[instant access][magic control agent]Fermé

Question

Bonjour à tous, je suis embêtée!!!
D'abord, Spybot détecte à chaque fois Magic Control Agent, le supprime mais il revient toujours.
Ensuite Spybot détecte MFC Application, idem.
Après AOL spyware protection détecte Winfixer qui revient aussi.
Et enfin, Instant access revient toujours avec MSCLOCK32.DLL qu'AntiVir détecte à chaque démarrage...
Que faire? Je vous en supplie merci de m'aider, je n'y connais rien!
Merci de vous attarder sur mon cas...

Utilisateur anonyme · Answer

salut
télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

+

Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

Bon courage, a demain

A+

Quéquette · Answer

Salutatuions...
Je délire moi, je croyais avoir posté mes log mais non... enfin, j'espère sinon ça veut dire qu'ils vont y être 2 fois!

Logfile of HijackThis v1.99.1
Scan saved at 23:40:44, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\mailskinner\mailskinner.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Quentin\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://216.94.0.164/?DP=4126&AI=1114&RANDOM=9222548470433125080&MH=0&MW=0&TARGET=_blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1066.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_ASPIV4_XP.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120122256859
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {A1C392A2-B274-46DB-89BE-1FBD476B9C93} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1065_XP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab
O16 - DPF: {E19AB99F-AEC4-4B40-A5CA-F69D22522D77} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1065_ASPIV4_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{82BFF008-0B3A-42EB-B7EE-01EEE7ABD7C2}: NameServer = 205.188.146.145
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = (empty string)
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"Instant Access" = "rundll32.exe EGDACCESS_1066.dll,InstantAccess" [MS]
"MailSkinner" = "c:\program files\mailskinner\mailskinner.exe" [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Disk Monitor" = "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" ["Neodio Corp."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"AVSCHED32" = "C:\Program Files\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AOL Spyware Protection" = "C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [null data]
"knrdsouitv" = "c:\windows\system32\knrdsouitv.exe -start" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Quentin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Quentin" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Quentin\Menu Démarrer\Programmes\Démarrage
"wkcalrem" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe" ["Microsoft® Corporation"]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://GLOBAL.ACER.COM/
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 2 lines

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE" ["America Online, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 25 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 12 seconds.
---------- (total run time: 62 seconds)

Utilisateur anonyme · Answer

Bonjour,

Méthode à suivre dans l'ordre...

Dans ajout/suppr de programme, desinstalle:
mailskinner
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

1/

Spybot S&D 1.4 <<nouvelle version.
http://www.safer-networking.org/fr/index.html

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/

Ad-Aware SE 1.06 <<nouvelle version.
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf

3/Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

----------------------------------------------------------------------------
¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:

:: Supprimer les fichiers temporaires ::
vider tout le contenu de ces dossiers.

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://216.94.0.164/?DP=4126&AI=1114&RANDOM=9222548470433125080&MH=0&MW=0&TARGET =_blank

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1066.dll,InstantAccess

O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

O16 - DPF: {17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_ASPIV4_XP.cab

O16 - DPF: {A1C392A2-B274-46DB-89BE-1FBD476B9C93} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1065_XP.cab

O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab

O16 - DPF: {E19AB99F-AEC4-4B40-A5CA-F69D22522D77} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1065_ASPIV4_XP.cab

----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

c:\program files\mailskinner

------------------------------------------------------------------------
Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:

c:\windows\system32\knrdsouitv.exe -start

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
relance Hijackthis et copie/colle un nouveau rapport sur le forum + silent runner stp

Précise tes soucis s’il en reste....

Tiens-moi au courant

A+

Utilisateur anonyme · Answer

re
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O4 - HKLM\..\Run: [knrdsouitv] c:\windows\system32\knrdsouitv.exe -start

------------------------------------------------------------------------
Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:

c:\windows\system32\knrdsouitv.exe

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

****
Rend toi ici
demarer<poste de travail < c < programmes files < av personal < log files < NTGRDRT <-----copie colle tout ce qu il y a a l interieur

a tout de suite

Quéquette · Answer

Hu!
D'abord, j'ai pas trouvé
O4 - HKLM\..\Run: [knrdsouitv] c:\windows\system32\knrdsouitv.exe -start
donc je l'ai pas fixé!

