Trojan.Downloader.Win32.Adload.J + ...Fermé

Question

Bonjour à tous,

Après scan du disque dur avec BitDefender9 pro, voici le log que j'obtiens :
_____________________________________________________
C:\cur32.exe Suspect avec: Trojan.Downloader.Win32.Adload.J
C:\cur32.exe Copié
C:\Documents and Settings\Valérie\Local Settings\Temp\GLF6GLF6.EXE=>wise0008 Infecté avec: Trojan.Downloader.TSUpdate.J
C:\Documents and Settings\Valérie\Local Settings\Temp\GLF6GLF6.EXE=>wise0008 Effacé
C:\Documents and Settings\Valérie\Local Settings\Temp\GLF6GLF6.EXE Mise à jour impossible
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe=>wise0010 Infecté avec: Trojan.Downloader.Targetsaver.D
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe=>wise0010 Désinfection impossible
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe=>wise0010 Déplacement impossible
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe=>wise0011 Infecté avec: Trojan.Downloader.TSUpdate.K
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe=>wise0011 Effacé
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe Mise à jour impossible
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe=>wise0012 Infecté avec: Trojan.Downloader.TSUpdate.J
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe=>wise0012 Effacé
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe Mise à jour impossible
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe=>wise0013 Infecté avec: Trojan.Downloader.TSUpdate.L
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe=>wise0013 Effacé
C:\Documents and Settings\Valérie\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe Mise à jour impossible
C:\Documents and Settings\Valérie\Local Settings\Temporary Internet Files\Content.IE5\0N8VQ34D\113_dollarrevenue_4_0_3_9[1].exe=>wise0008 Infecté avec: Trojan.Downloader.TSUpdate.J
C:\Documents and Settings\Valérie\Local Settings\Temporary Internet Files\Content.IE5\0N8VQ34D\113_dollarrevenue_4_0_3_9[1].exe=>wise0008 Effacé
C:\Documents and Settings\Valérie\Local Settings\Temporary Internet Files\Content.IE5\0N8VQ34D\113_dollarrevenue_4_0_3_9[1].exe Mise à jour impossible
C:\Documents and Settings\Valérie\Local Settings\Temporary Internet Files\Content.IE5\E9KP4RGJ\cr[1].exe=>(RAR Sfx o)=>ss.exe Infecté avec: Trojan.LowZones.D
C:\Documents and Settings\Valérie\Local Settings\Temporary Internet Files\Content.IE5\E9KP4RGJ\cr[1].exe=>(RAR Sfx o)=>ss.exe Effacé
C:\Documents and Settings\Valérie\Local Settings\Temporary Internet Files\Content.IE5\E9KP4RGJ\cr[1].exe=>(RAR Sfx o) Mise à jour impossible
______________________________________________________

Quelqu'un voit comment m' y prendre, je n'arrive pas à me débarasser de deux des fichiers et il semble que ceux en font venir de nouveaux...

Merci d'avance de votre aide.

Wiseman.

Utilisateur anonyme · Answer

salut

supprime ceci
C:\cur32.exe

puis utilise ceci

Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34).
http://pageperso.aol.fr/balltrap34/democleanup.htm

et refais un scan

a+

Wise · Answer

Hello Regis,

Merci de ton aide !

1/ Je ne peux pas supprimer le C:\cur32.exe - raison : Impossible de supprimer cur 32 - impossible de lire à partir du fichier ou de la disquette source.

2/ Impossible de downloader quoi que ce soit - raison : Alerte de sécurité - Les paramètres de sécurité actuels ne vous permettent pas de télécharger ce fichier. (pare-feu désactivé).

Qu'en penses-tu ?

Wise.

Utilisateur anonyme · Answer

salut wise:

dans panneau de configuration< option internet <onglet securité, reglet < personnalisé le niveau et met le sur moyen

La tu peux telecharger !

pour le supprimer, fais le en mode sans echec
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
A+

Wise · Answer

Re,

J'ai pu télécharger l'utilitaire, le nettoyage est fait.

J'ai pu supprimer C:\cur32.exe en mode sans échec.

Scan avec bitdefender9 : rien à signaler.

Mais j'ai non-stop des fenêtres (pop-up) qui s'ouvrent alors que je ne suis pas en train de "surfer".

J'ai commencé le scanner avec adaware de lavasoft mais il s'arrête lors du scanning de :

En même temps, bitdefender réagit et annonce qu'il a détecté Trojan.Downloader.Win32.TSUpdate.L mais que celui-ci n'a pas infecté l'ordinateur.

(log dans bitdefender : Le fichier c:\system volume information\_restore{be63a541-798a-48c7-ab5a-14361c46e2aa}\rp10\a0012991.exe est infecté avec Trojan.Downloader.Tsupdate.L)

Lavasoft est alors bloqué.

Qu'en penses-tu ?

Encore merci de ton aide !

Wise.

incognito02 · Answer

Bonsoir,

Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider

redemarre ton pc et reactive là :
Clic droit sur poste de travail > propriétés > onglet restauration système
puis décocher "désactiver la restauration système".

c'est dans de système de restauration que le virus se trouve.

a+

Wise · Answer

Hello Incognito,

Merci de ta participation.

Je viens de rédemarrer après avoir désactiver la restauration.

J'imagine que je dois faire qqch avant de la réactiver, non ?

Lavasoft, bitdefender ?

Wise.

incognito02 · Answer

re,quand tu vois ceci : c:\system volume information\_restorec'est dans le fichier qui sert à la resto windows que se trouve le virus.tu peux passer un coup d'antivirus.Si tout est ok,  tu fais un nouveau point de restaurationpour cela tu clik sur demarrer/tous les programmes/accessoires/outil systeme/restauration systeme et tu suis la procedurea+

Utilisateur anonyme · Answer

juste pour infoc:\system volume information\_restore = restauration systeme = tout ce qu il y a dedans est inactif !Pour creer un point, suffit de la reactiver ...

Wise · Answer

Re tous les deux,

Je ne suis pas certain de suivre.

Je ne comprends pas pourquoi bitdefender ne voit plus rien lors du scanning en profondeur mais qu'il détecte qqch lorsque lavasoft fait son scanning...

Je réactive la restauration quand je suis certain que ce soit clean ?

Wise.

incognito02 · Answer

re,passe un coup d'adaware et dis nous où tu en es ?a+

Wise · Answer

Résultats de Adaware (qui a été jusqu'au bout cette fois):

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-706699826-1708537768-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-706699826-1708537768-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-706699826-1708537768-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-706699826-1708537768-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-706699826-1708537768-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:valérie@realmedia.com/
Expires : 1-01-2021 1:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:valérie@247realmedia.com/
Expires : 1-01-2021 1:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:valérie@atdmt.com/
Expires : 13-11-2010 1:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:valérie@www.smartadserver.com/
Expires : 27-11-2010
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 10

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Valérie\Local Settings\Temp\Cookies\valérie@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Valérie\Local Settings\Temp\Cookies\valérie@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Valérie\Local Settings\Temp\Cookies\valérie@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Valérie\Local Settings\Temp\Cookies\valérie@www.smartadserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\valérie@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\valérie@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\valérie@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\valérie@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : valérie@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\valérie@tradedoubler[2].txt

______________________________________________________

Il est à noter qu'après le clean-up complet, je n'ai que sur un site internet, celui de CCM...

Wise.

incognito02 · Answer

super !c'est tout clean !repasses un coup de Bitdefender pour plus de sureté mais à mon avis il n'y a plus de problème.tiens nous au courant.a+

-Wise- · Answer

Incognito,

Je relance un bitdefender (ca prend pas mal de temps sur ce vieux pc de ma soeur).

J'ai toujours des pop-ups assez fréquemment, sans être sous IE et quand je l'ouvre. D'où cela peut se lancer ?

incognito02 · Answer

bon, on va passer aux grandes manoeuvres :

télécharges HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

a+

-Wise- · Answer

OK. Je pense que ça vaut mieux de gratter un peu :-).

