Votre question

Marre de ce foutu virus!!!

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Juillet 2006 14:41:42

Je sais que j'ai déjà posté un topic pour mon problème mais là j'en ai vraiment ma claque de ce virus! Depuis plusieurs semaines il m'est impossible d'accéder à des sites tels que Yahoo , skyblog ou 01.net . J'ai déjà tout essayé pour m'en débarasser avec vos instructions ( ewido , scans , nouvel antivirus etc...) mais rien à faire ce virus ne veut pas partir.
AIDEZ-MOI SVP JE DESESPERE§!!!!!!

Autres pages sur : marre foutu virus

27 Juillet 2006 15:10:28

Bonjour,

Poste un rapport HijackThis.

Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Ensuite, lance le, appuie sur Do a system scan a save a logfile, et donne nous le résultat du scan

www.infos-du-net.com/telecharger/HijackThis.html
27 Juillet 2006 15:16:59

le voila :

Logfile of HijackThis v1.99.1
Scan saved at 15:17:07, on 27/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\Antivirus\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
G:\Program Files\NkbMonitor.exe
G:\CUE_Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qfr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/de...*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Reactivator - {AC2E8306-D24E-4082-8669-7781499F4E03} - C:\PROGRA~1\EVERYT~1.1\everycom.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Every Toolbar - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - C:\PROGRA~1\EVERYT~1.1\everycom.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "G:\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = G:\Program Files\NkbMonitor.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\Antivirus\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Contenus similaires
27 Juillet 2006 16:02:48

Re,

Ton rapport ne révéle rien de bien méchant, on va chercher ce qui va mal !

1/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qfr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

2/ Telecharge Spyware Terminator

http://www.spywareterminator.com/

Installe le dans son répertoire, met le a jour, lance le et poste le rapport en fin d'analyse

Regarde le Tutorial d’utilisation avant de t’en servir :

http://www.malekal.com/tutorial_SpywareTerminator.html

3/ Dans l’attente de ma futur réponse fais un scan en ligne chez Kaspersky

http://webscanner.kaspersky.fr/

Aide sur le scan :

http://support.kaspersky.fr/admin/u2Files/Image/webscan...

Sauvegarde puis colles le rapport en fin d'analyse.
27 Juillet 2006 16:15:43

Merci je vais essayer mais ca risque de prendre pas mal de temps , donc regarde régulièrement ce topic pour voir si j'ai posté et merci d'avance!!
27 Juillet 2006 20:20:46

CA NE MARCHE PAS , rien n'est résolu pour l'instant , masi voila quand meme le rapport:

Spyware Terminator Version: 1.5.0.718
Start time: 27/07/2006 16:41:32
System: Windows XP
User: Limited

Processes Scan
C:\WINDOWS\SYSTEM32\WINLOGON.EXE [Microsoft Corporation] C:\WINDOWS\SYSTEM32\ATI2EVXX.DLL [Empty],
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATOR.EXE [Crawler.com]
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE [Crawler.com]

Startup Scan

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"MsnMsgr" = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" [ Microsoft Corporation ]
"LDM" = "C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE" [ Logitech ]
"LogitechSoftwareUpdate" = "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" [ Logitech Inc. ]
"Skype" = "G:\PHONE\SKYPE.EXE" [ Empty ]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"hpsysdrv" = "C:\WINDOWS\SYSTEM\HPSYSDRV.EXE" [ Hewlett-Packard Company ]
"HotKeysCmds" = "C:\WINDOWS\SYSTEM32\HKCMD.EXE" [ Intel Corporation ]
"KBD" = "C:\HP\KBD\KBD.EXE" [ Hewlett-Packard Company ]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [ Empty ]
"NvCplDaemon" = "C:\WINDOWS\SYSTEM32\NVCPL.DLL" [ NVIDIA Corporation ]
"VTTimer" = "C:\WINDOWS\system32\VTTIMER.EXE" [ S3 Graphics, Inc. ]
"ATIModeChange" = "C:\WINDOWS\system32\ATI2MDXX.EXE" [ ATI Technologies, Inc. ]
"ATIPTA" = "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [ ATI Technologies, Inc. ]
"PS2" = "C:\WINDOWS\SYSTEM32\PS2.EXE" [ Hewlett-Packard Company ]
"NvMediaCenter" = "C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL" [ NVIDIA Corporation ]
"LVCOMSX" = "C:\WINDOWS\SYSTEM32\LVCOMSX.EXE" [ Logitech Inc. ]
"LogitechVideoRepair" = "C:\PROGRAM FILES\LOGITECH\VIDEO\ISSTART.EXE" [ Logitech Inc. ]
"LogitechVideoTray" = "C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE" [ Logitech Inc. ]
"iTunesHelper" = "C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE" [ Apple Computer, Inc. ]
"avast!" = "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [ Empty ]
"SpywareTerminator" = "C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE" [ Crawler.com ]