Sinon voilà ce que tu m'a demandé:

10/10/2005,21:27:59 [INFO] Stop Filter Device.
10/10/2005,21:28:02 AVGuard service has been stopped!
10/10/2005,21:28:57 ---------------------------------------------------------
10/10/2005,21:28:57 [INIT] The AVGuard Service is starting.
10/10/2005,21:29:05 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
10/10/2005,21:29:06 [LOGON] Connection request by remote computer. Establishing secure communication channel.
10/10/2005,21:29:06 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa69ab.
10/10/2005,21:29:24 [INFO] Start Filter Device.
10/10/2005,21:29:24 AntiVirService Version: 6.31.00.01 AVE Version 6.32.0.6 VDF Version: 6.32.0.54
10/10/2005,21:29:24 AVGuard has been started successfully!
10/10/2005,21:29:26 [INFO] Stop Filter Device.
10/10/2005,22:28:01 [INFO] Stop Filter Device.
10/10/2005,22:28:05 AVGuard service has been stopped!
11/10/2005,10:53:52 ---------------------------------------------------------
11/10/2005,10:53:52 [INIT] The AVGuard Service is starting.
11/10/2005,10:54:02 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
11/10/2005,10:54:03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
11/10/2005,10:54:03 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1c51.
11/10/2005,10:54:26 [INFO] Start Filter Device.
11/10/2005,10:54:26 AntiVirService Version: 6.31.00.01 AVE Version 6.32.0.6 VDF Version: 6.32.0.54
11/10/2005,10:54:26 AVGuard has been started successfully!
11/10/2005,10:54:33 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
11/10/2005,10:57:50 [INFO] Stop Filter Device.
11/10/2005,10:57:42 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,10:54:33 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,10:54:33 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,10:54:32 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,10:54:32 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,10:54:32 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,10:54:32 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,10:54:29 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:13:50 [INFO] Start Filter Device.
11/10/2005,11:14:26 [INFO] Stop Filter Device.
11/10/2005,11:14:13 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:14:13 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:14:13 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
11/10/2005,11:14:12 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:14:12 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:14:12 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:14:12 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:14:12 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:14:46 [INFO] Start Filter Device.
11/10/2005,11:16:10 [INFO] Stop Filter Device.
11/10/2005,11:15:51 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:15:51 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:15:51 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
11/10/2005,11:15:51 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:15:51 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:15:50 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:15:50 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
11/10/2005,11:15:50 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:17:26 [INFO] Stop Filter Device.
11/10/2005,11:17:26 AVGuard service has been stopped!
11/10/2005,11:17:29 ---------------------------------------------------------
11/10/2005,11:17:29 [INIT] The AVGuard Service is starting.
11/10/2005,11:17:29 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
11/10/2005,11:17:30 [LOGON] Connection request by remote computer. Establishing secure communication channel.
11/10/2005,11:17:30 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaabc840c.
11/10/2005,11:17:30 [INFO] Start Filter Device.
11/10/2005,11:17:30 AntiVirService Version: 6.31.00.01 AVE Version 6.32.0.6 VDF Version: 6.32.0.73
11/10/2005,11:17:30 AVGuard has been started successfully!
11/10/2005,11:17:45 [INFO] Stop Filter Device.
11/10/2005,11:17:38 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:17:38 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:17:38 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:17:38 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:17:38 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:17:38 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:17:38 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:17:38 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,11:18:48 [INFO] Stop Filter Device.
11/10/2005,11:18:48 AVGuard service has been stopped!
11/10/2005,12:03:11 ---------------------------------------------------------
11/10/2005,12:03:11 [INIT] The AVGuard Service is starting.
11/10/2005,12:03:13 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
11/10/2005,12:03:13 [INFO] Start Filter Device.
11/10/2005,12:03:13 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.73
11/10/2005,12:03:14 AVGuard has been started successfully!
11/10/2005,12:03:17 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,12:06:49 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,12:08:23 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
11/10/2005,12:10:56 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
11/10/2005,12:18:16 ---------------------------------------------------------
11/10/2005,12:18:16 [INIT] The AVGuard Service is starting.
11/10/2005,12:18:17 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
11/10/2005,12:18:18 [LOGON] Connection request by remote computer. Establishing secure communication channel.
11/10/2005,12:18:18 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8a02f.
11/10/2005,12:18:40 [INFO] Start Filter Device.
11/10/2005,12:18:40 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.73