J'ai l'impression que c'est lié à la base de registre.

La plupart des pop-ups s'ouvre avec un premier intitulé avec une clé de registre avant de prendre un nom comme oas-centrale/realmedia etc...

Je finis le scan bitdefender et j'attaque le hijackthis...

A tt de suite ;-)

-Wise- · Answer

Regis, Inco,

Rien à signaler du côté de Bitdefender.

Voici le log Hikackthis :

Logfile of HijackThis v1.99.1
Scan saved at 22:46:14, on 14/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\RFA\rfagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1800searchonline.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\enj4l11q1.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
___________________________________________________

Qu'en pensez-vous ?

Wise.

-Wise- · Answer

Qqn ?
Puis-je envisager de fixer les lignes suivantes ?

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1800searchonline.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

Utilisateur anonyme · Answer

salutoui fixe les et remet un loga+

-Wise- · Answer

Re après quelques jours sans activité :-)

J'ai fixé les quelques lignes et voici mon nouveau log :

Logfile of HijackThis v1.99.1
Scan saved at 13:25:08, on 19/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\irrol5931.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Qu'en pensez-vous ?

Wise.

Utilisateur anonyme · Answer

salut
Télécharge l2mfix ici:

http://www.downloads.subratam.org/l2mfix.exe

Double clic sur l2mfix.exe pour lancer l'extraction
Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche entrée.
Le bloc note va s'ouvrir avec le résultat du scan.
Fais un copier coller du résultat ici.

a+

-Wise- · Answer

Hello Regis,Voici ta demande :______________________________________________________L2MFIX find log 1.04aThese are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL]"Asynchronous"=dword:00000000"DllName"="C:\WINDOWS\system32\irrol5931.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{4DBD8376-DA86-A974-ED57-C9028D0DCA0C}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia""{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚""{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement""{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers""{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents""{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo""{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse""{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft""{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement""{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es""{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport""{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder""{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}"="""{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9""{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\InprocServer32]@="C:\WINDOWS\system32\kgdca.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\InprocServer32]@="C:\WINDOWS\system32\agmparse.dll""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\   agmparse.dll   Mon 14 Nov 2005  18:38:48   ..S.R        235.707   230,18 K   browseui.dll   Sat  3 Sep 2005   1:06:12   A....      1.020.416   996,50 K   cdfview.dll    Sat  3 Sep 2005   1:06:12   A....        152.064   148,50 K   cdosys.dll     Sat 10 Sep 2005   2:55:14   A....      2.067.968     1,97 M   danim.dll      Sat  3 Sep 2005   1:06:12   A....      1.056.256     1,00 M   dxtrans.dll    Sat  3 Sep 2005   1:06:12   A....        205.312   200,50 K   en4sl1~1.dll   Sat 19 Nov 2005  13:16:00   ..S.R        234.118   228,63 K   extmgr.dll     Sat  3 Sep 2005   1:06:12   .....         55.808    54,50 K   gdi32.dll      Thu  6 Oct 2005   4:18:12   A....        280.064   273,50 K   iepeers.dll    Sat  3 Sep 2005   1:06:12   A....        251.392   245,50 K   inseng.dll     Sat  3 Sep 2005   1:06:12   A....         96.768    94,50 K   irrol5~1.dll   Mon 14 Nov 2005  21:17:36   ..S.R        237.002   231,45 K   kgdca.dll      Sat 19 Nov 2005  13:16:00   ..S.R        237.002   231,45 K   linkinfo.dll   Thu  1 Sep 2005   2:43:38   A....         19.968    19,50 K   mshtml.dll     Tue  4 Oct 2005  17:26:06   A....      3.013.120     2,87 M   mshtmled.dll   Sat  3 Sep 2005   1:06:12   A....        448.512   438,00 K   msrating.dll   Sat  3 Sep 2005   1:06:12   A....        146.432   143,00 K   mstime.dll     Sat  3 Sep 2005   1:06:12   A....        530.432   518,00 K   netman.dll     Mon 22 Aug 2005  19:35:10   A....        197.632   193,00 K   pngfilt.dll    Sat  3 Sep 2005   1:06:12   A....         39.424    38,50 K   quartz.dll     Tue 30 Aug 2005   4:55:44   A....      1.293.312     1,23 M   shdocvw.dll    Sat  3 Sep 2005   1:06:12   A....      1.484.288     1,41 M   shell32.dll    Fri 23 Sep 2005   4:07:00   A....      8.506.880     8,11 M   shlwapi.dll    Sat  3 Sep 2005   1:06:12   A....        474.112   463,00 K   sockspy.dll    Sun  6 Nov 2005   0:31:34   A....         61.440    60,00 K   umpnpmgr.dll   Tue 23 Aug 2005   4:39:36   A....        124.928   122,00 K   urlmon.dll     Sat  3 Sep 2005   1:06:12   A....        605.696   591,50 K   wininet.dll    Sat  3 Sep 2005   1:06:12   A....        662.528   647,00 K   winsrv.dll     Thu  1 Sep 2005   2:43:38   A....        292.352   285,50 K29 items found:  29 files (4 H/S), 0 directories.   Total of file sizes:  24.030.933 bytes     22,91 MLocate .tmp files:No matches found.**********************************************************************************Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 2C6D-941C R‚pertoire de C:\WINDOWS\System3219/11/2005  13:15           237.002 kgdca.dll19/11/2005  13:15           234.118 en4sl1h71.dll14/11/2005  21:17           237.002 irrol5931.dll14/11/2005  18:51    <REP>          dllcache14/11/2005  18:38           235.707 agmparse.dll               4 fichier(s)          943.829 octets               1 R‚p(s)   5.790.781.440 octets libres______________________________________________________Je ne sais pas ce que cela veut dire mais toi, tu vois qqch ?Wise.

Utilisateur anonyme · Answer

salutrelance le et choisit l option 2puis laisse redemarrer et remet un hijack thisa+

-Wise- · Answer

Voilà voilà...Logfile of HijackThis v1.99.1Scan saved at 14:00:07, on 19/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\progra~1\softwin\bitdef~1\bdmcon.exeC:\Program Files\Softwin\BitDefender9\bdoesrv.exeC:\progra~1\softwin\bitdef~1\bdnagent.exeC:\progra~1\softwin\bitdef~1\bdswitch.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\svchost.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exeO4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\en4sl1h71.dllO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)Qu'en penses-tu ?

Utilisateur anonyme · Answer

re,toujours idemRelance lm2fixfais option 2puis relance une deuxieme fois lm2fix, option 2 egalementpuis relance une 3eme lm2fix et choisit l option 1 et donne de nouveau de le rapport de lm2fix + hijack thisa+

