Problème

[Back]

Bonjour,

Depuis quelques temps un message d'erreur assez ennuyant apparaît lors de l'ouverture de dossier!

Voici le message d'erreur qui s'affiche :

 

OS: Windows XP Home Edition, SP2

CPU: GenuineIntel, Intel Pentium 4, MMX @ 0 MHz

 

Application data:

VmVyc2lvbjogV2xGQlhVSlFWRlphUkU1RFJrTlZKQ2xTT3lRN1ZpQXN

BQWRWUHlFOEl6QnpaSHQrZHpNa0lqc2tJelpGY25SOWVHcC9SemM3Uj

NKNGIzRkRNUT09DQpJbWFnZUJhc2U6IDEyRTUwMDAwDQpFaXA6IDUyN

TdFMzANCkVheDogMTM2QjAwMDANCkVjeDogMTQ2RjRBN0MNCkVkeDog

MA0KRWJ4OiAwDQpFc2k6IDE0NkY0OUM0DQpFZGk6IDEzNjMwMDAwDQp

FYnA6IDk2N0U2NEMNCkVzcDogOTY3RTUyMA0KLTENCkNvZGUgPSBbMj

A0XQ0KLSAwDQotIDIwNA0KLSAyMjcNCi0gMA0KLSBbXQ0KPiBDOlxXS

U5ET1dTXEV4cGxvcmVyLkVYRQ0KPiBDOlxXSU5ET1dTXHN5c3RlbTMy

XG50ZGxsLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGtlcm5lbDM

yLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1zdmNydC5kbGwNCj

4gQzpcV0lORE9XU1xzeXN0ZW0zMlxBRFZBUEkzMi5kbGwNCj4gQzpcV

0lORE9XU1xzeXN0ZW0zMlxSUENSVDQuZGxsDQo+IEM6XFdJTkRPV1Nc

c3lzdGVtMzJcR0RJMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJ

cVVNFUjMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFNITFdBUE

kuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcU0hFTEwzMi5kbGwNC

j4gQzpcV0lORE9XU1xzeXN0ZW0zMlxvbGUzMi5kbGwNCj4gQzpcV0lO

RE9XU1xzeXN0ZW0zMlxPTEVBVVQzMi5kbGwNCj4gQzpcV0lORE9XU1x

zeXN0ZW0zMlxCUk9XU0VVSS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW

0zMlxTSERPQ1ZXLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXENSW

VBUMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTVNBU04xLmRs

bA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXENSWVBUVUkuZGxsDQo+IEM

6XFdJTkRPV1Ncc3lzdGVtMzJcV0lOVFJVU1QuZGxsDQo+IEM6XFdJTk

RPV1Ncc3lzdGVtMzJcSU1BR0VITFAuZGxsDQo+IEM6XFdJTkRPV1Ncc

3lzdGVtMzJcTkVUQVBJMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVt

MzJcV0lOSU5FVC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXTER

BUDMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFZFUlNJT04uZG

xsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcVXhUaGVtZS5kbGwNCj4gQ

zpcV0lORE9XU1xzeXN0ZW0zMlxTaGltRW5nLmRsbA0KPiBDOlxXSU5E

T1dTXEFwcFBhdGNoXEFjR2VucmFsLkRMTA0KPiBDOlxXSU5ET1dTXHN

5c3RlbTMyXFdJTk1NLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE

1TQUNNMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcVVNFUkVOV

i5kbGwNCj4gQzpcV0lORE9XU1xXaW5TeFNceDg2X01pY3Jvc29mdC5X

aW5kb3dzLkNvbW1vbi1Db250cm9sc182NTk1YjY0MTQ0Y2NmMWRmXzY

uMC4yNjAwLjIxODBfeC13d19hODRmMWZmOVxjb21jdGwzMi5kbGwNCj

4gQzpcV0lORE9XU1xzeXN0ZW0zMlxjb21jdGwzMi5kbGwNCj4gQzpcV

0lORE9XU1xzeXN0ZW0zMlxhcHBIZWxwLmRsbA0KPiBDOlxXSU5ET1dT

XHN5c3RlbTMyXENMQkNBVFEuRExMDQo+IEM6XFdJTkRPV1Ncc3lzdGV

tMzJcQ09NUmVzLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXGNzY3

VpLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXENTQ0RMTC5kbGwNC

j4gQzpcV0lORE9XU1xTeXN0ZW0zMlx0aGVtZXVpLmRsbA0KPiBDOlxX

SU5ET1dTXFN5c3RlbTMyXFNlY3VyMzIuZGxsDQo+IEM6XFdJTkRPV1N

cU3lzdGVtMzJcTVNJTUczMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW

0zMlx4cHNwMnJlcy5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxtc

3V0Yi5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxNU0NURi5kbGwN

Cj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxTQU1MSUIuZGxsDQo+IEM6XFd

JTkRPV1Ncc3lzdGVtMzJcbXNpLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3

