Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
1894 connectés 

  FORUM HardWare.fr
  Windows & Software
  Sécurité

  [problème]Redirection forcée sur des moteurs de recherches

 


 Mot :   Pseudo :  
 
Bas de page
Auteur Sujet :

[problème]Redirection forcée sur des moteurs de recherches

n°2373767
Kurushii
Posté le 03-04-2006 à 17:49:29  profilanswer
 

Voilà, il arrive quelquechose de bizarre sur mon PC.
 
En fait, sous IE/Firefox, quand je clique sur un lien, je me retrouve parfois sur une page rien à voir...
Par exemple, maintenant, sur le forum hardware.fr, le mot software est apparu en plus petit, j'ai cliqué dessus et je suis tombé sur ça:
http://www.shopzilla.com/7Y_-_cat_ [...] __sfsk--0.
 
Plus grave, j'ouvre la page web qui me permet d'accéder à ma boîte email, je tape mon code et login, j'entre ... et je tombe sur un moteur de recherche inconnu qui m'affiche les résultats pour https ...
 
J'ai bien conscience qu'il y a quelquechose sur mon disque qui fait ça, mais je sais pas où chercher...


Message édité par Kurushii le 04-04-2006 à 14:15:51
mood
Publicité
Posté le 03-04-2006 à 17:49:29  profilanswer
 

n°2373781
Kurushii
Posté le 03-04-2006 à 17:58:08  profilanswer
 

J'ai entré symantec sur google et je suis tombé sur ça...
http://www.winantiviruspro.com/pag [...] d=symantec

n°2373786
arock94
Posté le 03-04-2006 à 18:05:09  profilanswer
 
n°2373795
Kurushii
Posté le 03-04-2006 à 18:13:14  profilanswer
 

Merci.
 
J'ai arovax Antipsyware sur mon PC ...
Et encore une autre bêtise du genre...
J'étais sur clubic, je regardais la fiche spy sweeper, je clique dessus, je tombe sur ça: http://oldhetaira.com/sweeper%20pr [...] =1&t=4&p=4
Je ressaye encore, je tombe sur ça: http://www.casinocaesar.com/


Message édité par Kurushii le 03-04-2006 à 18:13:43
n°2373808
Kurushii
Posté le 03-04-2006 à 18:25:40  profilanswer
 

Bon, trouvé le soft starter sur clubic (merci Arock94), il affiche tous les processus qui vont se lancer. Dans liste, il y avait ça:hgqhp.exe. Apparremment, c'est un trojan...

n°2373878
Kurushii
Posté le 03-04-2006 à 19:18:18  profilanswer
 

Arg, ce n'est pas terminé... j'ai fait une recherche sur internet, je suis tombé sur un programme pas mal qui m'a trouvé 43 malware (arovax ne trouvait rien ...). Je reboote, je fais une recherche sur hgqhp.exe dans la barre google, je tombe sur ça: http://search.globofind.com/search.php?q=hgqhp.exe je suis mal...

n°2374097
darren
bing blang blaow
Posté le 03-04-2006 à 23:03:43  profilanswer
 

Secuser --> Scan en ligne
 
CWshredder --> A essayer aussi

n°2374118
acrobaze
Posté le 03-04-2006 à 23:15:22  profilanswer
 

Télécharger "HijackThis" 1.99.1 sur:
 
http://www.spywareinfo.com/~merijn/downloads.html
 
-Le poser dans un dossier spécialement créé pour lui (par exemple:
C:\HijackThis ).
-Le lancer -> "Scan" -> "Save log"
-Récupérer ce log/texte avec le bloc notes.
-Le copier/coller ici, dans une réponse,sans rien faire d'autre.

n°2374247
Kurushii
Posté le 04-04-2006 à 08:56:58  profilanswer
 

Logfile of HijackThis v1.99.1
Scan saved at 2:16:27 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\PostgreSQL\8.1\bin\postmaster.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\new\propreté\hijackthis\HijackThis.exe
 
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C8F21DFE-B35C-4274-82EC-1E072D09025E} - C:\WINDOWS\system32\winbrume.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 2193073968
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ [...] hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{320E481F-73CF-4675-89C2-201E62C7DE60}: NameServer = 85.255.115.43,85.255.112.127
O17 - HKLM\System\CCS\Services\Tcpip\..\{991E6574-779F-4FB9-970F-D5298AB96016}: NameServer = 85.255.115.43,85.255.112.127
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - Unknown owner - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe" runservice -N "pgsql-8.1" -D "C:\Program Files\PostgreSQL\8.1\data\ (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 


Message édité par Kurushii le 04-04-2006 à 14:16:44
n°2374894
acrobaze
Posté le 04-04-2006 à 20:11:43  profilanswer
 

Ha ok. Tu as attrappé WareOut.
 