-Wise- · Answer

Voilà voilà...A noter que lors du reboot après le 2ème lm2fix, j'ai une boîte de dialogue mentionnant ceci : RUNDLL Une exception s'est produite lors de la tentative d'exécution de ""C:\WINDOWS\system32\cuypt32.dll",DllGetVersion".Et aussi via Bitdefender, détection : Le fichier c:\windows	emp	emporary internet files\content.ie5\od2ra50v\counter[1].htm est infecté avecExploit.Html.MhtRedir.GenLe fichier c:\windows	emp	emporary internet files\content.ie5\upqrmb0d\cursor[1].htm est infecté avecExploit.Win32.MS05-002.GenVoici lm2fix et hijackthis :L2MFIX find log 1.04aThese are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]"Asynchronous"=dword:00000000"DllName"="C:\WINDOWS\system32\enn6l15s1.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]"DLLName"="wzcdlg.dll""Logon"="WZCEventLogon""Logoff"="WZCEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000000RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-CI) DENY   --C-------   	BUILTIN\Administrateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{4DBD8376-DA86-A974-ED57-C9028D0DCA0C}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia""{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚""{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement""{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers""{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents""{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo""{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse""{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft""{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement""{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es""{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport""{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder""{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}"="""{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9""{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\InprocServer32]@="C:\WINDOWS\system32\cuypt32.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\InprocServer32]@="C:\WINDOWS\system32\agmparse.dll""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\   agmparse.dll   Mon 14 Nov 2005  18:38:48   ..S.R        235.707   230,18 K   browseui.dll   Sat  3 Sep 2005   1:06:12   A....      1.020.416   996,50 K   cdfview.dll    Sat  3 Sep 2005   1:06:12   A....        152.064   148,50 K   cdosys.dll     Sat 10 Sep 2005   2:55:14   A....      2.067.968     1,97 M   cuypt32.dll    Sat 19 Nov 2005  14:42:20   ..S.R        234.073   228,59 K   danim.dll      Sat  3 Sep 2005   1:06:12   A....      1.056.256     1,00 M   dxtrans.dll    Sat  3 Sep 2005   1:06:12   A....        205.312   200,50 K   enn6l1~1.dll   Sat 19 Nov 2005  14:36:44   ..S.R        234.073   228,59 K   extmgr.dll     Sat  3 Sep 2005   1:06:12   .....         55.808    54,50 K   gdi32.dll      Thu  6 Oct 2005   4:18:12   A....        280.064   273,50 K   iepeers.dll    Sat  3 Sep 2005   1:06:12   A....        251.392   245,50 K   inseng.dll     Sat  3 Sep 2005   1:06:12   A....         96.768    94,50 K   linkinfo.dll   Thu  1 Sep 2005   2:43:38   A....         19.968    19,50 K   lv4o09~1.dll   Sat 19 Nov 2005  14:40:44   ..S.R        237.002   231,45 K   mborcl32.dll   Sat 19 Nov 2005  14:36:44   ..S.R        237.002   231,45 K   mshtml.dll     Tue  4 Oct 2005  17:26:06   A....      3.013.120     2,87 M   mshtmled.dll   Sat  3 Sep 2005   1:06:12   A....        448.512   438,00 K   msrating.dll   Sat  3 Sep 2005   1:06:12   A....        146.432   143,00 K   mstime.dll     Sat  3 Sep 2005   1:06:12   A....        530.432   518,00 K   netman.dll     Mon 22 Aug 2005  19:35:10   A....        197.632   193,00 K   pngfilt.dll    Sat  3 Sep 2005   1:06:12   A....         39.424    38,50 K   quartz.dll     Tue 30 Aug 2005   4:55:44   A....      1.293.312     1,23 M   shdocvw.dll    Sat  3 Sep 2005   1:06:12   A....      1.484.288     1,41 M   shell32.dll    Fri 23 Sep 2005   4:07:00   A....      8.506.880     8,11 M   shlwapi.dll    Sat  3 Sep 2005   1:06:12   A....        474.112   463,00 K   sockspy.dll    Sun  6 Nov 2005   0:31:34   A....         61.440    60,00 K   umpnpmgr.dll   Tue 23 Aug 2005   4:39:36   A....        124.928   122,00 K   urlmon.dll     Sat  3 Sep 2005   1:06:12   A....        605.696   591,50 K   wininet.dll    Sat  3 Sep 2005   1:06:12   A....        662.528   647,00 K   winsrv.dll     Thu  1 Sep 2005   2:43:38   A....        292.352   285,50 K30 items found:  30 files (5 H/S), 0 directories.   Total of file sizes:  24.264.961 bytes     23,14 MLocate .tmp files:C:\WINDOWS\SYSTEM32\   guard.tmp      Sat 19 Nov 2005  14:46:22   ..S.R        234.073   228,59 K1 item found:  1 file (1 H/S), 0 directories.   Total of file sizes:  234.073 bytes    228,59 K**********************************************************************************Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 2C6D-941C R‚pertoire de C:\WINDOWS\System3219/11/2005  14:46           234.073 guard.tmp19/11/2005  14:42           234.073 cuypt32.dll19/11/2005  14:40           237.002 lv4o09h3e.dll19/11/2005  14:36           237.002 mborcl32.dll19/11/2005  14:36           234.073 enn6l15s1.dll14/11/2005  18:51    <REP>          dllcache14/11/2005  18:38           235.707 agmparse.dll               6 fichier(s)        1.411.930 octets               1 R‚p(s)   5.788.151.808 octets libres______________________________________________________Logfile of HijackThis v1.99.1Scan saved at 14:47:36, on 19/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\progra~1\softwin\bitdef~1\bdmcon.exeC:\Program Files\Softwin\BitDefender9\bdoesrv.exeC:\progra~1\softwin\bitdef~1\bdnagent.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\progra~1\softwin\bitdef~1\bdswitch.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32undll32.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exeO4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: Setup - C:\WINDOWS\system32\enn6l15s1.dllO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)Il n'y avait plus rien mais je crois que c'est mal reparti là !Wise.

-Wise- · Answer

Addendum :Bitdefender firewall m'alerte que la DLL suivante : c:\windows\system32\rundll32.exe essaie de se connecter à internet.Je mets non dans le doute mais l'alerte firewall revient non-stop.

-Wise- · Answer

Confirmation d'une nouvelle infection ! pfffff d'où ça peut venir ! Je ne vais que sur ccm ! Qui m'attaque ??? :-)Sommaire de l'analyse de bitdefender :C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OD2RA50V\counter[1].htm	Infecté avec: Exploit.Html.MhtRedir.GenC:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OD2RA50V\counter[1].htm	DéplacéC:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UPQRMB0D\cursor[1].htm	Infecté avec: Exploit.Win32.MS05-002.GenC:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UPQRMB0D\cursor[1].htm	DéplacéQqn dans le coin ?

bernie61 · Answer

saluten l'attente du retour de Régisnettoie ton ordi avec ceciInstalle ce nettoyeur CCLEANER http://www.ccleaner.com/   ou lien direct là http://www.filehippo.com/download_ccleaner.html  (la flèche)Tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.phpa+

Nilou17 · Answer

Salut Wise !!!Evite de poster des URL contenant des "bestioles".Je vais alerter un modérateur pour qu'il enlève ce message.Ce n'est pas méchant, juste un conseil. :-)Cordialement. Nils

-Wise- · Answer

Pas pensé à ça. Sorry. Bien que des adresses de ce type, y en a des dizaines dans les hijackthis. Mais merci de m'avoir rappelé à l'ordre Nils !Sinon, une idée pour m'aider ?

Nilou17 · Answer

Salut !!!Essaie la technique de Bernie ci-dessus !Si elle ne marche pas, essaie ceci :Télécharge ce petit programme qui nettoiera ton cache Internet : http://pageperso.aol.fr/Balltrap34/CleanUp40.exe Lance-le, clique sur CleanUp! et laisse-le agir. Accepte le redémarrage. A+++ :-)))

-Wise- · Answer

outre nouveau prob au reboot :RUNDLL Une exception s'est produite lors de la tentative d'exécution de ""C:\WINDOWS\system32\mrrmsg.dll",DllGetVersion". Sinon, les deux outils ont été utilisés et les popups continuent...