11/10/2005,12:18:40 AVGuard has been started successfully!
11/10/2005,12:18:43 [INFO] Stop Filter Device.
11/10/2005,14:09:00 [INFO] Start Filter Device.
11/10/2005,14:09:37 [INFO] Stop Filter Device.
11/10/2005,14:09:34 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,14:09:34 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,14:09:34 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,14:09:34 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,14:09:34 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,14:09:34 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,14:09:33 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,14:09:32 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,16:31:45 [INFO] Stop Filter Device.
11/10/2005,16:31:50 AVGuard service has been stopped!
11/10/2005,17:52:58 ---------------------------------------------------------
11/10/2005,17:52:58 [INIT] The AVGuard Service is starting.
11/10/2005,17:53:07 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
11/10/2005,17:53:08 [LOGON] Connection request by remote computer. Establishing secure communication channel.
11/10/2005,17:53:08 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1416.
11/10/2005,17:53:25 [INFO] Start Filter Device.
11/10/2005,17:53:25 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.73
11/10/2005,17:53:25 AVGuard has been started successfully!
11/10/2005,17:56:25 [INFO] Stop Filter Device.
11/10/2005,17:53:30 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,17:53:30 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,17:53:30 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,17:53:30 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,17:53:30 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,17:53:30 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,17:53:28 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,17:53:27 WARNING: Contains signature of the dial-up program DIAL/20992.A.2!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,20:30:33 [INFO] Stop Filter Device.
11/10/2005,20:30:40 AVGuard service has been stopped!
11/10/2005,20:53:11 ---------------------------------------------------------
11/10/2005,20:53:11 [INIT] The AVGuard Service is starting.
11/10/2005,20:53:21 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
11/10/2005,20:53:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
11/10/2005,20:53:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1c46.
11/10/2005,20:53:42 [INFO] Start Filter Device.
11/10/2005,20:53:42 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.73
11/10/2005,20:53:42 AVGuard has been started successfully!
11/10/2005,20:53:47 [INFO] Stop Filter Device.
11/10/2005,20:53:45 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,20:53:44 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,20:53:46 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
11/10/2005,21:38:37 [INFO] Stop Filter Device.
11/10/2005,21:38:39 AVGuard service has been stopped!
12/10/2005,12:26:30 ---------------------------------------------------------
12/10/2005,12:26:30 [INIT] The AVGuard Service is starting.
12/10/2005,12:26:38 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
12/10/2005,12:26:38 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/10/2005,12:26:39 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1f48.
12/10/2005,12:26:59 [INFO] Start Filter Device.
12/10/2005,12:26:59 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.73
12/10/2005,12:26:59 AVGuard has been started successfully!
12/10/2005,12:27:04 [INFO] Stop Filter Device.
12/10/2005,12:27:03 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,12:27:03 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,12:31:52 [INFO] Stop Filter Device.
12/10/2005,12:31:53 AVGuard service has been stopped!
12/10/2005,16:56:32 ---------------------------------------------------------
12/10/2005,16:56:32 [INIT] The AVGuard Service is starting.
12/10/2005,16:56:42 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
12/10/2005,16:56:43 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/10/2005,16:56:43 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1c46.
12/10/2005,16:56:59 [INFO] Start Filter Device.
12/10/2005,16:56:59 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.73
12/10/2005,16:56:59 AVGuard has been started successfully!
12/10/2005,16:57:15 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,17:00:30 [INFO] Stop Filter Device.
12/10/2005,17:00:26 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,16:57:15 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,16:57:15 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,16:57:14 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,16:57:14 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,16:57:14 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,16:57:14 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,16:57:11 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:12:28 [INFO] Start Filter Device.
12/10/2005,18:13:04 [INFO] Stop Filter Device.
12/10/2005,18:13:01 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:13:01 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:13:01 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:13:01 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:13:01 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:13:00 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:13:00 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:12:59 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:19:05 [INFO] Stop Filter Device.
12/10/2005,18:19:07 AVGuard service has been stopped!
12/10/2005,18:19:09 ---------------------------------------------------------
12/10/2005,18:19:09 [INIT] The AVGuard Service is starting.