RlbTMyXFNYUy5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxMSU5LS

U5GTy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxudHNocnVpLmRs

bA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXEFUTC5ETEwNCj4gQzpcV0l

ORE9XU1xzeXN0ZW0zMlxTRVRVUEFQSS5kbGwNCj4gQzpcV0lORE9XU1

xzeXN0ZW0zMlx1cmxtb24uZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtM

zJcTkVUU0hFTEwuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJccnR1

dGlscy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxjcmVkdWkuZGx

sDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV1MyXzMyLmRsbA0KPiBDOl

xXSU5ET1dTXHN5c3RlbTMyXFdTMkhFTFAuZGxsDQo+IEM6XFdJTkRPV

1Ncc3lzdGVtMzJcaXBobHBhcGkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lz

dGVtMzJcV0lOU1RBLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXHd

lYmNoZWNrLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXFdTT0NLMz

IuZGxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcc3RvYmplY3QuZGxsD

Qo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcQmF0TWV0ZXIuZGxsDQo+IEM6

XFdJTkRPV1NcU3lzdGVtMzJcUE9XUlBST0YuZGxsDQo+IEM6XFdJTkR

PV1NcU3lzdGVtMzJcV1RTQVBJMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3

lzdGVtMzJcd2RtYXVkLmRydg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyX

G1zYWNtMzIuZHJ2DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbWlkaW1h

cC5kbGwNCj4gQzpcRE9DVU1FfjFcS09PUE1BfjFcTE9DQUxTfjFcVGV

tcFxJYWRIaWRlNC5kbGwNCg0KQmFja1dlYg0KSUFkSGlkZQ0KVmVyc2

lvbiA2LjEuNCAoQnVpbGQgNThSKQ0KSUFkSGlkZQ0KqTIwMDEgQmFja

1dlYiBUZWNobm9sb2dpZXMuDQpJQWRIaWRlLmRsbA0KVmVyc2lvbiA2

LjEuNCAoQnVpbGQgNThSKQ0KQmFja1dlYiBJQWRIaWRlDQo0DQoNCj4

gQzpcV0lORE9XU1xzeXN0ZW0zMlxyc2FlbmguZGxsDQo+IEM6XFdJTk

RPV1Ncc3lzdGVtMzJcTVBSLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3Rlb

TMyXGRycHJvdi5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxudGxh

bm1hbi5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxORVRVSTAuZGx

sDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcTkVUVUkxLmRsbA0KPiBDOl

xXSU5ET1dTXFN5c3RlbTMyXE5FVFJBUC5kbGwNCj4gQzpcV0lORE9XU

1xTeXN0ZW0zMlxkYXZjbG50LmRsbA0KPiBDOlxQUk9HUkF+MVxXYW5h

ZG9vXEluYWN0aXZpdHkuZGxsDQoNCkluYWN0aXZpdHkgRExMDQoxLCA

wLCAwLCAxDQpJbmFjdGl2aXR5DQpDb3B5cmlnaHQgRnJhbmNlIFRlbG

Vjb20gUiZEIChDKSAyMDA0DQpJbmFjdGl2aXR5LkRMTA0KMSwgMCwgM

CwgMQ0KQmlibGlvdGjocXVlIGRlIGxpYWlzb24gZHluYW1pcXVlIElu

YWN0aXZpdHkNCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFJBU0FQSTM

yLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHJhc21hbi5kbGwNCj

4gQzpcV0lORE9XU1xzeXN0ZW0zMlxUQVBJMzIuZGxsDQo+IEM6XFdJT

kRPV1Ncc3lzdGVtMzJcbXN2MV8wLmRsbA0KPiBDOlxXSU5ET1dTXHN5

c3RlbTMyXHNoZG9jbGMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJ

cYnJvd3NlbGMuZGxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcbXN3c2

9jay5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxETlNBUEkuZGxsD

Qo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcd2lucm5yLmRsbA0KPiBDOlxX

SU5ET1dTXHN5c3RlbTMyXHJhc2FkaGxwLmRsbA0KPiBDOlxXSU5ET1d

TXHN5c3RlbTMyXE1MQU5HLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbT

MyXERVU0VSLmRsbA0KPiBDOlxXSU5ET1dTXFdpblN4U1x4ODZfTWljc

m9zb2Z0LldpbmRvd3MuR2RpUGx1c182NTk1YjY0MTQ0Y2NmMWRmXzEu

MC4yNjAwLjIxODBfeC13d181MjJmOWY4MlxnZGlwbHVzLmRsbA0KPiB

DOlxXSU5ET1dTXFN5c3RlbTMyXE1TVkZXMzIuZGxsDQo+IEM6XFdJTk

RPV1NcU3lzdGVtMzJcQVZJRklMMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc

3lzdGVtMzJcbXNjbXMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJc

V0lOU1BPT0wuRFJWDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcY29tZGx

nMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXNkbW8uZGxsDQ

oNCjYuNS4yNjAwLjIxODANCjYuNS4yNjAwLjIxODANCg0KPiBDOlxXS

U5ET1dTXHN5c3RlbTMyXFNQNVhfMzIuRExMDQoNClN1bnBsdXMgQ29y

cG9yYXRpb24NClN1bnBsdXMgMzItYml0IEFWSSBjb21wcmVzc2lvbiB

kcml2ZXINCjEuMSANCnNwNXhfMzIuZGxsDQpTdW5wbHVzIFRlY2hub2

xvZ3kgQ29ycC4gMTk5OC0yMDAxDQpzcDV4XzMyLmRsbA0KMS4xIA0KU

3VucGx1cyBEZWNvbXByZXNzaW9uDQoNCj4gQzpcV0lORE9XU1xzeXN0

ZW0zMlxkZHJhdy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxEQ0l

NQU4zMi5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xGaWNoaWVycyBjb2

1tdW5zXEFoZWFkXExpYlxBZHZyQ250ci5kbGwNCg0KQWhlYWQgU29md

HdhcmUgQUcNCkFkdnJDbnRyIE1vZHVsZQ0KMSwyLDEyLCAyMzE0DQpB

ZHZyQ250cg0KQ29weXJpZ2h0IChjKSAxOTk1LTIwMDMgQWhlYWQgU29

mdHdhcmUgYW5kIGl0cyBsaWNlbnNvcnMNCkFkdnJDbnRyLkRMTA0KMS

wyLDEyLCAyMzE0DQpBZHZyQ250ciBNb2R1bGUNCg0KPiBDOlxXSU5ET

1dTXHN5c3RlbTMyXE5UTUFSVEEuRExMDQo+IEM6XFdJTkRPV1Ncc3lz

dGVtMzJcZHNvdW5kLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGw

zY29kZWNhLmFjbQ0KDQpGcmF1bmhvZmVyIEluc3RpdHV0IEludGVncm

llcnRlIFNjaGFsdHVuZ2VuIElJUw0KTVBFRyBMYXllci0zIEF1ZGlvI

ENvZGVjIGZvciBNU0FDTQ0KMSwgOSwgMCwgMDMwNQ0KbDNjb2RlYy5h

Y20NCkNvcHlyaWdodCCpIDE5OTYtMTk5OSBGcmF1bmhvZmVyIEluc3R

pdHV0IEludGVncmllcnRlIFNjaGFsdHVuZ2VuIElJUw0KbDNjb2RlYy

5hY20NCjEsIDAsIDAsIDANCk1QRUcgTGF5ZXItMyBBdWRpbyBDb2RlY

yBmb3IgTVNBQ00NCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdaQ1NB

UEkuRExMDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTVNHSU5BLmRsbA0

KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE9EQkMzMi5kbGwNCj4gQzpcV0

lORE9XU1xzeXN0ZW0zMlxvZGJjaW50LmRsbA0KPiBDOlxXSU5ET1dTX

FN5c3RlbTMyXHN0aS5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxD

RkdNR1IzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx3aWFzaGV

4dC5kbGwNCj4gQzpcUFJPR1JBfjFcV2FuYWRvb1xTRUFSQ0h+MS5ETE

wNCg0KU2VhcmNoUGFnZVVSTCBNb2R1bGUNCjEsIDAsIDAsIDENClNlY

XJjaFBhZ2VVUkwNCkNvcHlyaWdodCAyMDAzDQpTZWFyY2hQYWdlVVJM

LkRMTA0KMSwgMCwgMCwgMQ0KU2VhcmNoUGFnZVVSTCBNb2R1bGUNCg0

KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXHdpYWRlZnVpLmRsbA0KPiBDOl

xXSU5ET1dTXHN5c3RlbTMyXFBTQVBJLkRMTA0KPiBDOlxXSU5ET1dTX

FN5c3RlbTMyXG15ZG9jcy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0z

MlxNRkM0Mi5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNRkM0Mkx

PQy5ETEwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xMb2dpdGVjaFxJbWFnZV