bernie61 · Answer

resalutrefais la procédure de L2MFIX option 1 et option 2a+

-Wise- · Answer

Option 1L2MFIX find log 1.04aThese are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]"Asynchronous"=dword:00000000"DllName"="C:\WINDOWS\system32\lv4o09h3e.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]"DLLName"="wzcdlg.dll""Logon"="WZCEventLogon""Logoff"="WZCEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000000RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-CI) DENY   --C-------   	BUILTIN\Administrateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{4DBD8376-DA86-A974-ED57-C9028D0DCA0C}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia""{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚""{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement""{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers""{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents""{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo""{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse""{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft""{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement""{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es""{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport""{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder""{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}"="""{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9""{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\InprocServer32]@="C:\WINDOWS\system32\mrrmsg.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\InprocServer32]@="C:\WINDOWS\system32\agmparse.dll""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\   agmparse.dll   Mon 14 Nov 2005  18:38:48   ..S.R        235.707   230,18 K   browseui.dll   Sat  3 Sep 2005   1:06:12   A....      1.020.416   996,50 K   cdfview.dll    Sat  3 Sep 2005   1:06:12   A....        152.064   148,50 K   cdosys.dll     Sat 10 Sep 2005   2:55:14   A....      2.067.968     1,97 M   danim.dll      Sat  3 Sep 2005   1:06:12   A....      1.056.256     1,00 M   dxtrans.dll    Sat  3 Sep 2005   1:06:12   A....        205.312   200,50 K   enr4l1~1.dll   Sat 19 Nov 2005  16:39:24   ..S.R        234.073   228,59 K   extmgr.dll     Sat  3 Sep 2005   1:06:12   .....         55.808    54,50 K   gdi32.dll      Thu  6 Oct 2005   4:18:12   A....        280.064   273,50 K   iepeers.dll    Sat  3 Sep 2005   1:06:12   A....        251.392   245,50 K   inseng.dll     Sat  3 Sep 2005   1:06:12   A....         96.768    94,50 K   linkinfo.dll   Thu  1 Sep 2005   2:43:38   A....         19.968    19,50 K   lv4o09~1.dll   Sat 19 Nov 2005  14:40:44   ..S.R        237.002   231,45 K   mborcl32.dll   Sat 19 Nov 2005  14:36:44   ..S.R        237.002   231,45 K   mrrmsg.dll     Sat 19 Nov 2005  16:40:46   ..S.R        237.002   231,45 K   mshtml.dll     Tue  4 Oct 2005  17:26:06   A....      3.013.120     2,87 M   mshtmled.dll   Sat  3 Sep 2005   1:06:12   A....        448.512   438,00 K   msrating.dll   Sat  3 Sep 2005   1:06:12   A....        146.432   143,00 K   mstime.dll     Sat  3 Sep 2005   1:06:12   A....        530.432   518,00 K   netman.dll     Mon 22 Aug 2005  19:35:10   A....        197.632   193,00 K   pngfilt.dll    Sat  3 Sep 2005   1:06:12   A....         39.424    38,50 K   quartz.dll     Tue 30 Aug 2005   4:55:44   A....      1.293.312     1,23 M   shdocvw.dll    Sat  3 Sep 2005   1:06:12   A....      1.484.288     1,41 M   shell32.dll    Fri 23 Sep 2005   4:07:00   A....      8.506.880     8,11 M   shlwapi.dll    Sat  3 Sep 2005   1:06:12   A....        474.112   463,00 K   sockspy.dll    Sun  6 Nov 2005   0:31:34   A....         61.440    60,00 K   umpnpmgr.dll   Tue 23 Aug 2005   4:39:36   A....        124.928   122,00 K   urlmon.dll     Sat  3 Sep 2005   1:06:12   A....        605.696   591,50 K   wininet.dll    Sat  3 Sep 2005   1:06:12   A....        662.528   647,00 K   winsrv.dll     Thu  1 Sep 2005   2:43:38   A....        292.352   285,50 K30 items found:  30 files (5 H/S), 0 directories.   Total of file sizes:  24.267.890 bytes     23,14 MLocate .tmp files:No matches found.**********************************************************************************Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 2C6D-941C R‚pertoire de C:\WINDOWS\System3219/11/2005  16:40           237.002 mrrmsg.dll19/11/2005  16:39           234.073 enr4l19q1.dll19/11/2005  14:40           237.002 lv4o09h3e.dll19/11/2005  14:36           237.002 mborcl32.dll14/11/2005  18:51    <REP>          dllcache14/11/2005  18:38           235.707 agmparse.dll               5 fichier(s)        1.180.786 octets               1 R‚p(s)   5.809.864.704 octets libres______________________________________________Reboot, a tout de suite...

-Wise- · Answer

Toujours pop ups non-stop ! haaaaaaaaaaaaaaaaa, ca rend fou !new hjtLogfile of HijackThis v1.99.1Scan saved at 17:14:45, on 19/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\progra~1\softwin\bitdef~1\bdmcon.exeC:\Program Files\Softwin\BitDefender9\bdoesrv.exeC:\progra~1\softwin\bitdef~1\bdnagent.exeC:\progra~1\softwin\bitdef~1\bdswitch.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\svchost.exeC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exeO4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\enr4l19q1.dllO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Utilisateur anonyme · Answer

re,avec kill box, supprime ceci (avec la methode du bloc note):: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::http://pageperso.aol.fr/balltrap34/killbox.htm C:\WINDOWS\system32\mrrmsg.dll C:\WINDOWS\system32\enr4l19q1.dll C:\WINDOWS\system32\v4o09h3e.dll C:\WINDOWS\system32\mborcl32.dll C:\WINDOWS\system32\agmparse.dll puis, relance hijack this et fixe ceci:O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\enr4l19q1.dll Relance lm2fix option 2,Redemarrage puis relance le et option 1 et donne le rapport + hijack this

-Wise- · Answer

La killbox ?

-Wise- · Answer

Je ne trouve pas cette killbox, qqn peut m'orienter svp ?

-Wise- · Answer

J'ai trouvé sur http://www.zebulon.fr/Je ferai la manip dès que je suis de nouveau sur le pc concerné...++

-Wise- · Answer

lm2fix option 1L2MFIX find log 1.04aThese are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory]"Asynchronous"=dword:00000000"DllName"="C:\WINDOWS\system32\en06l1ds1.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]"DLLName"="wzcdlg.dll""Logon"="WZCEventLogon""Logoff"="WZCEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000000RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-CI) DENY   --C-------   	BUILTIN\Administrateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{4DBD8376-DA86-A974-ED57-C9028D0DCA0C}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia""{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚""{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement""{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers""{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents""{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo""{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse""{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft""{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement""{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es""{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport""{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder""{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}"="""{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9""{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\InprocServer32]@="C:\WINDOWS\system32\dhrgres.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\InprocServer32]@="C:\WINDOWS\system32\agmparse.dll""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\   agmparse.dll   Mon 14 Nov 2005  18:38:48   ..S.R        235.707   230,18 K   browseui.dll   Sat  3 Sep 2005   1:06:12   A....      1.020.416   996,50 K   cdfview.dll    Sat  3 Sep 2005   1:06:12   A....        152.064   148,50 K   cdosys.dll     Sat 10 Sep 2005   2:55:14   A....      2.067.968     1,97 M   danim.dll      Sat  3 Sep 2005   1:06:12   A....      1.056.256     1,00 M   dhrgres.dll    Sun 20 Nov 2005   1:57:38   ..S.R        234.073   228,59 K   dxtrans.dll    Sat  3 Sep 2005   1:06:12   A....        205.312   200,50 K   en06l1~1.dll   Sun 20 Nov 2005   1:46:04   ..S.R        234.073   228,59 K   en8sl1~1.dll   Sun 20 Nov 2005   1:56:28   ..S.R        236.064   230,53 K   extmgr.dll     Sat  3 Sep 2005   1:06:12   .....         55.808    54,50 K   gdi32.dll      Thu  6 Oct 2005   4:18:12   A....        280.064   273,50 K   iepeers.dll    Sat  3 Sep 2005   1:06:12   A....        251.392   245,50 K   inseng.dll     Sat  3 Sep 2005   1:06:12   A....         96.768    94,50 K   linkinfo.dll   Thu  1 Sep 2005   2:43:38   A....         19.968    19,50 K   mshtml.dll     Tue  4 Oct 2005  17:26:06   A....      3.013.120     2,87 M   mshtmled.dll   Sat  3 Sep 2005   1:06:12   A....        448.512   438,00 K   msrating.dll   Sat  3 Sep 2005   1:06:12   A....        146.432   143,00 K   mstime.dll     Sat  3 Sep 2005   1:06:12   A....        530.432   518,00 K   netman.dll     Mon 22 Aug 2005  19:35:10   A....        197.632   193,00 K   pngfilt.dll    Sat  3 Sep 2005   1:06:12   A....         39.424    38,50 K   quartz.dll     Tue 30 Aug 2005   4:55:44   A....      1.293.312     1,23 M   shdocvw.dll    Sat  3 Sep 2005   1:06:12   A....      1.484.288     1,41 M   shell32.dll    Fri 23 Sep 2005   4:07:00   A....      8.506.880     8,11 M   shlwapi.dll    Sat  3 Sep 2005   1:06:12   A....        474.112   463,00 K   sockspy.dll    Sun  6 Nov 2005   0:31:34   A....         61.440    60,00 K   umpnpmgr.dll   Tue 23 Aug 2005   4:39:36   A....        124.928   122,00 K   urlmon.dll     Sat  3 Sep 2005   1:06:12   A....        605.696   591,50 K   wininet.dll    Sat  3 Sep 2005   1:06:12   A....        662.528   647,00 K   winsrv.dll     Thu  1 Sep 2005   2:43:38   A....        292.352   285,50 K29 items found:  29 files (4 H/S), 0 directories.   Total of file sizes:  24.027.021 bytes     22,91 MLocate .tmp files:No matches found.**********************************************************************************Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 2C6D-941C R‚pertoire de C:\WINDOWS\System3220/11/2005  01:57           234.073 dhrgres.dll20/11/2005  01:56           236.064 en8sl1l71.dll20/11/2005  01:46           234.073 en06l1ds1.dll14/11/2005  18:51    <REP>          dllcache14/11/2005  18:38           235.707 agmparse.dll               4 fichier(s)          939.917 octets               1 R‚p(s)   5.804.638.208 octets libres___________________________________________________hijackthisLogfile of HijackThis v1.99.1Scan saved at 2:03:12, on 20/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32undll32.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\progra~1\softwin\bitdef~1\bdmcon.exeC:\Program Files\Softwin\BitDefender9\bdoesrv.exeC:\progra~1\softwin\bitdef~1\bdnagent.exeC:\progra~1\softwin\bitdef~1\bdswitch.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exeO4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\en06l1ds1.dllO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)______________________________________________________020 fixé mais une autre ligne 020 est revenue.Quid ?Wise.

-Wise- · Answer

Qqn a une idée svp ? Pop ups continuent et je ne vois plus quoi utiliser comme programme...Merci d'avance,Wise.

bernie61 · Answer

resalututilitaire LSP-FIX là http://www.cexx.org/lspfix.htmavec lpsfix il faut faire ceci 1. tu le décomprimes et cliq sur lspfix.exe 2. tu coches "I know what I'm doing" 3. tu choisis la dll à retirer et ensuite "remove" les autres dll surtout ne touches pas4. tu clic sur "finish"5. ensuite tu recherches le fichier .dll et tu l’effacesles dll à choisir sont :en8sl1l71.dll en06l1ds1.dll agmparse.dll a+

balltrap34 · Answer

bernie lpsfix n est pas fait pour virer les dll????

-Wise- · Answer

Tks pour l'aide les gars.J'y vais ou j'y vais pas ?Bernie, quand tu dis "5. ensuite tu recherches le fichier .dll et tu l’effaces", c'est via démarrer -> rechercher ?Wise.

-Wise- · Answer

Qu'en penses-tu Balltrap ?Wise.

-Wise- · Answer

Dernier hijackthis pour infoLogfile of HijackThis v1.99.1Scan saved at 18:47:41, on 21/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\progra~1\softwin\bitdef~1\bdmcon.exeC:\Program Files\Softwin\BitDefender9\bdoesrv.exeC:\progra~1\softwin\bitdef~1\bdnagent.exeC:\progra~1\softwin\bitdef~1\bdswitch.exeC:\WINDOWS\System32\svchost.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exeO4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\ennsl1571.dllO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

-Wise- · Answer

Pour info mon firewall m'avertit par exemple que rundll32.exe ou encore winlogon.exe veulent se connecter à internet. C'est peut-être une piste...Wisequinesait plusoùdonnerdelatête.

-Wise- · Answer

J'ai un peu de mal à avancer.Qqn peut m'orienter svp ?Merci d'avance, Wise.

balltrap34 · Answer

relance l2mfix et clik sur l2mfix.bat et cette foix clik sur l option2 et laisse le faire et met moi le rapport et un nouveau rapport hijack

-Wise- · Answer

Merci de ton aide Balltrap !l2mfix option 2 ok, rapport option 1 : L2MFIX find log 1.04aThese are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]"Asynchronous"=dword:00000000"DllName"="C:\WINDOWS\system32\n66qlgj516o.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]"DLLName"="wzcdlg.dll""Logon"="WZCEventLogon""Logoff"="WZCEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000000RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-CI) DENY   --C-------   	BUILTIN\Administrateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{4DBD8376-DA86-A974-ED57-C9028D0DCA0C}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia""{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚""{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement""{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers""{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents""{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo""{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse""{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft""{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement""{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es""{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport""{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder""{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}"="""{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9""{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\InprocServer32]@="C:\WINDOWS\system32\mzgsvc.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\InprocServer32]@="C:\WINDOWS\system32\agmparse.dll""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\   agmparse.dll   Mon 14 Nov 2005  18:38:48   ..S.R        235.707   230,18 K   browseui.dll   Sat  3 Sep 2005   1:06:12   A....      1.020.416   996,50 K   cdfview.dll    Sat  3 Sep 2005   1:06:12   A....        152.064   148,50 K   cdosys.dll     Sat 10 Sep 2005   2:55:14   A....      2.067.968     1,97 M   danim.dll      Sat  3 Sep 2005   1:06:12   A....      1.056.256     1,00 M   dhrgres.dll    Sun 20 Nov 2005   1:57:38   ..S.R        234.073   228,59 K   dxtrans.dll    Sat  3 Sep 2005   1:06:12   A....        205.312   200,50 K   extmgr.dll     Sat  3 Sep 2005   1:06:12   .....         55.808    54,50 K   gdi32.dll      Thu  6 Oct 2005   4:18:12   A....        280.064   273,50 K   iepeers.dll    Sat  3 Sep 2005   1:06:12   A....        251.392   245,50 K   inseng.dll     Sat  3 Sep 2005   1:06:12   A....         96.768    94,50 K   l4l60e~1.dll   Mon 21 Nov 2005  18:24:38   ..S.R        236.064   230,53 K   linkinfo.dll   Thu  1 Sep 2005   2:43:38   A....         19.968    19,50 K   lvrq09~1.dll   Mon 21 Nov 2005  18:59:38   ..S.R        234.073   228,59 K   mshtml.dll     Tue  4 Oct 2005  17:26:06   A....      3.013.120     2,87 M   mshtmled.dll   Sat  3 Sep 2005   1:06:12   A....        448.512   438,00 K   msrating.dll   Sat  3 Sep 2005   1:06:12   A....        146.432   143,00 K   mstime.dll     Sat  3 Sep 2005   1:06:12   A....        530.432   518,00 K   mzgsvc.dll     Mon 21 Nov 2005  23:18:34   ..S.R        235.639   230,11 K   n66qlg~1.dll   Mon 21 Nov 2005  18:37:18   ..S.R        235.639   230,11 K   pngfilt.dll    Sat  3 Sep 2005   1:06:12   A....         39.424    38,50 K   quartz.dll     Tue 30 Aug 2005   4:55:44   A....      1.293.312     1,23 M   shdocvw.dll    Sat  3 Sep 2005   1:06:12   A....      1.484.288     1,41 M   shell32.dll    Fri 23 Sep 2005   4:07:00   A....      8.506.880     8,11 M   shlwapi.dll    Sat  3 Sep 2005   1:06:12   A....        474.112   463,00 K   sockspy.dll    Sun  6 Nov 2005   0:31:34   A....         61.440    60,00 K   umpnpmgr.dll   Tue 23 Aug 2005   4:39:36   A....        124.928   122,00 K   urlmon.dll     Sat  3 Sep 2005   1:06:12   A....        605.696   591,50 K   wininet.dll    Sat  3 Sep 2005   1:06:12   A....        662.528   647,00 K   winsrv.dll     Thu  1 Sep 2005   2:43:38   A....        292.352   285,50 K30 items found:  30 files (6 H/S), 0 directories.   Total of file sizes:  24.300.667 bytes     23,17 MLocate .tmp files:No matches found.**********************************************************************************Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 2C6D-941C R‚pertoire de C:\WINDOWS\System3221/11/2005  23:18           235.639 mzgsvc.dll21/11/2005  18:59           234.073 lvrq0995e.dll21/11/2005  18:37           235.639 n66qlgj516o.dll21/11/2005  18:24           236.064 l4l60e3seh.dll20/11/2005  01:57           234.073 dhrgres.dll14/11/2005  18:51    <REP>          dllcache14/11/2005  18:38           235.707 agmparse.dll               6 fichier(s)        1.411.195 octets               1 R‚p(s)   5.819.781.120 octets libres______________________________________________________Hijackthis :Logfile of HijackThis v1.99.1Scan saved at 23:22:52, on 21/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\progra~1\softwin\bitdef~1\bdmcon.exeC:\Program Files\Softwin\BitDefender9\bdoesrv.exeC:\progra~1\softwin\bitdef~1\bdnagent.exeC:\progra~1\softwin\bitdef~1\bdswitch.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\svchost.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exeO4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: Setup - C:\WINDOWS\system32
66qlgj516o.dllO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)____________________________________________________Autres infos, à chaque reboot, j'ai un message annoncant qu'une exception s'est produite lors de la tentative d'exécution de ""c:\WINDOWS\system32\cuypt32.dll",DllGetVersion"Cuypt32.dll a été lors d'autres reboots remplacé par mrrmsg.dll, kydda.dll, musap.dll ou encore mzgsvc.dll.Merci de votre aide !Wise.

-Wise- · Answer

Je n'ai pu trouver qu'une dll a unloader que j'avais noté au reboot  mais elle revient chaque fois (mzgsvc.dll). Voici l'option 1 après ça.Je n'ai pas rebooté.L2MFIX find log 1.04aThese are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]"Asynchronous"=dword:00000000"DllName"="C:\WINDOWS\system32\n66qlgj516o.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]"DLLName"="wzcdlg.dll""Logon"="WZCEventLogon""Logoff"="WZCEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000000RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-CI) DENY   --C-------   	BUILTIN\Administrateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{4DBD8376-DA86-A974-ED57-C9028D0DCA0C}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia""{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚""{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement""{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers""{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents""{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo""{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse""{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft""{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement""{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es""{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport""{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder""{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}"="""{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9""{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\InprocServer32]@="C:\WINDOWS\system32\mzgsvc.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\InprocServer32]@="C:\WINDOWS\system32\agmparse.dll""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\   agmparse.dll   Mon 14 Nov 2005  18:38:48   ..S.R        235.707   230,18 K   browseui.dll   Sat  3 Sep 2005   1:06:12   A....      1.020.416   996,50 K   cdfview.dll    Sat  3 Sep 2005   1:06:12   A....        152.064   148,50 K   cdosys.dll     Sat 10 Sep 2005   2:55:14   A....      2.067.968     1,97 M   danim.dll      Sat  3 Sep 2005   1:06:12   A....      1.056.256     1,00 M   dhrgres.dll    Sun 20 Nov 2005   1:57:38   ..S.R        234.073   228,59 K   dxtrans.dll    Sat  3 Sep 2005   1:06:12   A....        205.312   200,50 K   extmgr.dll     Sat  3 Sep 2005   1:06:12   .....         55.808    54,50 K   gdi32.dll      Thu  6 Oct 2005   4:18:12   A....        280.064   273,50 K   iepeers.dll    Sat  3 Sep 2005   1:06:12   A....        251.392   245,50 K   inseng.dll     Sat  3 Sep 2005   1:06:12   A....         96.768    94,50 K   l4l60e~1.dll   Mon 21 Nov 2005  18:24:38   ..S.R        236.064   230,53 K   linkinfo.dll   Thu  1 Sep 2005   2:43:38   A....         19.968    19,50 K   lvrq09~1.dll   Mon 21 Nov 2005  18:59:38   ..S.R        234.073   228,59 K   mshtml.dll     Tue  4 Oct 2005  17:26:06   A....      3.013.120     2,87 M   mshtmled.dll   Sat  3 Sep 2005   1:06:12   A....        448.512   438,00 K   msrating.dll   Sat  3 Sep 2005   1:06:12   A....        146.432   143,00 K   mstime.dll     Sat  3 Sep 2005   1:06:12   A....        530.432   518,00 K   mzgsvc.dll     Mon 21 Nov 2005  23:18:34   ..S.R        235.639   230,11 K   n66qlg~1.dll   Mon 21 Nov 2005  18:37:18   ..S.R        235.639   230,11 K   pngfilt.dll    Sat  3 Sep 2005   1:06:12   A....         39.424    38,50 K   quartz.dll     Tue 30 Aug 2005   4:55:44   A....      1.293.312     1,23 M   shdocvw.dll    Sat  3 Sep 2005   1:06:12   A....      1.484.288     1,41 M   shell32.dll    Fri 23 Sep 2005   4:07:00   A....      8.506.880     8,11 M   shlwapi.dll    Sat  3 Sep 2005   1:06:12   A....        474.112   463,00 K   sockspy.dll    Sun  6 Nov 2005   0:31:34   A....         61.440    60,00 K   umpnpmgr.dll   Tue 23 Aug 2005   4:39:36   A....        124.928   122,00 K   urlmon.dll     Sat  3 Sep 2005   1:06:12   A....        605.696   591,50 K   wininet.dll    Sat  3 Sep 2005   1:06:12   A....        662.528   647,00 K   winsrv.dll     Thu  1 Sep 2005   2:43:38   A....        292.352   285,50 K30 items found:  30 files (6 H/S), 0 directories.   Total of file sizes:  24.300.667 bytes     23,17 MLocate .tmp files:C:\WINDOWS\SYSTEM32\   guard.tmp      Mon 21 Nov 2005  23:29:36   .....        235.639   230,11 K1 item found:  1 file, 0 directories.   Total of file sizes:  235.639 bytes    230,11 K**********************************************************************************Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 2C6D-941C R‚pertoire de C:\WINDOWS\System3221/11/2005  23:18           235.639 mzgsvc.dll21/11/2005  18:59           234.073 lvrq0995e.dll21/11/2005  18:37           235.639 n66qlgj516o.dll21/11/2005  18:24           236.064 l4l60e3seh.dll20/11/2005  01:57           234.073 dhrgres.dll14/11/2005  18:51    <REP>          dllcache14/11/2005  18:38           235.707 agmparse.dll               6 fichier(s)        1.411.195 octets               1 R‚p(s)   5.819.437.056 octets libres

-Wise- · Answer

Concernant : "recommence la procedure avec APM et regarde si tu voit ces dlls C:\WINDOWS\System32\mzgsvc.dll C:\WINDOWS\System32\lvrq0995e.dll C:\WINDOWS\System32
66qlgj516o.dll C:\WINDOWS\System32\l4l60e3seh.dll C:\WINDOWS\System32\dhrgres.dll C:\WINDOWS\System32\agmparse.dll "La seule que j'ai trouvé : mzgsvc.dll => unload dll mais explorer plante et elle est toujours là après refresh.J'attaque killbox.

-Wise- · Answer

hijackthisLogfile of HijackThis v1.99.1Scan saved at 0:37:28, on 22/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\progra~1\softwin\bitdef~1\bdmcon.exeC:\Program Files\Softwin\BitDefender9\bdoesrv.exeC:\progra~1\softwin\bitdef~1\bdnagent.exeC:\progra~1\softwin\bitdef~1\bdswitch.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\svchost.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exeO4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\lvrq0995e.dll (file missing)O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)________________________________________lm2fixL2MFIX find log 1.04aThese are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate]"Asynchronous"=dword:00000000"DllName"="C:\WINDOWS\system32\lvrq0995e.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]"DLLName"="wzcdlg.dll""Logon"="WZCEventLogon""Logoff"="WZCEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000000RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-CI) DENY   --C-------   	BUILTIN\Administrateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{4DBD8376-DA86-A974-ED57-C9028D0DCA0C}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia""{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚""{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement""{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers""{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents""{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo""{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse""{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft""{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement""{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es""{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport""{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder""{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}"="""{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9""{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\InprocServer32]@="C:\WINDOWS\system32\mzgsvc.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\InprocServer32]@="C:\WINDOWS\system32\agmparse.dll""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\   browseui.dll   Sat  3 Sep 2005   1:06:12   A....      1.020.416   996,50 K   cdfview.dll    Sat  3 Sep 2005   1:06:12   A....        152.064   148,50 K   cdosys.dll     Sat 10 Sep 2005   2:55:14   A....      2.067.968     1,97 M   danim.dll      Sat  3 Sep 2005   1:06:12   A....      1.056.256     1,00 M   dxtrans.dll    Sat  3 Sep 2005   1:06:12   A....        205.312   200,50 K   extmgr.dll     Sat  3 Sep 2005   1:06:12   .....         55.808    54,50 K   gdi32.dll      Thu  6 Oct 2005   4:18:12   A....        280.064   273,50 K   iepeers.dll    Sat  3 Sep 2005   1:06:12   A....        251.392   245,50 K   inseng.dll     Sat  3 Sep 2005   1:06:12   A....         96.768    94,50 K   linkinfo.dll   Thu  1 Sep 2005   2:43:38   A....         19.968    19,50 K   mshtml.dll     Tue  4 Oct 2005  17:26:06   A....      3.013.120     2,87 M   mshtmled.dll   Sat  3 Sep 2005   1:06:12   A....        448.512   438,00 K   msrating.dll   Sat  3 Sep 2005   1:06:12   A....        146.432   143,00 K   mstime.dll     Sat  3 Sep 2005   1:06:12   A....        530.432   518,00 K   pngfilt.dll    Sat  3 Sep 2005   1:06:12   A....         39.424    38,50 K   quartz.dll     Tue 30 Aug 2005   4:55:44   A....      1.293.312     1,23 M   shdocvw.dll    Sat  3 Sep 2005   1:06:12   A....      1.484.288     1,41 M   shell32.dll    Fri 23 Sep 2005   4:07:00   A....      8.506.880     8,11 M   shlwapi.dll    Sat  3 Sep 2005   1:06:12   A....        474.112   463,00 K   sockspy.dll    Sun  6 Nov 2005   0:31:34   A....         61.440    60,00 K   urlmon.dll     Sat  3 Sep 2005   1:06:12   A....        605.696   591,50 K   wininet.dll    Sat  3 Sep 2005   1:06:12   A....        662.528   647,00 K   winsrv.dll     Thu  1 Sep 2005   2:43:38   A....        292.352   285,50 K23 items found:  23 files, 0 directories.   Total of file sizes:  22.764.544 bytes     21,71 MLocate .tmp files:C:\WINDOWS\SYSTEM32\   guard.tmp      Tue 22 Nov 2005   0:30:40   ..S.R        235.639   230,11 K1 item found:  1 file (1 H/S), 0 directories.   Total of file sizes:  235.639 bytes    230,11 K**********************************************************************************Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 2C6D-941C R‚pertoire de C:\WINDOWS\System3222/11/2005  00:30           235.639 guard.tmp14/11/2005  18:51    <REP>          dllcache               1 fichier(s)          235.639 octets               1 R‚p(s)   5.819.977.728 octets libres__________________________________________Merci encore Ball ! Pas easy tout ça...

-Wise- · Answer

Re Ball,Voici... plus de 020...Logfile of HijackThis v1.99.1Scan saved at 1:00:21, on 22/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\progra~1\softwin\bitdef~1\bdmcon.exeC:\Program Files\Softwin\BitDefender9\bdoesrv.exeC:\progra~1\softwin\bitdef~1\bdnagent.exeC:\progra~1\softwin\bitdef~1\bdswitch.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\WINDOWS\system32\wuauclt.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exeO4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)Wise.

-Wise- · Answer

Je reboot...

-Wise- · Answer

Voici l'option 1L2MFIX find log 1.04aThese are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]"DLLName"="wzcdlg.dll""Logon"="WZCEventLogon""Logoff"="WZCEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000000RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-CI) DENY   --C-------   	BUILTIN\Administrateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{4DBD8376-DA86-A974-ED57-C9028D0DCA0C}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia""{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚""{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement""{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers""{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents""{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo""{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse""{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft""{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement""{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es""{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport""{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder""{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}"="""{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9""{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\InprocServer32]@="C:\WINDOWS\system32\mzgsvc.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\InprocServer32]@="C:\WINDOWS\system32\agmparse.dll""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\   browseui.dll   Sat  3 Sep 2005   1:06:12   A....      1.020.416   996,50 K   cdfview.dll    Sat  3 Sep 2005   1:06:12   A....        152.064   148,50 K   cdosys.dll     Sat 10 Sep 2005   2:55:14   A....      2.067.968     1,97 M   danim.dll      Sat  3 Sep 2005   1:06:12   A....      1.056.256     1,00 M   dxtrans.dll    Sat  3 Sep 2005   1:06:12   A....        205.312   200,50 K   extmgr.dll     Sat  3 Sep 2005   1:06:12   .....         55.808    54,50 K   gdi32.dll      Thu  6 Oct 2005   4:18:12   A....        280.064   273,50 K   iepeers.dll    Sat  3 Sep 2005   1:06:12   A....        251.392   245,50 K   inseng.dll     Sat  3 Sep 2005   1:06:12   A....         96.768    94,50 K   linkinfo.dll   Thu  1 Sep 2005   2:43:38   A....         19.968    19,50 K   mshtml.dll     Tue  4 Oct 2005  17:26:06   A....      3.013.120     2,87 M   mshtmled.dll   Sat  3 Sep 2005   1:06:12   A....        448.512   438,00 K   msrating.dll   Sat  3 Sep 2005   1:06:12   A....        146.432   143,00 K   mstime.dll     Sat  3 Sep 2005   1:06:12   A....        530.432   518,00 K   pngfilt.dll    Sat  3 Sep 2005   1:06:12   A....         39.424    38,50 K   quartz.dll     Tue 30 Aug 2005   4:55:44   A....      1.293.312     1,23 M   shdocvw.dll    Sat  3 Sep 2005   1:06:12   A....      1.484.288     1,41 M   shell32.dll    Fri 23 Sep 2005   4:07:00   A....      8.506.880     8,11 M   shlwapi.dll    Sat  3 Sep 2005   1:06:12   A....        474.112   463,00 K   sockspy.dll    Sun  6 Nov 2005   0:31:34   A....         61.440    60,00 K   urlmon.dll     Sat  3 Sep 2005   1:06:12   A....        605.696   591,50 K   wininet.dll    Sat  3 Sep 2005   1:06:12   A....        662.528   647,00 K   winsrv.dll     Thu  1 Sep 2005   2:43:38   A....        292.352   285,50 K23 items found:  23 files, 0 directories.   Total of file sizes:  22.764.544 bytes     21,71 MLocate .tmp files:No matches found.**********************************************************************************Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 2C6D-941C R‚pertoire de C:\WINDOWS\System3214/11/2005  18:51    <REP>          dllcache               0 fichier(s)                0 octets               1 R‚p(s)   5.815.705.600 octets libresRq : au reboot, il m'a averti qu'il n'arrivait pas à charger lm2fix.bat...Qu'en penses-tu ?

-Wise- · Answer

J'abandonne pour ce soir, je repasse demain faire le point...Encore un tt grd merci Ball !!!gn8Wise.

Utilisateur anonyme · Answer

salut balltrappasse une bonne journee mon amiMes amitiés

-Wise- · Answer

Hello hello !Encore merci pour l'aide de cette nuit !Voici mon lm2fix option 1 après la manip xxx.reg :L2MFIX find log 1.04aThese are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]"DLLName"="wzcdlg.dll""Logon"="WZCEventLogon""Logoff"="WZCEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000000RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-CI) DENY   --C-------   	BUILTIN\Administrateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{4DBD8376-DA86-A974-ED57-C9028D0DCA0C}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia""{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚""{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement""{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers""{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents""{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo""{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse""{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft""{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement""{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es""{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport""{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder""{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}"="""{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9""{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{BF6A8608-3C18-4DC5-BD6E-C5944BEDEF31}\InprocServer32]@="""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{7B185771-1EBA-409D-9FB1-6C0F3A8F6E53}\InprocServer32]@="""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\   browseui.dll   Sat  3 Sep 2005   1:06:12   A....      1.020.416   996,50 K   cdfview.dll    Sat  3 Sep 2005   1:06:12   A....        152.064   148,50 K   cdosys.dll     Sat 10 Sep 2005   2:55:14   A....      2.067.968     1,97 M   danim.dll      Sat  3 Sep 2005   1:06:12   A....      1.056.256     1,00 M   dxtrans.dll    Sat  3 Sep 2005   1:06:12   A....        205.312   200,50 K   extmgr.dll     Sat  3 Sep 2005   1:06:12   .....         55.808    54,50 K   gdi32.dll      Thu  6 Oct 2005   4:18:12   A....        280.064   273,50 K   iepeers.dll    Sat  3 Sep 2005   1:06:12   A....        251.392   245,50 K   inseng.dll     Sat  3 Sep 2005   1:06:12   A....         96.768    94,50 K   linkinfo.dll   Thu  1 Sep 2005   2:43:38   A....         19.968    19,50 K   mshtml.dll     Tue  4 Oct 2005  17:26:06   A....      3.013.120     2,87 M   mshtmled.dll   Sat  3 Sep 2005   1:06:12   A....        448.512   438,00 K   msrating.dll   Sat  3 Sep 2005   1:06:12   A....        146.432   143,00 K   mstime.dll     Sat  3 Sep 2005   1:06:12   A....        530.432   518,00 K   pngfilt.dll    Sat  3 Sep 2005   1:06:12   A....         39.424    38,50 K   quartz.dll     Tue 30 Aug 2005   4:55:44   A....      1.293.312     1,23 M   shdocvw.dll    Sat  3 Sep 2005   1:06:12   A....      1.484.288     1,41 M   shell32.dll    Fri 23 Sep 2005   4:07:00   A....      8.506.880     8,11 M   shlwapi.dll    Sat  3 Sep 2005   1:06:12   A....        474.112   463,00 K   sockspy.dll    Sun  6 Nov 2005   0:31:34   A....         61.440    60,00 K   urlmon.dll     Sat  3 Sep 2005   1:06:12   A....        605.696   591,50 K   wininet.dll    Sat  3 Sep 2005   1:06:12   A....        662.528   647,00 K   winsrv.dll     Thu  1 Sep 2005   2:43:38   A....        292.352   285,50 K23 items found:  23 files, 0 directories.   Total of file sizes:  22.764.544 bytes     21,71 MLocate .tmp files:No matches found.**********************************************************************************Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 2C6D-941C R‚pertoire de C:\WINDOWS\System3214/11/2005  18:51    <REP>          dllcache               0 fichier(s)                0 octets               1 R‚p(s)   5.817.798.656 octets libres_________________________________________Qu'en pensez-vous ?Wise.

-Wise- · Answer

Un tout grand merci à toi et aux autres qui m'ont permis de nettoyer toutes ces saloperies !!!Ma soeur et son pc vous remercie bien fort !!!Comment protéger au mieux son pc de toutes ces attaques ???Et ce... en versions gratuites ?Wise.

Utilisateur anonyme · Answer

C'est pas la specialité de Gerard cet exercice lolUne énumération de quelques pratiques qui peuvent éviter pas mal de problèmes et qui permettent de garder un pc en bonne santé. - Windows Update parfaitement à jour http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=frUn seul antivirus actif :	http://www.inoculer.com/gratuits.php3 - Un antivirus bien paramétré et mis à jour régulièrement et un scan complet régulier. + De temps en temps un scan en ligne (une fois/mois). Liste scans AV en ligne ici: http://assiste.free.fr/p/antivirus_gratuits_en_ligne/antivirus_en_ligne.php - Un firewall http://www.inoculer.com/firewall5.php3 http://www.firewall-net.com/ http://www.commentcamarche.net/protect/firewall.php3 - scan régulier avec antispywares à jour. - une attitude prudente en surfant (téléchargements, Fichiers reçus MSN, mails inconnus etc) et vis à vis de la messagerie (les fichiers joints aux messages doivent être scannés avant d'être ouverts, même provenant d’une source amicale). - Surf sur un autre navigateur comme mozilla, firefox... tout en gardant Internet Explorer pour toutes les mises a jour.http://frenchmozilla.sourceforge.net/ - Être vigilant sur les fonctionnements inhabituels de ton système. - nettoyage régulier du système (suppression des fichiers inutiles, nettoyage de la base de registre, défragmentation). _______________________  Antispywares:  1/Spybot S&D 1.4 <<nouvelle version http://www.safer-networking.org/fr/index.htm  Démo d’utilisation (merci à Balltrap34 pour cette réalisation)http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm2/Ad-Aware SE 1.06 <<nouvelle versionhttp://www.lavasoftusa.com/software/adaware/ -Une aide:http://www.tutopat.com/viewtopic.php?t=1191 - installe le patch français, tu pourras le trouver ici: http://download.lavasoft.de.edgesuite.net/public/pllangs.exe et une petite vidéo d'utilisation ici:(merci ç Moe31 pour cette réalisation)http://pageperso.aol.fr/balltrap34/adawrevid.asfUn anti trojans:- A2 Free (anti-trojans et worms) http://www.emsisoft.net/fr/software/download/Lire ceci avant de le télécharger: http://assiste.free.fr/p/internet_utilitaires/a2_free.php Bien lire les aides,Voir leurs fonctionnements grâce aux vidéos  et mettre à jour avant de les utiliser.  Pour sécuriser un peu plus son pc: * Safe XP: http://theorica.click-now.net/download.htm ou * XP-antispy http://xp-antispy.org/index.php?option=com_remository&func=sellang&iso=fr  Nettoyage fichiers Internet, temps, cookies... * Cleanup (gratuit): http://pageperso.aol.fr/Balltrap34/CleanUp40.exe -aide en image:(merci à Balltrap34) http://pageperso.aol.fr/balltrap34/democleanup.htmA lire de toute urgence: http://sebsauvage.net/safehex.html http://assiste.free.frA+

-Wise- · Answer

Jolie tartine Regis ! On va essayer de suivre le manuel à la lettre !Merci à toi de m'avoir bien orienté dans cette aventure (merci à Incognito aussi). j'ai découvert plein de choses, j'ai fait plein de choses que je ne souspçonnais même pas mais le résultat est là !Je sais à qui m'adresser maintenant ! Bravo pour votre dynamisme sur ce forum !!!Wise.

Utilisateur anonyme · Answer

re,bien sur je t ai mis l extreme la, cela peux se restreindre aceci:windows a jourantivirus actif et a jouridem pour pare feuad aware + spybot, a jour et clean !Hijack this cleanSi tu as cela, c est deja beaucoup !a+

Trojan.Downloader.Win32.Adload.J + ...

63 réponses

Newsletters