Ta ligne O17 te redirige vers :

Citation :

85.255.112.0 - 85.255.127.255
Inhoster hosting company
OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine  
 
 Andrei Kislizin
OOO Inhoster,
ul.Antonova 5, Kiev,
03186, Ukraine
+38 044 2404332


 
Bon, je n'ai pas traduit le fix, je te le poste en anglais, c'est simple à trduire :
 
download FixWareout from hereand save it to your Desktop. Doubleclick on Fixwareout.exe to extract the files and click Next and then Install. Make sure that "Run fixit" is checked and click Finish. The fix will begin, follow the prompts.
 
You will be asked to reboot your computer, please do so. Your system may take longer than usual to load but this is normal.
 
When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:
 
O17 - HKLM\System\CCS\Services\Tcpip\..\{320E481F-73CF-4675-89C2-201E62C7DE60}: NameServer = 85.255.115.43,85.255.112.127  
O17 - HKLM\System\CCS\Services\Tcpip\..\{991E6574-779F-4FB9-970F-D5298AB96016}: NameServer = 85.255.115.43,85.255.112.127  
 
 
Click Fix Checked. close HijackThis and click OK to proceed. At the end of the fix, you will need to restart your computer again.
 
Post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.
 
 
NB You must be online to run this utility (Tu dois êtrte connecté lorsque tu lances FixWareOut)
 
Si tu as un pb de connection après (c'est rare) :
go to Start -> Control Panel, and choose Network Connections. Rightclick on your default connection (usually Local Area Connection or Dial-up Connection if you are using Dial-up) and leftclick on Properties. Doubleclick on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.
 
------
 
En mm temps que C:\fixwareout\report.txt et  le nouvel HJT, j'aurai besoi aussi de ceci :
Télécharge  SilentRunners.vbs.
Lance-le et attends que le scan soit terminé. Il génère un log. Copie/Colle le avec les autres logs.
Si ton antivirus t'alerte, lance-le quand même bien sûr. C'est parce que c'est un script.
 
 

mood
Publicité
Posté le 04-04-2006 à 20:11:43  profilanswer
 

n°2374912
Kurushii
Posté le 04-04-2006 à 20:45:13  profilanswer
 

Voilà ce que j'obtiens comme log
 

Citation :

Logfile of HijackThis v1.99.1
Scan saved at 8:42:07 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\PostgreSQL\8.1\bin\postmaster.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HJT\HijackThis.exe
F:\new\propreté\hijackthis\HijackThis.exe
 
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C8F21DFE-B35C-4274-82EC-1E072D09025E} - C:\WINDOWS\system32\winbrume.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 2193073968
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.trendmicro.com/ [...] hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{320E481F-73CF-4675-89C2-201E62C7DE60}: NameServer = 85.255.115.43,85.255.112.127
O17 - HKLM\System\CCS\Services\Tcpip\..\{991E6574-779F-4FB9-970F-D5298AB96016}: NameServer = 85.255.115.43,85.255.112.127
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - Unknown owner - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe" runservice -N "pgsql-8.1" -D "C:\Program Files\PostgreSQL\8.1\data\ (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 


Citation :

 
Fixwareout ver 1.003
Last edited march/15/2006
Post this report in the forums please  
 
Reg Entries that were deleted  
...
 
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM  
...
 
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.  
 
»»»»» Search by size and names...  
 
»»»»» Misc files  
 
»»»»» Checking for older varients covered by the Rem3 tool


Citation :

"Silent Runners.vbs", revision 44, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SuperCopier2.exe" = "C:\Program Files\SuperCopier2\SuperCopier2.exe" ["SFX TEAM"]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" ["Kaspersky Lab"]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Google Toolbar Helper"
                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{C8F21DFE-B35C-4274-82EC-1E072D09025E}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\winbrume.dll" [null data]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {HKLM...CLSID} = "Display Panning CPL Extension"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
  -> {HKLM...CLSID} = "Universal Plug and Play Devices"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook File Icon Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
  -> {HKLM...CLSID} = "Shell Search Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
 
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
 
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
 
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
  -> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\LeechGet 2004\ShellExtension.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
  -> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\LeechGet 2004\ShellExtension.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
  -> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\LeechGet 2004\ShellExtension.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
 
 
Startup items in "Admin" & "All Users" startup folders:
-------------------------------------------------------
 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"ZoneAlarm" -> shortcut to: "C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe" ["Zone Labs Inc."]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 
Transport Service Providers
 
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
 
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
 
Explorer Bars
 
Dormant Explorer Bars in "View, Explorer Bar" menu
 
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"
 