N0dWRpb1xBbGJ1bVVJLmRsbA0KDQpMb2dpdGVjaCBJbmMuDQpRdWlja

0NhbSBHYWxsZXJ5IEFjdGl2aXR5DQo3LjIuMC4xMTI1DQpBbGJ1bS5E

TEwNCihjKSAxOTk2LTIwMDIgTG9naXRlY2guICBBbGwgcmlnaHRzIHJ

lc2VydmVkLg0KQWxidW0uRExMDQo3LjIuMC4xMTI1DQpMb2dpdGVjaC

BJbWFnZVN0dWRpbw0KDQo+IEM6XFByb2dyYW0gRmlsZXNcTG9naXRlY

2hcSW1hZ2VTdHVkaW9cUUNVSS5kbGwNCg0KTG9naXRlY2ggSW5jLg0K

UXVpY2tDYW0gVXNlciBJbnRlcmZhY2UgTGlicmFyeQ0KNy4yLjAuMTE

yNQ0KUUNVSS5ETEwNCihjKSAxOTk2LTIwMDIgTG9naXRlY2guICBBbG

wgcmlnaHRzIHJlc2VydmVkLg0KUUNVSS5ETEwNCjcuMi4wLjExMjUNC

kxvZ2l0ZWNoIEltYWdlU3R1ZGlvDQoNCj4gQzpcUHJvZ3JhbSBGaWxl

c1xMb2dpdGVjaFxJbWFnZVN0dWRpb1xMVFdWQzEybi5kbGwNCg0KTEV

BRCBUZWNobm9sb2dpZXMsIEluYy4NCkxFQURUT09MUyhyKSBETEwgZm

9yIFdpbjMyDQoxMi4xLjAuMDExDQpMVFdWQzEyTg0KQ29weXJpZ2h0q

SAxOTkxLTIwMDAgTEVBRCBUZWNobm9sb2dpZXMsIEluYy4NCkxFQURU

T09MUyhyKSBpcyBhIHRyYWRlbWFyayBvZiBMRUFEIFRlY2hub2xvZ2l

lcywgSW5jLg0KTFRXVkMxMk4uRExMDQoxMi4xLjAuMDExDQpMRUFEVE

9PTFMocikgRExMIGZvciBXaW4zMg0KDQo+IEM6XFByb2dyYW0gRmlsZ

XNcTG9naXRlY2hcSW1hZ2VTdHVkaW9cTFRGSUwxMm4uRExMDQoNCkxF

QUQgVGVjaG5vbG9naWVzLCBJbmMuDQpMRUFEVE9PTFMocikgRExMIGZ

vciBXaW4zMg0KMTIuMS4wLjAxMQ0KTFRGSUwxMk4NCkNvcHlyaWdodK

kgMTk5MS0yMDAwIExFQUQgVGVjaG5vbG9naWVzLCBJbmMuDQpMRUFEV

E9PTFMocikgaXMgYSB0cmFkZW1hcmsgb2YgTEVBRCBUZWNobm9sb2dp

ZXMsIEluYy4NCkxURklMMTJOLkRMTA0KMTIuMS4wLjAxMQ0KTEVBRFR

PT0xTKHIpIERMTCBmb3IgV2luMzINCg0KPiBDOlxQcm9ncmFtIEZpbG

VzXExvZ2l0ZWNoXEltYWdlU3R1ZGlvXExUS1JOMTJuLmRsbA0KDQpMR

UFEIFRlY2hub2xvZ2llcywgSW5jLg0KTEVBRFRPT0xTKHIpIERMTCBm

b3IgV2luMzINCjEyLjEuMC4wMTENCkxUS1JOMTJODQpDb3B5cmlnaHS

pIDE5OTEtMjAwMCBMRUFEIFRlY2hub2xvZ2llcywgSW5jLg0KTEVBRF

RPT0xTKHIpIGlzIGEgdHJhZGVtYXJrIG9mIExFQUQgVGVjaG5vbG9na

WVzLCBJbmMuDQpMVEtSTjEyTi5ETEwNCjEyLjEuMC4wMTENCkxFQURU

T09MUyhyKSBETEwgZm9yIFdpbjMyDQoNCj4gQzpcUHJvZ3JhbSBGaWx

lc1xMb2dpdGVjaFxJbWFnZVN0dWRpb1xMUUNVSS5kbGwNCg0KTG9naX

RlY2ggSW5jLg0KUXVpY2tDYW0gVXNlciBJbnRlcmZhY2UgTGFuZ3VhZ

2UNCjcuMi4wLjExMjUNCkxRQ1VJLkRMTA0KKGMpIDE5OTYtMjAwMiBM

b2dpdGVjaC4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpMUUNVSS5ETEw

NCjcuMi4wLjExMjUNCkxvZ2l0ZWNoIEltYWdlU3R1ZGlvDQoNCj4gQz

pcUHJvZ3JhbSBGaWxlc1xMb2dpdGVjaFxJbWFnZVN0dWRpb1xMQWxid

W1VSS5kbGwNCg0KTG9naXRlY2ggSW5jLg0KUXVpY2tDYW0gR2FsbGVy

eSBMYW5ndWFnZQ0KNy4yLjAuMTEyNQ0KTEFsYnVtLkRMTA0KKGMpIDE

5OTYtMjAwMiBMb2dpdGVjaC4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQ

pMQWxidW0uRExMDQo3LjIuMC4xMTI1DQpMb2dpdGVjaCBJbWFnZVN0d

WRpbw0KDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcYWN0eHByeHkuZGxs

DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0lOSFRUUC5kbGwNCj4gQzp

cV0lORE9XU1xTeXN0ZW0zMlxqc2NyaXB0LmRsbA0KPiBDOlxXSU5ET1