12/10/2005,18:19:10 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
12/10/2005,18:19:10 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/10/2005,18:19:10 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaae69e97.
12/10/2005,18:19:11 [INFO] Start Filter Device.
12/10/2005,18:19:11 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.79
12/10/2005,18:19:11 AVGuard has been started successfully!
12/10/2005,18:19:37 [INFO] Stop Filter Device.
12/10/2005,18:19:34 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:19:34 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:19:34 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:19:33 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:19:33 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:19:33 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:19:33 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,18:19:33 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:20:52 [INFO] Stop Filter Device.
12/10/2005,20:20:58 AVGuard service has been stopped!
12/10/2005,20:22:02 ---------------------------------------------------------
12/10/2005,20:22:02 [INIT] The AVGuard Service is starting.
12/10/2005,20:22:13 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
12/10/2005,20:22:13 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/10/2005,20:22:13 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa6d3f.
12/10/2005,20:22:35 [INFO] Start Filter Device.
12/10/2005,20:22:35 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.79
12/10/2005,20:22:35 AVGuard has been started successfully!
12/10/2005,20:22:55 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:22:55 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:28:52 [INFO] Stop Filter Device.
12/10/2005,20:28:06 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:28:04 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:22:55 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:22:54 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:22:54 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:22:54 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:22:54 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:22:41 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:35:09 [INFO] Stop Filter Device.
12/10/2005,20:35:13 AVGuard service has been stopped!
12/10/2005,20:36:09 ---------------------------------------------------------
12/10/2005,20:36:09 [INIT] The AVGuard Service is starting.
12/10/2005,20:36:21 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
12/10/2005,20:36:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/10/2005,20:36:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa6185.
12/10/2005,20:36:47 [INFO] Start Filter Device.
12/10/2005,20:36:47 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.79
12/10/2005,20:36:47 AVGuard has been started successfully!
12/10/2005,20:36:54 [INFO] Stop Filter Device.
12/10/2005,20:39:30 [INFO] Start Filter Device.
12/10/2005,20:39:36 [INFO] Stop Filter Device.
12/10/2005,20:42:22 [INFO] Stop Filter Device.
12/10/2005,20:42:25 AVGuard service has been stopped!
12/10/2005,20:43:26 ---------------------------------------------------------
12/10/2005,20:43:26 [INIT] The AVGuard Service is starting.
12/10/2005,20:43:37 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
12/10/2005,20:43:38 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/10/2005,20:43:38 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa658d.
12/10/2005,20:43:54 [INFO] Start Filter Device.
12/10/2005,20:43:54 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.79
12/10/2005,20:43:54 AVGuard has been started successfully!
12/10/2005,20:44:09 [INFO] Stop Filter Device.
12/10/2005,20:44:07 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:44:07 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:44:07 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:44:07 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:44:06 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:44:06 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:44:06 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,20:44:04 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
12/10/2005,21:00:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/10/2005,21:00:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaabac039.
12/10/2005,21:03:46 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/10/2005,21:03:46 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaab995b5.
12/10/2005,22:26:33 [INFO] Stop Filter Device.
12/10/2005,22:26:36 AVGuard service has been stopped!
12/10/2005,22:27:30 ---------------------------------------------------------
12/10/2005,22:27:30 [INIT] The AVGuard Service is starting.
12/10/2005,22:27:40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
12/10/2005,22:27:40 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/10/2005,22:27:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa04eb.
12/10/2005,22:27:57 [INFO] Start Filter Device.
12/10/2005,22:27:57 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.79
12/10/2005,22:27:57 AVGuard has been started successfully!
12/10/2005,22:28:05 [INFO] Stop Filter Device.
12/10/2005,22:28:04 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
12/10/2005,22:28:04 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
12/10/2005,22:28:04 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
12/10/2005,22:28:04 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
12/10/2005,22:28:03 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
12/10/2005,22:27:59 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
12/10/2005,23:50:30 [INFO] Stop Filter Device.
12/10/2005,23:50:33 AVGuard service has been stopped!
13/10/2005,17:21:52 ---------------------------------------------------------
13/10/2005,17:21:52 [INIT] The AVGuard Service is starting.
13/10/2005,17:22:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
13/10/2005,17:22:05 [LOGON] Connection request by remote computer. Establishing secure communication channel.
13/10/2005,17:22:05 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa190a.
13/10/2005,17:22:25 [INFO] Start Filter Device.
13/10/2005,17:22:25 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.79
13/10/2005,17:22:25 AVGuard has been started successfully!
13/10/2005,17:22:29 [INFO] Stop Filter Device.
13/10/2005,17:23:00 [INFO] Start Filter Device.
13/10/2005,17:23:25 [INFO] Stop Filter Device.
13/10/2005,17:23:23 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,17:23:23 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,17:23:23 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
File has been moved to quarantine directory!
13/10/2005,17:23:23 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
13/10/2005,17:23:23 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
13/10/2005,17:23:23 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
13/10/2005,17:23:22 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
13/10/2005,17:23:22 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to move the file to the quarantine directory:
0x00000002 - Le fichier spécifié est introuvable.
13/10/2005,18:33:27 [INFO] Stop Filter Device.
13/10/2005,18:33:31 AVGuard service has been stopped!
13/10/2005,18:34:23 ---------------------------------------------------------
13/10/2005,18:34:23 [INIT] The AVGuard Service is starting.
13/10/2005,18:34:27 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
13/10/2005,18:34:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
13/10/2005,18:34:29 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2d56.
13/10/2005,18:34:55 [INFO] Start Filter Device.
13/10/2005,18:34:55 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.79
13/10/2005,18:34:55 AVGuard has been started successfully!
13/10/2005,18:35:10 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,18:38:03 [INFO] Stop Filter Device.
13/10/2005,18:37:57 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,18:35:10 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,18:35:09 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,18:35:09 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,18:35:09 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,18:35:09 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,18:35:09 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,18:35:07 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,18:39:22 [INFO] Start Filter Device.
13/10/2005,18:39:45 [INFO] Stop Filter Device.
13/10/2005,18:39:41 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,18:39:41 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,18:39:41 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,18:39:41 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,18:39:41 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,18:39:41 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,18:39:41 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,18:39:41 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,19:27:03 [INFO] Stop Filter Device.
13/10/2005,19:27:05 AVGuard service has been stopped!
13/10/2005,19:27:56 ---------------------------------------------------------
13/10/2005,19:27:56 [INIT] The AVGuard Service is starting.
13/10/2005,19:28:05 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
13/10/2005,19:28:05 [LOGON] Connection request by remote computer. Establishing secure communication channel.
13/10/2005,19:28:05 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa30e6.
13/10/2005,19:28:23 [INFO] Start Filter Device.
13/10/2005,19:28:23 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.79
13/10/2005,19:28:23 AVGuard has been started successfully!
13/10/2005,19:28:36 [INFO] Stop Filter Device.
13/10/2005,19:28:32 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,19:28:31 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,19:28:30 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,19:28:29 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,19:28:29 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,19:28:28 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,19:28:28 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,19:28:25 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
Unable to delete the file:
0x00000005 - Accès refusé.
13/10/2005,19:46:21 [INFO] Stop Filter Device.
13/10/2005,19:46:24 AVGuard service has been stopped!
13/10/2005,19:47:14 ---------------------------------------------------------
13/10/2005,19:47:14 [INIT] The AVGuard Service is starting.
13/10/2005,19:47:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
13/10/2005,19:47:24 [LOGON] Connection request by remote computer. Establishing secure communication channel.
13/10/2005,19:47:25 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa346a.
13/10/2005,19:47:41 [INFO] Start Filter Device.
13/10/2005,19:47:41 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.6 VDF Version: 6.32.0.79
13/10/2005,19:47:41 AVGuard has been started successfully!
13/10/2005,19:47:51 [INFO] Stop Filter Device.
13/10/2005,19:47:46 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,19:47:45 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,19:47:45 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,19:47:45 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,19:47:45 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,19:47:45 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,19:47:45 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL
13/10/2005,19:47:42 WARNING: Contains signature of the dial-up program DIAL/302248!
C:\WINDOWS\SYSTEM32\MSCLOCK32.DLL