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
 
 
HOSTS file
----------
 
C:\WINDOWS\System32\drivers\etc\HOSTS
 
maps: 6 domain names to IP addresses,
      1 of the IP addresses is *not* localhost!
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"]
kavsvc, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"" ["Kaspersky Lab"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
PostgreSQL Database Server 8.1, pgsql-8.1, ""C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe" runservice -N "pgsql-8.1" -D "C:\Program Files\PostgreSQL\8.1\data\"" ["PostgreSQL Global Development Group"]
RIP Listener, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}
Simple TCP/IP Services, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."]
VMware Authorization Service, VMAuthdService, "C:\Program Files\VMware\VMware Player\vmware-authd.exe" ["VMware, Inc."]
VMware DHCP Service, VMnetDHCP, "C:\WINDOWS\system32\vmnetdhcp.exe" ["VMware, Inc."]
VMware NAT Service, VMware NAT Service, "C:\WINDOWS\system32\vmnat.exe" ["VMware, Inc."]
VMware Virtual Mount Manager Extended, vmount2, ""C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"" ["VMware, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
 
 
Print Monitors:
---------------
 
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i860\Driver = "CNMLM56.DLL" ["CANON INC."]
Canon BJ Language Monitor i865\Driver = "CNMLM5m.DLL" ["CANON INC."]
LPR Port\Driver = "lprmon.dll" [MS]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
 
 
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 62 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 11 seconds.
---------- (total run time: 101 seconds)

n°2374945
acrobaze
Posté le 04-04-2006 à 21:18:44  profilanswer
 

Ok. Il reste qq détails comme cette valeur-ci :
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\  
"System" = (value not set)  
à nettoyer.
 
-------
 
Ouvre le bloc notes et copie/colle ce quote dans un nouveau texte. Enregistre-le sous. Appelle-le Fix.reg (N'oublie pas dans "Type", de choisir "Tous les fichiers", il doit avoir cette icône :http://www.stainlesssteel.or.kr/english/img/board/file_icon/reg.gif)
 

Citation :

REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


 
Puis double clique le fichier Fix.reg et autorise l'ajout des informations au registre.
 
---------
 
Lance HijackThis et coche :
 
O2 - BHO: (no name) - {C8F21DFE-B35C-4274-82EC-1E072D09025E} - C:\WINDOWS\system32\winbrume.dll  
 
Clique "Fix checked".
 
Mets à jour Ewido, redémarre en mode sans échec et lance un scan complet.
 
En principe, c'est terminé.
 

n°2374985
Kurushii
Posté le 04-04-2006 à 22:12:47  profilanswer
 

Merci beaucoup, il semble que je n'ai plus de problème.

n°2375057
acrobaze
Posté le 04-04-2006 à 23:15:03  profilanswer
 

Ok, parfait.
 
Si ce n'est pas toi qui a ajouté ceci au hosts :
 
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com  
 
lance HijackThis et fixe la ligne. Redémarre, relance HJT et vérifie qu'elle n'y est plus.
 
Je ne connais pas, mais l'IP est coréenne...
 
A + ! :)

n°2635143
vistapro
Posté le 07-02-2007 à 23:07:12  profilanswer
 

acrobaze a écrit :

Télécharger "HijackThis" 1.99.1 sur:
 
http://www.spywareinfo.com/~merijn/downloads.html
 
-Le poser dans un dossier spécialement créé pour lui (par exemple:
C:\HijackThis ).
-Le lancer -> "Scan" -> "Save log"
-Récupérer ce log/texte avec le bloc notes.
-Le copier/coller ici, dans une réponse,sans rien faire d'autre.


 
Logfile of HijackThis v1.99.1
Scan saved at 22:55:29, on 7/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\COMMON~1\naPrdMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\ALE~1.PT0\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fr.msn.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14BB4B53-CC33-4998-BCF3-A97E8EC306D6}: NameServer = 85.255.114.9,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F189F3A-6FA7-4994-B597-F3DEE5E07032}: NameServer = 85.255.114.9,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{759B1E66-C438-4062-BFB7-AAD0EA26924C}: NameServer = 85.255.114.9,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{96A4EF50-8F27-49C1-83A9-F1827959560A}: NameServer = 85.255.114.9,85.255.112.204
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.9 85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.9 85.255.112.204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 


---------------
Merci

Aller à :
Ajouter une réponse
  FORUM HardWare.fr
  Windows & Software
  Sécurité

  [problème]Redirection forcée sur des moteurs de recherches

 

Sujets relatifs
probleme liste Partage imprimanteProblème d'acces aux mails !
Problème installation Windows XP SP2Problème configuration Point d'accés
probleme resiliation Free... depuis 2004!Probleme attribution adresse IP
problème de connexion wifiProbleme de partition avec Partition Magic 8.0 !?
probleme avec lotusprobleme dns cegetel
Plus de sujets relatifs à : [problème]Redirection forcée sur des moteurs de recherches


Copyright © 1997-2022 Hardware.fr SARL (Signaler un contenu illicite / Données personnelles) / Groupe LDLC / Shop HFR