dTXHN5c3RlbTMyXEQzRElNNzAwLkRMTA0KPiBDOlxXSU5ET1dTXHN5c

3RlbTMyXGR4bWFzZi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxE

Uk1DbGllbi5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxwcmludHV

pLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXEFDVElWRURTLmRsbA

0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGFkc2xkcGMuZGxsDQo+IEM6X

FdJTkRPV1Ncc3lzdGVtMzJcd212Y29yZS5kbGwNCj4gQzpcV0lORE9X

U1xzeXN0ZW0zMlxXTUFTRi5ETEwNCj4gQzpcV0lORE9XU1xTeXN0ZW0

zMlxzaG1lZGlhLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHF1ZX

J5LmRsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXE9wZW5PZmZpY2Uub3JnI

DIuMFxwcm9ncmFtXHNobHh0aGRsLmRsbA0KDQpTdW4gTWljcm9zeXN0

ZW1zLCBJbmMuDQo4LjAuMC44OTY0DQpzaGx4dGhkbA0KQ29weXJpZ2h

0IKkgMjAwNSBieSBTdW4gTWljcm9zeXN0ZW1zLCBJbmMuDQpzaGx4dG

hkbC5kbGwNCjguMC4wLjg5NjQNCg0KPiBDOlxQcm9ncmFtIEZpbGVzX

E9wZW5PZmZpY2Uub3JnIDIuMFxwcm9ncmFtXHV3aW5hcGkuZGxsDQoN

ClN1biBNaWNyb3N5c3RlbXMsIEluYy4NCjguMC4wLjg5NjQNCnV3aW5

hcGkNCkNvcHlyaWdodCCpIDIwMDUgYnkgU3VuIE1pY3Jvc3lzdGVtcy

wgSW5jLg0KdXdpbmFwaS5kbGwNCjguMC4wLjg5NjQNCg0KPiBDOlxQc

m9ncmFtIEZpbGVzXE9wZW5PZmZpY2Uub3JnIDIuMFxwcm9ncmFtXE1T

VkNSNzEuZGxsDQo+IEM6XFByb2dyYW0gRmlsZXNcT3Blbk9mZmljZS5

vcmcgMi4wXHByb2dyYW1cc3RscG9ydF92YzcxNDUuZGxsDQoNClNUTH

BvcnQgQ29uc3VsdGluZywgSW5jLg0KU1RMcG9ydA0KNC41LjIwMDMuM

DEyMA0KU1RMUE9SVC5ETEwNCkNvcHlyaWdodCAoQykgQm9yaXMgRm9t

aXRjaGV2DQpTVExQT1JUX1ZDN0JVSUxEX1ZFUl9NQUpPUlZFUl9NSU5

PUi5ETEwNCjQuNS4yMDAzLjAxMjANClNUTHBvcnQgU3RhbmRhcmQgQU

5TSSBDKysgTGliYXJhcnkNCg0KPiBDOlxQcm9ncmFtIEZpbGVzXE9wZ

W5PZmZpY2Uub3JnIDIuMFxwcm9ncmFtXE1TVkNQNzEuZGxsDQo+IEM6

XFdJTkRPV1NcU3lzdGVtMzJccWVkaXQuZGxsDQo+IEM6XFdJTkRPV1N

cc3lzdGVtMzJccXVhcnR6LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbT

MyXGRldmVudW0uZGxsDQo+IEM6XFByb2dyYW0gRmlsZXNcSGlnaE1BV

CBDRCBXcml0aW5nIFdpemFyZFxITVRDRC5kbGwNCj4gQzpcV0lORE9X

U1xzeXN0ZW0zMlxxZHZkLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTM

yXHdtcHNoZWxsLmRsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXEhpZ2hNQV

QgQ0QgV3JpdGluZyBXaXphcmRcMTAzNlxITVRDRFJlcy5kbGwNCj4gQ

zpcUHJvZ3JhbSBGaWxlc1xGaWNoaWVycyBjb21tdW5zXEFoZWFkXERT

RmlsdGVyXE5lVmlkZW8uYXgNCg0KTmVybyBBRw0KTVBFRy0xLzIvNCA

mIEFWQyB2aWRlbyBkZWNvZGVyIHcvIER4VkENCjMsIDIsIDAsIDI0Yg

0KQ29weXJpZ2h0IChjKSAyMDA1IE5lcm8gQUcgYW5kIGl0cyBsaWNlb

nNvcnMNCk5lVmlkZW8uYXgNCjIsIDAsIDIsIDQ4DQpOZXJvIFN1aXRl

DQo=

 

Merci à ceux qui arriveront à resoudre ce problème !!

[bruce lee]

bonjour,

 

bizard ce message d'erreur

 

commence par suivre cette procedure s'il te plait:

 

HIJACKTHIS

 

Procédure préliminaire à toute demande d'analyse de rapport HijackThis.

 

Phase 1

 

- faire un copier/coller de ces instructions dans un fichier texte car la seconde partie de cette procédure va être effectuée en mode sans échec et donc, hors connexion.

 

- télécharger Antivir ( http://www.free-av.com . Une fois passé en mode sans echec, installer et paramétrer Antivir. Il est impératif de le configurer correctement afin de faire le meilleur scan possible --> voir la procédure ici (imprimez la) : http://speedweb1.free.fr/frames2.php?page=tuto5

 

nb: le choix d'Antivir comme antivirus a utiliser dans le cadre de cette procédure, a reposé sur les critères suivants : --- failles de votre antivirus qui a laissé passer des malwares --- Antivir peut-être installé et désinstallé facilement --- Antivir est reconnu pour son efficacité en mode sans échec --- le tutorial de tesgaz permet de le paramétrer sans problème

 

- télécharger la dernière version d'HijackThis ( http://www.merijn.org/files/hijackthis.zip ou http://telechargement.zebulon.fr/138-hijackthis-1991.html en cas d'indisponibilité !)

 

Phase 2

 

- redémarrer le PC, impérativement en mode sans échec, (n'ayant pas accès à Internet, vous avez préalablement copié ces instructions dans un fichier texte)

 

-- au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] ou [F5] jusqu'à l'affichage du menu des options avancées de Windows. Sélectionner "Mode sans échec" et appuyer sur [Entrée].

 

NB : en cas de problème pour sélectionner le mode sans échec, appliquer la procédure de Symantec "Comment démarrer l'ordinateur en mode sans échec" (http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924 )

 

-- à l'ouverture de session, choisir la session courante et non celle de l'administrateur

 

- Afficher tous les fichiers par cette modification des options de l'explorateur Windows :

 

Menu "Outils", "Option des dossiers", onglet "Affichage" :

 

Activer la case : "Afficher les fichiers et dossiers cachés"

Désactiver la case : "Masquer les extensions des fichiers dont le type est connu"

Désactiver la case : "Masquer les fichiers protégés du système d'exploitation"

Puis, cliquer sur "Appliquer".

Maintenant, vous avez accès à tous les fichiers et dossiers du système d'exploitation.

 

Phase 3

 

- nettoyage rapide du disque dur :

 

Démarrer / Exécuter / taper CleanMgr et valider

 

Cette fonction cleanmgr génére parfois un bug sous système Windows 2000, effectuer dans ce cas un nettoyage manuel : suppression de tous les fichiers contenus dans les dossiers

C:\TEMP

C:\WINDOWS\TEMP

C:\Documents And Settings\Session utilisateur\Local Settings\Temp

C:\Documents And Settings\Session utilisateur\Local Settings\Temporary internet files

 

Vider la corbeille

 

- recherche et élimination des parasites avec Antivir

lancer un scan complet du, ou des disques dur, et supprimer tous les fichiers infectés (s'ils existent)

 

- désinstallation d'Antivir

 

-- terminer les processus suivants dans le gestionnaire des tâches (faire Ctrl+Alt+Suppr pour ouvrir la fenêtre puis cliquer sur l'onglet Processus) : AVGUARD.EXE - AVSCHED.EXE - AVWUPSRV.EXE et AVGNT.EXE puis, désinstaller Antivir dans ajout/suppression de programmes (vous pourrez le réinstaller ensuite si vous souhaitez le conserver en lieu et place de votre antivirus résident qu'il conviendra dans ce cas de désinstaller proprement, surtout s'il s'agit de Norton).

 

- Redémarrer le PC en mode normal

 

- installation et utilisation d'HijackThis

 

-- créer un nouveau dossier à la racine de C:\Program Files\HijackThis (double clic sur poste de travail/double clic sur l'icone de C/double clic sur le répertoire Program Files/clic droit dans la fenêtre, choisir nouveau dossier et le nommer HijackThis) ; dézipper le programme précédemment téléchargé lors de la phase 1 dans ce nouveau dossier HijackThis, créer un raccourci sur le bureau.

 

Important: surtout, ne pas créer ce dossier HijackThis dans un répertoire temporaire

 

-- arrêter tous les programmes en cours et fermer toutes les fenêtres

 

-- lancer HijackThis à l'aide du raccourci et cliquer sur le bouton "Do a system scan and save a logfile"

-- le rapport HijackThis (fichier log) va être enregistré dans C:\Program Files\HijackThis (penser à ajouter un chiffre à la suite du nom du rapport si vous voulez conserver un historique de vos rapports ex : HijackThis 1, HijackThis 2...)

 

NB : en cas de problème, appliquer le Tutorial de BipBip (http://sitethemacs.free.fr/aide_enregistrement_de_hijackthi.htm avec copies d'écran).