bonne lecture! à+

Utilisateur anonyme · Answer

salut quentin (on a le meme prenom lol)tu peux remettre un hijack this + silent runner?A+

Quéquette · Answer

Hu!
Là c Audrey(Quéquette) mais je partage ce PC avec Quentin(QQ) oui oui!
Bref...

Logfile of HijackThis v1.99.1
Scan saved at 20:12:02, on 13/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Quentin\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120122256859
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{82BFF008-0B3A-42EB-B7EE-01EEE7ABD7C2}: NameServer = 205.188.146.145
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = (empty string)
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Disk Monitor" = "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" ["Neodio Corp."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"AVSCHED32" = "C:\Program Files\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AOL Spyware Protection" = "C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [null data]
"knrdsouitv" = "c:\windows\system32\knrdsouitv.exe -start" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Quentin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Quentin" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Quentin\Menu Démarrer\Programmes\Démarrage
"wkcalrem" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe" ["Microsoft® Corporation"]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://GLOBAL.ACER.COM/
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 2 lines

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE" ["America Online, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 30 seconds, including 11 seconds for message boxes)

Qu'est-ce qui a hein hein?!

Utilisateur anonyme · Answer

re,

¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
***
Dis moi si tu le trouve:
c:\windows\system32\knrdsouitv.exe

et avec kill box tu le trouve aussi?

A+

Quéquette · Answer

Re-Hu!Non je le trouve pas, je te remets le log hijackthis si tu le vois... tu me dis!Logfile of HijackThis v1.99.1Scan saved at 20:34:42, on 13/10/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exeC:\Program Files\AVPersonal\AVSched32.EXEC:\Program Files\AVPersonal\AVGNT.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exeC:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEC:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\Program Files\AOL 9.0b\waol.exeC:\Program Files\AOL 9.0b\shellmon.exeC:\Program Files\Fichiers communs\Aol\aoltpspd.exeC:\PROGRA~1\WINZIP\winzip32.exeC:\Documents and Settings\Quentin\Local Settings\Temp\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar	oolbar.dllO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /minO4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /minO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0b\aoltray.exeO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exeO8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTMLO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar	oolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar	oolbar.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120122256859O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{82BFF008-0B3A-42EB-B7EE-01EEE7ABD7C2}: NameServer = 205.188.146.145O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXEO23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\aolserv.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

Utilisateur anonyme · Answer

Salut,
Essai ceci et dis moi si tu le vois:
http://www.01net.com/telecharger/windows/Utilitaire/cryptage_et_securite/fiches/23822.html

Démo d’utilisation ici (merci à Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demochaos.swf

A+

Quéquette · Answer

Hu!ouarfffff je le trouve pas!!!!

Utilisateur anonyme · Answer

re,dis moi, tu vas bien dans le systeme32, ici?c:\windows\system32\knrdsouitv.exe

Quéquette · Answer

Hu!Oui chef! je vais bien dans le system32 mais aucune trace du knr...

Utilisateur anonyme · Answer

re,

Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle: (ne le recherche pas avec l explorateur, copie colle le)

c:\windows\system32\knrdsouitv.exe -start

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

Une fois revenu, remet un rapport de silent runner

+
telecharge pfind new
http://www.bleepingcomputer.com/files/grinler/pfind-new.zip

dezippe le et lance pfind.bat
poste le rapport.

a+

jean38 · Answer

ON A GAGNE ... T'ai pas vu hier soir... lolJean

Quéquette · Answer

Ah! évolution!
J'ai redémarré mon PC pour voir si j'avais toujours mon soucis mais aucune alerte AntiVir pour l'instant, peut-être que c'est règlé???
Il faut quand même que je fasse les derniers trucs que tu m'as dit?

Utilisateur anonyme · Answer

salut
remet moi un hijack this +silent runner!

Jean ouiiiiiiiiiiiiii on a gagne, mais pas avec la maniere, quelle tristesse !!!! Je crois que je pourrais jouer en equipe de france a cote de govou, wiltord...arf, sacré entraineur qu on a la...

jean38 · Answer

a çà oui, bien d'accord avec toi pour l'entraineur, pour toi, fait gaffe à tes tibias..Ta secretaire favorite.Jean

Quéquette · Answer

Houhou ya du monde là!heu j'ai toujours Magic control Agent dans spybot...Logfile of HijackThis v1.99.1Scan saved at 21:45:43, on 13/10/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exeC:\Program Files\AVPersonal\AVSched32.EXEC:\Program Files\AVPersonal\AVGNT.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEC:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\Program Files\AOL 9.0b\waol.exeC:\Program Files\AOL 9.0b\shellmon.exeC:\Program Files\Fichiers communs\Aol\aoltpspd.exeC:\PROGRA~1\WINZIP\winzip32.exeC:\Documents and Settings\Quentin\Local Settings\Temp\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar	oolbar.dllO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /minO4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /minO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exeO4 - HKLM\..\Run: [knrdsouitv] c:\windows\system32\knrdsouitv.exe -startO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0b\aoltray.exeO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exeO8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTMLO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar	oolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar	oolbar.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120122256859O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{82BFF008-0B3A-42EB-B7EE-01EEE7ABD7C2}: NameServer = 205.188.146.145O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXEO23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\aolserv.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEAh j'ai trouvé La ligne knr... je l'ai fixé!

