty string]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]

"{46E22146-59C0-4136-9233-52E412E2B428}" = "EzCddax extension"

-> {HKLM...CLSID} = "EzCddax Class"

\InProcServer32\(Default) = "C:\Easy CD-DA Extractor 8\ezcddax8.dll" [null data]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"

-> {HKLM...CLSID} = "Trojan Remover Shell Extension"

\InProcServer32\(Default) = "C:\TROJAN~1\Trshlex.dll" [file not found]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Avast - anti-virus\ashShell.dll" ["ALWIL Software"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"

-> {HKLM...CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1"

\InProcServer32\(Default) = "C:\Microsoft AntiSpyware\shellextension.dll" [MS]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Avast - anti-virus\ashShell.dll" ["ALWIL Software"]

EzCddax\(Default) = "{46E22146-59C0-4136-9233-52E412E2B428}"

-> {HKLM...CLSID} = "EzCddax Class"

\InProcServer32\(Default) = "C:\Easy CD-DA Extractor 8\ezcddax8.dll" [null data]

IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"

-> {HKLM...CLSID} = "IMMenuShellExt Class"

\InProcServer32\(Default) = "C:\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

-> {HKLM...CLSID} = "Trojan Remover Shell Extension"

\InProcServer32\(Default) = "C:\TROJAN~1\Trshlex.dll" [file not found]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Avast - anti-virus\ashShell.dll" ["ALWIL Software"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

-> {HKLM...CLSID} = "Trojan Remover Shell Extension"

\InProcServer32\(Default) = "C:\TROJAN~1\Trshlex.dll" [file not found]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Moi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Startup items in "Moi" & "All Users" startup folders:

-----------------------------------------------------

 

C:\Documents and Settings\Moi\Menu Démarrer\Programmes\Démarrage

"Club Internet" -> shortcut to: "C:\Program Files\Club-Internet\Lanceur\lanceur.exe" ["T-ONLINE France"]

 

 

Enabled Scheduled Tasks:

------------------------

 

"HDReg" -> launches: "c:\Apps\HDReg\HDRegRem.exe" [null data]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

 

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

"ButtonText" = "Créer un Favori de l'appareil mobile"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

 

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

"MenuText" = "Créer un Favori de l'appareil mobile..."

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 2 lines

 

 

HOSTS file

----------

 

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\

HIJACK WARNING! "DataBasePath" = "C:\WINDOWS\nsdb"

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

AntiVir PersonalEdition Classic Guard, AntiVirService, "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"]

AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]

avast! Antivirus, avast! Antivirus, ""C:\Avast - anti-virus\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Avast - anti-virus\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Avast - anti-virus\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Avast - anti-virus\ashWebSv.exe" /service" ["ALWIL Software"]

ewido security suite control, ewido security suite control, "C:\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

SmartLinkService, SLService, "slserv.exe" [" "]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 118 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

took 16 seconds.

---------- (total run time: 165 seconds)

[bruce lee]

re,

 

essaye un scan en ligne (en esperant que ta connexion tienne assez longtemps)

 

Fais un scan en ligne avec http://webscanner.kaspersky.fr/

 

Sous Démonstration en ligne , on t'explique la marche à suivre , et pour lancer le scan il faut sélectionner Exécuter l'analyse en ligne .Le scan ne marche que sous Internet Explorer.

On va te demander de télécharger un contôle active x, accepte .

Dans le menu Choisissez la cible de l'analyse , sélectionne Poste de travail .

Le scan va commencer.Poste le rapport qui sera généré stp.

 

Si il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme

 

décrit sur ce lien=> http://www.inoculer.com/activex.php3