Toolbars Scan
Every Toolbar {A20A76AD-7A29-4756-87FE-70C334CB40C0} C:\Program Files\Every Toolbar 1.1\everycom.dll [Every Toolbar]
&Google {2318C2B1-4965-11d4-9B18-009027A5CD4F} C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL [Google Inc.]

Explorer Bars Scan
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [file not found]
Shell Search Band {21569614-B795-46B1-85F4-E737A8DC09AD} C:\WINDOWS\SYSTEM32\BROWSEUI.DLL [Microsoft Corporation]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [file not found]
{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} [file not found]

BHO Scan
AcroIEHlprObj Class {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL [Adobe Systems Incorporated]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited]
SSVHelper Class {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL [Sun Microsystems, Inc.]
Google Toolbar Helper {AA58ED58-01DD-4d91-8333-CF10577473F7} C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL [Google Inc.]
Reactivator Class {AC2E8306-D24E-4082-8669-7781499F4E03} C:\Program Files\Every Toolbar 1.1\everycom.dll [Every Toolbar]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [file not found]
Shell Search Band {21569614-B795-46B1-85F4-E737A8DC09AD} C:\WINDOWS\SYSTEM32\BROWSEUI.DLL [Microsoft Corporation]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [file not found]
{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} [file not found]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [file not found]
{FB5F1910-F110-11d2-BB9E-00C04F795683} [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Extension Affichage Panorama du Panneau de configuration (deskpan.dll) [file not found]
{88895560-9AA2-1069-930E-00AA0030EBC8} = Extension icône HyperTerminal (C:\WINDOWS\SYSTEM32\HTICONS.DLL) [Hilgraeve, Inc.]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Barre des tâches et menu Démarrer () [file not found]
{32683183-48a0-441b-a342-7c2a440a9478} = Media Band () [file not found]
{7A9D77BD-5403-11d2-8785-2E0420524153} = Comptes d'utilisateurs () [file not found]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = SampleView (C:\WINDOWS\SYSTEM32\SHELLVRTF.DLL) [XSS]
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer (C:\WINDOWS\SYSTEM32\NVSHELL.DLL) [NVIDIA Corporation]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu (C:\WINDOWS\SYSTEM32\NVSHELL.DLL) [NVIDIA Corporation]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOHEV.DLL) [Microsoft Corporation]
{BB7DF450-F119-11CD-8465-00AA00425D90} = Microsoft Access Custom Icon Handler (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\SOA800.DLL) [Microsoft Corporation]
{59850401-6664-101B-B21C-00AA004BA90B} = Séparateur du Classeur Microsoft Office (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\UNBIND.DLL) [Microsoft Corporation]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OLKFSTUB.DLL) [Microsoft Corporation]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension (C:\PROGRAM FILES\WINRAR\RAREXT.DLL) [Empty]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes (C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.DLL) [Apple Computer, Inc.]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu (C:\WINDOWS\SYSTEM32\NVSHELL.DLL) [NVIDIA Corporation]
{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class (C:\WINDOWS\SYSTEM32\NVCPL.DLL) [NVIDIA Corporation]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper (C:\WINDOWS\SYSTEM32\NVCPL.DLL) [NVIDIA Corporation]
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} = My Logitech Pictures (C:\PROGRAM FILES\LOGITECH\VIDEO\NAMESPC2.DLL) [Logitech Inc.]
{21569614-B795-46b1-85F4-E737A8DC09AD} = Shell Search Band (C:\WINDOWS\SYSTEM32\BROWSEUI.DLL) [Microsoft Corporation]
{472083B0-C522-11CF-8763-00608CC02F24} = avast (C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSHELL.DLL) [ALWIL Software]
{640167b4-59b0-47a6-b335-a6b3c0695aea} = Portable Media Devices (C:\WINDOWS\SYSTEM32\AUDIODEV.DLL) [Microsoft Corporation]
{35786D3C-B075-49b9-88DD-029876E11C01} = Portable Devices (C:\WINDOWS\SYSTEM32\WPDSHEXT.DLL) [Microsoft Corporation]
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} = Portable Devices Menu (C:\WINDOWS\SYSTEM32\WPDSHEXT.DLL) [Microsoft Corporation]