Utilisateur anonyme · Answer

un silent runner aussia demain, grrrr ptin de merde lol

Quéquette · Answer

Bonjour!Ce matin j'ai cherché c:\windows\system32\knrdsouitv.exe avec chaos shredder et j'ai trouvéc:\windows\system32\knrdsouitv.dat  et c:\windows\system32\knrdsouitv_nav.dat c:\windows\system32\knrdsouitv_navps.datc'est quoi?fo les enlever?voilà silent runner"Silent Runners.vbs", revision 41, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Steam" = (empty string)"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"Disk Monitor" = "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" ["Neodio Corp."]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]"AVSCHED32" = "C:\Program Files\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"]"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"AOL Spyware Protection" = "C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [null data]HKLM\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"                                        \StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Quentin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Startup items in "Quentin" & "All Users" startup folders:---------------------------------------------------------C:\Documents and Settings\Quentin\Menu Démarrer\Programmes\Démarrage"wkcalrem" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe" ["Microsoft® Corporation"]C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]Explorer BarsHKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Console Java (Sun)""CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]{4982D40A-C53B-4615-B15B-B5B5E98D167C}\"ButtonText" = "AOL Toolbar""MenuText" = "AOL Toolbar"{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\"ButtonText" = "Real.com"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://GLOBAL.ACER.COM/[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 2 linesRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------AntiVir Service, AntiVirService, ""C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE" ["America Online, Inc."]Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,  use the -supp parameter or answer "No" at the first message box.---------- (total run time: 42 seconds, including 4 seconds for message boxes)merci!!!

Utilisateur anonyme · Answer

ah enfin, je me disais que c etait pas possible tu les trouves pas...Relance hijack this, si tu as ca, fixe leO4 - HKLM\..\Run: [knrdsouitv] c:\windows\system32\knrdsouitv.exe -start et supprime:c:\windows\system32\knrdsouitv.exe c:\windows\system32\knrdsouitv.dat et c:\windows\system32\knrdsouitv_nav.dat c:\windows\system32\knrdsouitv_navps.dat Avec chaos shredder...A+

Quéquette · Answer

Coucou!D'solée de pas avoir répondu plus tôt...Bon, maintenant j'ai un gros problème, j'espère que j'ai pas supprimé un truc qui fallait pas parce que je ne peux plus lancer mes jeux... soit le pc ne fait rien, soit l'affichage bug et la souris n'appara^t pas. Voilà par exemple ce que me dit le jeux castle wolfenstein:ET 2.55 win-x86 May 27 2003----- FS_Startup -----Current search path:C:\PROGRA~1\WOLFEN~1\etmain\pak0.pk3 (3725 files)C:\PROGRA~1\WOLFEN~1\etmain\mp_bin.pk3 (4 files)C:\PROGRA~1\WOLFEN~1/etmain----------------------3729 files in pk3 filesexecing default.cfgcouldn't exec language.cfgcouldn't exec autoexec.cfgHunk_Clear: reset the hunk ok...detecting CPU, found AMD w/ 3DNow!Bypassing CD checks----- Client Initialization ---------- Initializing Renderer ---------------------------------------- Client Initialization Complete ---------- R_Init -----Initializing OpenGL subsystem...initializing QGL...calling LoadLibrary( 'C:\WINDOWS\system32\opengl32.dll' ): succeeded...setting mode 4: 800 600 FS...using desktop display depth of 32...calling CDS: ok...registered window class...created window@0,0 (800x600)Initializing OpenGL driver...getting DC: succeeded...GLW_ChoosePFD( 32, 24, 0 )...35 PFDs found...GLW_ChoosePFD failed...GLW_ChoosePFD( 32, 24, 0 )...35 PFDs found...GLW_ChoosePFD failed...failed to find an appropriate PIXELFORMAT...restoring display settings...WARNING: could not set the given mode (4)...setting mode 4: 800 600 FS...using colorsbits of 16...calling CDS: ok...created window@0,0 (800x600)Initializing OpenGL driver...getting DC: succeeded...GLW_ChoosePFD( 16, 16, 0 )...35 PFDs found...GLW_ChoosePFD failed...GLW_ChoosePFD( 16, 16, 0 )...35 PFDs found...GLW_ChoosePFD failed...failed to find an appropriate PIXELFORMAT...restoring display settings...WARNING: could not set the given mode (3)...shutting down QGL...unloading OpenGL DLL...assuming '3dfxvgl' is a standalone driver...initializing QGL...WARNING: missing Glide installation, assuming no 3Dfx available...shutting down QGL----- CL_Shutdown -----RE_Shutdown( 1 )-----------------------GLW_StartOpenGL() - could not load OpenGL subsystemPitié dis-moi que j'ai pas fait une connerie!Merci.