 

Phase 4

 

- ouvrir le rapport HijackThis précédemment sauvegardé et faire : Ctrl-A, Ctrl-C puis, le coller (Ctrl-V) dans un nouveau post que vous créez sur le forum Analyse rapports HijackThis, Eradication malwares de manière à ce que nous vous disions ce qu'il faut faire.

 

- attendre l'analyse et la réponse.

 

auteur : megataupe

[Back]

Voilà le rapport HijackThis :

(Merci beaucoup de m'aider !!! )

 

Logfile of HijackThis v1.99.1

Scan saved at 09:39:00, on 06/06/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE

C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe

C:\Program Files\Securitoo\av_fw\fswsclds.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE

C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE

C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE

C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\Documents and Settings\Koopman's\Mes documents\famille koopman\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe

O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Modifié le 6 juin 2006 par Back

[Back]

Sinon en mode sans echec "antivir" n'avait trouvé aucun virus ou autre type de ce genre...

[bruce lee]

bonjour,

 

1/Télécharge la version d'évaluation d'Ewido:

http://www.ewido.net/en/download/

 

Installe et mets à jour.

 

Important: Pendant l'installation, sur la page "Additional Options" décoche les deux options "Install background guard" et "Install scan via context menu".

 

Démarre Ewido avec l'icône qui se trouve sur ton Bureau. Clique sur mise à jour, attendre la fin de cette mise à jour puis, ferme le programme.

 

2/demarre en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

 

3/

demarrer/panneau de configuration/ajouts et suppresions de programmes et verifie la presence de:

 

VMN Toolbar

 

si ce programme est present desinstalle le.

 

4/fais:

demarer executer services.msc repere France Telecom Routing Table Service

dans le champs Type de démarrage met le sur désactivé puis

Appliquer puis ok .

 

 

5/lance hijackthis en cliquant sur do a scan system only coche ces lignes:

 

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

 

 

6/pour supprimer les fichiers nefastes on va tous les afficher en faisant comme ceci:

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

7/supprime ce qui est en gras:

 

C:\prograpm files\VMN Toolbar<== tout le dossier

 

8/Relance Ewido et clique sur scanner puis sur scan complet du système.

 

Si des fichiers infectés sont trouvés, garde l'option par défaut Supprimer (avec la ligne "Créer des copies de sauvegarde cryptées dans la quarantaine" cochée), et coche "Effectuer cette action avec toutes les infections".

 

A la fin du scan, sauvegarde le rapport (Fichier/Enregistrer sous...) sur le Bureau.

 

9/redemarre en mode normal

 

10/poste le rapport d'ewido ainsi qu'un nouveau log hijackthis.

 

bon courage, et si tu as la moindre question n'hesite surtout pas

 

@+

Modifié le 6 juin 2006 par bruce lee

[Back]

Merci je ferai cela demain !!

[Back]

Alors voilà le rapport de scan ewido :

 

 

---------------------------------------------------------

ewido anti-malware - Rapport de scan

---------------------------------------------------------

 

+ Créé le: 11:26:48, 07/06/2006

+ Somme de contrôle: E98C93FE

 

+ Résultats du scan:

 

HKLM\SOFTWARE\Classes\YSBactivex.Installer.1 -> Adware.YourSiteBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\SearchUpgrader -> Adware.KeenValue : Nettoyer et sauvegarder

HKLM\SOFTWARE\SearchUpgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} -> Adware.KeenValue : Nettoyer et sauvegarder

:mozilla.16:C:\Documents and Settings\Koopman's\Application Data\Mozilla\Firefox\Profiles\ukyjgy5a.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder

:mozilla.17:C:\Documents and Settings\Koopman's\Application Data\Mozilla\Firefox\Profiles\ukyjgy5a.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder

:mozilla.18:C:\Documents and Settings\Koopman's\Application Data\Mozilla\Firefox\Profiles\ukyjgy5a.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder

:mozilla.26:C:\Documents and Settings\Koopman's\Application Data\Mozilla\Firefox\Profiles\ukyjgy5a.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder

:mozilla.27:C:\Documents and Settings\Koopman's\Application Data\Mozilla\Firefox\Profiles\ukyjgy5a.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder

:mozilla.28:C:\Documents and Settings\Koopman's\Application Data\Mozilla\Firefox\Profiles\ukyjgy5a.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder

:mozilla.29:C:\Documents and Settings\Koopman's\Application Data\Mozilla\Firefox\Profiles\ukyjgy5a.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@advertising[2].txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Cookies\koopman's@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder

C:\Documents and Settings\Koopman's\Local Settings\Temp\uninstall.exe -> Adware.VMN : Nettoyer et sauvegarder

 

 

::Fin du rapport

 

 

...et le rapport Hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 11:31:09, on 07/06/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Koopman's\Mes documents\famille koopman\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe

O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

 

Le problème revient toujours...

Modifié le 7 juin 2006 par Back

[bruce lee]

bonjour,

 

peux tu poster un rapport hijackthis en mode normal s'il te plait.

 

et telecharge:

 

1/ silent runners http://www.silentrunners.org/Silent%20Runners.vbs

 

2/déconnecte toi du net et ferme toutes les applications en cours.

 

3/lance silent runners laisse le travailler quand il aura finit de scanner tu en sauras averti par un message et un nouveau fichier texte sera crée ouvre ce fichier texte et colle la totalité du rapport.

[Back]

Le rapport HijacThis :

 

Logfile of HijackThis v1.99.1

Scan saved at 18:22:50, on 07/06/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE

C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe

C:\Program Files\Securitoo\av_fw\fswsclds.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE

C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE

C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE

C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Koopman's\Mes documents\famille koopman\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0C16BB51-720D-45E1-A9CB-5B34EDFFD87D}: NameServer = 80.10.246.130 80.10.246.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{0C16BB51-720D-45E1-A9CB-5B34EDFFD87D}: NameServer = 80.10.246.130 80.10.246.3

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe

O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

L'autre rapport :

 

 

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"PowerBar" = (empty string)

"Steam" = "C:\Program Files\Valve\Steam\Steam.exe -silent" ["Valve Corporation"]

"a-squared" = ""C:\Program Files\a2\a2guard.exe"" [file not found]

"WOOKIT" = "C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe" ["France Télécom R&D"]

"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SchedulingAgent" = "mstinit.exe /firstlogon" [MS]

"farstone" = (empty string)

"RestoreIT!" = ""C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart" ["FarStone Tech. Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"Raccourci vers la page des propriétés de High Definition Audio" = "HDAudPropShortcut.exe" ["Windows ® Server 2003 DDK provider"]

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"fenaffiche" = "C:\Program Files\FenAffiche\Fenpowernet.exe" [null data]

"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]

"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" [null data]

"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]

"LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" ["Logitech Inc."]

"LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]

"LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"F-Secure Manager" = ""C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]

"F-Secure TNB" = ""C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL" ["F-Secure Corporation"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"

-> {HKLM...CLSID} = "Logitech Gallery"

\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Koopman's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

 

 

Startup items in "Koopman's" & "All Users" startup folders:

-----------------------------------------------------------

 

C:\Documents and Settings\Koopman's\Menu Démarrer\Programmes\Démarrage

"OpenOffice.org 2.0" -> shortcut to: "C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe" [null data]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

 

 

Enabled Scheduled Tasks:

------------------------

 

"A8548B8A903B08F2" -> launches: "c:\docume~1\koopma~1\applic~1\baitmo~1\sect iso curb.exe" [file not found]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

Explorer Bars

 

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKCU\Software\Microsoft\Internet Explorer\Extensions\

{1462651F-F4BA-4C76-A001-C4284D0FE16E}\

"ButtonText" = "Wanadoo"

"Exec" = "http://www.wanadoo.fr" [file not found]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: START_PAGE_URL=http://www.unika.com

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 2 lines

 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

-> {HKLM...CLSID} = "Search Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]

Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."]

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

F-Secure Distributed Firewall Daemon, FSDFWD, ""C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe"" ["F-Secure Corporation"]

F-Secure Gatekeeper Handler Starter, F-Secure Gatekeeper Handler Starter, ""C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe"" ["F-Secure Corp."]

F-Secure Management Agent, FSMA, ""C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE"" ["F-Secure Corporation"]

F-Secure Windows Security Center Legacy Detection Service, Fswsclds, "C:\Program Files\Securitoo\av_fw\fswsclds.exe" ["F-Secure Corporation"]

fsbwsys, fsbwsys, ""C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe"" ["F-Secure Corp."]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

ScsiAccess, ScsiAccess, "C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe" [null data]

Securitoo AntiVirus Firewall, BackWeb Client - 1044199, "C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE" [null data]

StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor i350\Driver = "CNMLM53.DLL" ["CANON INC."]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 29 seconds, including 4 seconds for message boxes)

Modifié le 7 juin 2006 par Back

[bruce lee]

re,

 

le rapport montre que tu as lop sur ton PC.

 

1/télécharge lopremover

http://clairvoyant.p2pforum.it/tools/lopremover.zip

Dézippe le

 

2/ Redémarre en mode sans échec.

 

 

3/ affiche tous les fichiers:

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer la case : Afficher les fichiers et dossiers cachés

Désactiver la case : Masquer les extensions des fichiers dont le type est connu

Désactiver la case : Masquer les fichiers protégés du système d'exploitation

Puis Appliquer

 

4/ supprime ce qui est en gras:

 

c:\Documents and Settings\koopma~1\application data\ baitmo~1<== tout le dossier qui

commence par baitmo

 

5/ exécuter Lopremover

Tu le lances, tu inseres les chiffres dans la case,puis tu cliques sur UNINSTALL

Redémarrer

 

6/ redemarre en mode normal et repost un nouveau rapport de silent runners.

 

@+ et bon courage