Winlogon Notify Scan
AtiExtEvent = Ati2evxx.dll (C:\WINDOWS\system32\ATI2EVXX.DLL) [Empty]
igfxcui = igfxsrvc.dll (C:\WINDOWS\system32\IGFXSRVC.DLL) [Intel Corporation]
WgaLogon = WgaLogon.dll (C:\WINDOWS\system32\WGALOGON.DLL) [Microsoft Corporation]

Services Scan
"ALCXSENS" = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXSENS.SYS [Sensaura Ltd]
"ALCXWDM" = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS [Realtek Semiconductor Corp.]
"aswUpdSv" = C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE [Empty]
"Ati HotKey Poller" = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE [Empty]
"ati2mtag" = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS [ATI Technologies Inc.]
"avast! Antivirus" = C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE [Empty]
"avast! Mail Scanner" = C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE [ALWIL Software]
"avast! Web Scanner" = C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE [ALWIL Software]
"dmboot" = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS [Microsoft Corp., Veritas Software]
"dmio" = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS [Microsoft Corp., Veritas Software]
"dmload" = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS [Microsoft Corp., Veritas Software.]
"EL90XBC" = C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS [3Com Corporation]
"ewido anti-spyware 4.0 driver" = G:\ANTIVIRUS\EWIDO ANTI-SPYWARE 4.0\GUARD.SYS [Empty]
"ewido anti-spyware 4.0 guard" = G:\ANTIVIRUS\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE [Anti-Malware Development a.s.]
"fbxusb" = C:\WINDOWS\SYSTEM32\DRIVERS\FBXUSB.SYS [FreeBox SA]
"GEARAspiWDM" = C:\WINDOWS\SYSTEM32\DRIVERS\GEARASPIWDM.SYS [GEAR Software Inc.]
"HPZid412" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZID412.SYS [HP]
"HPZipr12" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZIPR12.SYS [HP]
"HPZius12" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZIUS12.SYS [HP]
"HSFHWBS2" = C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.SYS [Conexant Systems, Inc.]
"HSF_DP" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.SYS [Conexant Systems, Inc.]
"htape" = C:\Documents and Settings\Propriétaire\Local Settings\Temp\htape.sys [Empty]
"ialm" = C:\WINDOWS\SYSTEM32\DRIVERS\IALMNT5.SYS [Intel Corporation]
"IDriverT" = C:\PROGRAM FILES\FICHIERS COMMUNS\INSTALLSHIELD\DRIVER\11\INTEL 32\IDRIVERT.EXE [Macrovision Corporation]
"iPodService" = C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE [Apple Computer, Inc.]
"lac97inf" = C:\Documents and Settings\Propriétaire\Local Settings\Temp\lac97inf.sys [Empty]
"LVUSBSta" = C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSTA.SYS [Logitech Inc.]
"mdmxsdk" = C:\WINDOWS\SYSTEM32\DRIVERS\MDMXSDK.SYS [Conexant]
"nv" = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS [NVIDIA Corporation]
"NVENET" = C:\WINDOWS\SYSTEM32\DRIVERS\NVENET.SYS [NVIDIA Corporation]
"NVSvc" = C:\WINDOWS\SYSTEM32\NVSVC32.EXE [NVIDIA Corporation]
"nv_agp" = C:\WINDOWS\SYSTEM32\DRIVERS\NV_AGP.SYS [NVIDIA Corporation]
"PenClass" = C:\WINDOWS\SYSTEM32\DRIVERS\PENCLASS.SYS [Wacom Technology Corporation]
"pepifilter" = C:\WINDOWS\SYSTEM32\DRIVERS\LV302AF.SYS [Logitech Inc.]
"PID_08A0" = C:\WINDOWS\SYSTEM32\DRIVERS\LV302AV.SYS [Logitech Inc.]
"Pml Driver HPZ12" = C:\WINDOWS\SYSTEM32\HPZIPM12.EXE [HP]
"prodrv06" = C:\WINDOWS\SYSTEM32\DRIVERS\PRODRV06.SYS [Protection Technology]
"prohlp02" = C:\WINDOWS\SYSTEM32\DRIVERS\PROHLP02.SYS [Protection Technology]
"prosync1" = C:\WINDOWS\SYSTEM32\DRIVERS\PROSYNC1.SYS [Protection Technology]
"Ps2" = C:\WINDOWS\SYSTEM32\DRIVERS\PS2.SYS [Hewlett-Packard Company]
"Ptilink" = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS [Parallel Technologies, Inc.]
"PxHelp20" = C:\WINDOWS\SYSTEM32\DRIVERS\PXHELP20.SYS [Sonic Solutions]
"RT25USBAP" = C:\WINDOWS\SYSTEM32\DRIVERS\RT25USBAP.SYS [Ralink Technology Inc.]
"rtl8139" = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS [Realtek Semiconductor Corporation]
"Secdrv" = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS [Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.]
"sfdrv01" = C:\WINDOWS\SYSTEM32\DRIVERS\SFDRV01.SYS [Protection Technology]
"sfhlp01" = C:\WINDOWS\SYSTEM32\DRIVERS\SFHLP01.SYS [Protection Technology]
"sfhlp02" = C:\WINDOWS\SYSTEM32\DRIVERS\SFHLP02.SYS [Protection Technology]
"sfsync02" = C:\WINDOWS\SYSTEM32\DRIVERS\SFSYNC02.SYS [Protection Technology]
"sfvfs02" = C:\WINDOWS\SYSTEM32\DRIVERS\SFVFS02.SYS [Protection Technology]
"SiS315" = C:\WINDOWS\SYSTEM32\DRIVERS\SISGRP.SYS [Silicon Integrated Systems Corporation]
"SISAGP" = C:\WINDOWS\SYSTEM32\DRIVERS\SISAGPX.SYS [Silicon Integrated Systems Corporation]
"SiSkp" = C:\WINDOWS\SYSTEM32\DRIVERS\SRVKP.SYS [Silicon Integrated Systems Corporation]
"sp_rsdrv2" = C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYWARE TERMINATOR\SP_RSDRV2.SYS [Empty]
"Symantec Core LC" = C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE [Symantec Corporation]
"symlcbrd" = C:\WINDOWS\SYSTEM32\DRIVERS\SYMLCBRD.SYS [Symantec Corporation]
"TabletService" = C:\WINDOWS\SYSTEM32\TABLET.EXE [Wacom Technology, Corp.]
"Vcs" = C:\WINDOWS\SYSTEM32\DRIVERS\VCS.SYS [Empty]
"viaagp1" = C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP1.SYS [VIA Technologies, Inc.]
"viagfx" = C:\WINDOWS\SYSTEM32\DRIVERS\VTMINI.SYS [Copyright (C) VIA/S3 Graphics, Inc.]
"winachsf" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.SYS [Conexant Systems, Inc.]
"{6080A529-897E-4629-A488-ABA0C29B635E}" = C:\WINDOWS\SYSTEM32\DRIVERS\IALMSBW.SYS [Intel Corporation]
"{D31A0762-0CEB-444e-ACFF-B049A1F6FE91}" = C:\WINDOWS\SYSTEM32\DRIVERS\IALMKCHW.SYS [Intel Corporation]