Utilisateur anonyme · Answer

salutt as essayer de le reinstaller?tes soucis en sont ou ?a+

Quéquette · Answer

HU!Non en fait j'ai cherché sur le forum tout ça et en fait j'ai réglé mon problème! je suis allée voir l'accélération matérielle je l'ai mis sur 'complète' et voilà, tout marche... je sais pas comment c'était configuré avant mais bon. J'ai supprimé les trucs que tu m'as dit avec chaos shredder, je pense que c'est bon maintenant, je vais passer tous les antispywares, anti-virus et autres pour voir s'il reste qqch et je te redirais...

Utilisateur anonyme · Answer

re,d accord, passe tout ca et dis moi si tout est regléa+

Quéquette · Answer

slute,il ya toujours aol spyware protection qui identifie winfixer comme un malware dangereux!Sinon c'est tout, merci beaucoup pour avoir passé du temps à régler mes soucis!

Utilisateur anonyme · Answer

saluttu le bloque et tu le supprime apres, et quand tu le relances tjr la?Sinon essai ceci si il reapparait apres blocage + suppressiontélécharge ceci Registry Search Tool http://www.billsway.com/vbspage/ decompresse le et tape ou colle winfixeret copie colle le resultat dans le bloc note et donne le nous -- a+

Quéquette · Answer

hu!Oui je le bloque et le supprime mais le lendemain il revient, même en désactivant la restauration système!Il est dangereux ce truc?à+

Utilisateur anonyme · Answer

fais le poste 32a+

pursang · Answer

Salut ! j' ai eu une grosse galere aussi avec ça...Impossible de le supprimer ! Enfin, plus maintenant ! telecharge un logiciel qui s' appel " spy sweeper" ( tu va trouver une version démo de 15 jours)Ce logiciel est tout simplement BALAISE !Voici le lien : http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/26411.htmlEn esperent t' avoir aidé...@+ S.Pursang

Nahnou · Answer

Bonjour!

J'ai eu le même probleme depuis que j'ai installé "Web Media Player", je l'ai desinstallé quelques minutes plutard mais j'ai continué à recevoir des pub intempestive, j'ai l'impression que dés que je faisais une recherche dans google le spyware me proposait des pages...s'était lassant à la fin!!!
j'ai essayé plein de programmes mais rien!! certains programmes (avg anti spyware ou Ashampoo antispyware arrivaient à detecter l'adware (PerfectNav/Magic Control...) mais apparement ils n'arrivaient pas à le supprimer (à la première tentative) à partir de la seconde tentative ils n'arrivaient plus à le detecter et donc pour eux mon pc était safe mais moi je continuais à avoir les pubs à la con!!! (sorry)

Je suis finalement tonbé sur la version beta de Blacklight que je ne connaissait pas du tout. Voici le lien: https://europe.f-secure.com/exclude/blacklight/blbeta.exe

trés simple d'utilisation, il permet de reperer les fichiers et processus cacher, puis on peut les renommer (il leur ajoute l'extension .ren) ce qui les rends innopérants (à manipuler avec précaution!!! donc bien lire l'aide)

Voilà j'espère que mon expérience pourra vous être utile!!!
Tout problème a sa solution 
Nahnou :-)

[instant access][magic control agent]

32 réponses

Discussions similaires

Newsletters