Protocol Filters Scan
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (C:\WINDOWS\SYSTEM32\URLMON.DLL) [Microsoft Corporation]

Hosts Scan
LOCALHOST mapping = 1

IE Scan
IERESET.INF missing Signature="$CHICAGO$"
IERESET.INF missing AdvancedINF=2.5,"You need a new version of advpack.dll"
IERESET.INF missing AddReg=RestoreHomePage.reg
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Start Page",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Page_URL",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Search_URL",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","1",0,"www.%s.com"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","2",0,"www.%s.org"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","3",0,"www.%s.net"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","4",0,"www.%s.edu"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\SearchUrl","Provider",0,""
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","SearchAssistant",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"
IERESET.INF missing SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
IERESET.INF missing AddReg=RestoreBrowserSettings.reg
IERESET.INF missing DelReg=DeleteTemplates.reg or DelReg=DeleteTemplates.reg, DeleteAutosearch.reg
IERESET.INF missing START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..." or START_PAGE_URL="http://www.msn.com"
IERESET.INF missing SAFESITE_VALUE="http://home.microsoft.com/" or SAFESITE_VALUE="ie.search.msn.com"
IERESET.INF missing MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..." or MS_START_PAGE_URL="http://www.msn.com"
URLSearchHook = () [file not found] HIJACK WARNING!
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS