[Virus] Infecté par spy sheriffFermé

Question

Infection par SPY SHERIFF voici  le résultat de Hijackthis, je pense avoir fait le necessaire, cependant je trouve mon PC plus lent?Merci Logfile of HijackThis v1.99.1Scan saved at 20:17:20, on 13/03/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32undll32.exeC:\WINDOWS\System32\mlanperf.exeC:\WINDOWS\explorer.exeC:\WINDOWS\TEMP\9113.tmpC:\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingF2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00005.exe",mlanperf.exeF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\mlanperf.exeO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exeO4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exeO4 - HKLM\..\Run: [keyboard] C:\keyboard2.exeO4 - HKLM\..\Run: [mousepad] C:\mousepad2.exeO4 - HKLM\..\Run: [Access Media] C:\WINDOWS\System32\mlanperf.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [gimmysmileys] C:\gimmysmileys2.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXEO4 - HKCU\..\Run: [Access Media] C:\WINDOWS\System32\mlanperf.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO20 - Winlogon Notify: Applets - C:\WINDOWS\system32\k0800almedqa0.dllO20 - Winlogon Notify: Mixer - C:\WINDOWS\SYSTEM32\sndmixex.dllO21 - SSODL: WebControl Player - {CD0F739D-A68A-4A9D-80D5-F988F5B243FC} - C:\WINDOWS\System32\mqrtvusd.dll (file missing)O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZG8\command.exe (file missing)O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

boulepate · Answer

Salut,il est ou ton anti-virus?

S!Ri · Answer

Salut !Tu peux poster ces fichiers pour une analyse:C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00005.exeC:\keyboard2.exeC:\mousepad2.exeC:\WINDOWS\System32\mlanperf.exeC:\gimmysmileys2.exea cette adresse:http://siri.urz.free.fr/upload/Merci de ton aide.a++

incognito02 · Answer

Bonjour Fred,Salut Boulepate  :-)Fred, tu es l'heureux possesseur d'une nouvelle version de virus, peux tu faire ce que te demande S!Ri stp.Tu cliques sur le lien qu'il t'as donné puis sur le bouton parcourir, tu selectionne un des fichiers qu'il te demande de charger puis tu cliques sur upload. et ainsi de suite avec les autres fichiers.Avec ces fichiers, S!Ri réalisera un nouveau contre-poison.Encore merci d'avance.Et bon courage à tous les deux.A+

fred · Answer

J'ai fais ce que m'a demandé S!Ri, dois-je attendre ou .........FORMATER ?

incognito02 · Answer

Bonsoir Fred,Surtout ne pas formater ! ça serai dommage !telecharge SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.zip Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport Copie/colle le sur le poste stp.Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5). ---------------------------------------------------------------------------- Relance le programme Smitfraud, Cette fois choisit l’option 2, répond oui a tous ; Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum Relance hijackthis et colle un nouveau log ici. BonCourage. A+

Fred · Answer

Salut Incognito2,Voila tout ce que tu m'as demandé:1 - SmitfraudFix (Mode Normal)2 - SmitfraudFix (Mode Sans Echec)1 - HiJackThis (Mode Sans Echec)1 - SmitfraudFix (Mode Normal)SmitFraudFix v2.23Rapport fait à 20:55:53,29 le 15/03/2006Executé à partir de C:\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» Recherche ...\Application DataC:\Documents and Settings\Fredo\Application Data\Install.dat PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau  »»»»»»»»»»»»»»»»»»»»»»»» Recherche SharedtaskschedulerSrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]@="%SystemRoot%\System32\browseui.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]@="%SystemRoot%\System32\browseui.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]@="%SystemRoot%\System32\browseui.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]@="%SystemRoot%\System32\browseui.dll"»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport2 - SmitfraudFix (Mode sans echec)SmitFraudFix v2.23Rapport fait à 20:58:54,90 le 15/03/2006Executé à partir de C:\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectésC:\Documents and Settings\Fredo\Application Data\Install.dat supprimé»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport3 - HiJackThis (Mode sans Echec)Logfile of HijackThis v1.99.1Scan saved at 21:00:24, on 15/03/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32undll32.exeC:\WINDOWS\System32\mlanperf.exeC:\WINDOWS\explorer.exeC:\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensF2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00005.exe",mlanperf.exeF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\mlanperf.exeO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exeO4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exeO4 - HKLM\..\Run: [keyboard] C:\keyboard2.exeO4 - HKLM\..\Run: [Access Media] C:\WINDOWS\System32\mlanperf.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exeO4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exeO4 - HKLM\..\Run: [newname] C:\newname2.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorunO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Access Media] C:\WINDOWS\System32\mlanperf.exeO4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00005.exe"O4 - HKCU\..\Run: [kwoi] C:\stub_113_4_0_4_0.exeO4 - Startup: WebServer.lnk = C:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO20 - Winlogon Notify: Mixer - sndmixex.dll (file missing)O20 - Winlogon Notify: policies - C:\WINDOWS\system32\k0800almedqa0.dll (file missing)O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\jrl0253mg.dllO20 - Winlogon Notify: Telephony - C:\WINDOWS\system32nnh.dll (file missing)O21 - SSODL: WebControl Player - {CD0F739D-A68A-4A9D-80D5-F988F5B243FC} - C:\WINDOWS\System32\mqrtvusd.dll (file missing)O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZG8\command.exe (file missing)O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exeMerci de ton aide Incognito2.@+Fred

incognito02 · Answer

Ok,pour le log hijackthis, il faut toujours le faire en mode normal.va sur ce site : http://www.virustotal.com/xhtml/virustotal_en.html clique sur parcourir et sélectionne ce fichier : C:\WINDOWS\System32\mlanperf.exepuis clique sur send. attend la fin du test et colle le rapport ici stp.ensuite on attaquera la désinfection.Bon courage.A+

Fred · Answer

Voici le Rapport demandéAntivirus	Version	Update	ResultAntiVir	6.34.0.53	03.16.2006	no virus foundAvast	4.6.695.0	03.14.2006	no virus foundAVG	718	03.15.2006	no virus foundAvira	6.34.0.53	03.16.2006	no virus foundBitDefender	7.2	03.16.2006	Trojan.Downloader.EVCAT-QuickHeal	8.00	03.14.2006	(Suspicious) - DNAScanClamAV	devel-20060126	03.16.2006	no virus foundDrWeb	4.33	03.16.2006	BackDoor.SrvliteeTrust-InoculateIT	23.71.103	03.16.2006	Win32/Codalush.M!TrojaneTrust-Vet	12.4.2121	03.16.2006	Win32/Codalush!genericEwido	3.5	03.16.2006	no virus foundFortinet	2.71.0.0	03.16.2006	no virus foundF-Prot	3.16c	03.16.2006	no virus foundIkarus	0.2.59.0	03.15.2006	no virus foundKaspersky	4.0.2.24	03.16.2006	Backdoor.Win32.PPdoor.bcMcAfee	4719	03.15.2006	no virus foundNOD32v2	1.1446	03.16.2006	a variant of Win32/PPdoorNorman	5.70.10	03.16.2006	no virus foundPanda	9.0.0.4	03.16.2006	Bck/PPDoor.GXSophos	4.03.0	03.16.2006	no virus foundSymantec	8.0	03.16.2006	no virus foundTheHacker	5.9.5.114	03.15.2006	no virus foundUNA	1.83	03.15.2006	no virus foundVBA32	3.10.5	03.15.2006	no virus found

incognito02 · Answer

Bonsoir Fred,Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe - Quitter le net, le navigateur, et toutes autres fenêtres d'applications - Dézipper l2mfix.exe sur le bureau ; - Dans le dossier du programme, double-cliquer sur l2mfix.bat ; - Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ; => Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum. Bon courage.A+

Fred · Answer

Salut Incognito02, Désolé mais hier soir pas la ! voila ce que tu m'as demandé, et encore merci de ton aide. L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Mixer] "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "StartShell"="Entry" "DllName"="sndmixex.dll" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MSSYCLM] "Asynchronous"=dword:00000000 "DllName"="C:\WINDOWS\system32\dn4m01h1e.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies] "Asynchronous"=dword:00000000 "DllName"="C:\WINDOWS\system32\k0800almedqa0.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony] "Asynchronous"=dword:00000000 "DllName"="C:\WINDOWS\system32\rnnh.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{3AEEDCB5-50A1-FB9E-9F80-C86CFDE3204D}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{BB7DF450-F119-11CD-8465-00AA00425D90}"="Microsoft Access Custom Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension" "{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}"="MediaFace extension" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}"="" "{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}"="" "{B83590A9-BAE0-4259-8453-21FF47EBF7A6}"="" "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension" "{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}"="" "{79D35997-015E-4248-A54E-8A0ED47F4266}"="" "{16524570-FB60-437B-8099-879CBDEB5397}"="" "{2C5180A7-54ED-4BCA-A332-976BDB0607C9}"="" "{7369034E-1C47-498B-966B-8726D84E157C}"="" "{DED983D6-1665-495A-9AFB-2FE61C38C422}"="" "{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}"="" "{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}\InprocServer32] @="C:\WINDOWS\system32\lakrn13n.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}] @="" [HKEY_CLASSES_ROOT\CLSID\{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}\InprocServer32] @="C:\WINDOWS\system32\muvidctl.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B83590A9-BAE0-4259-8453-21FF47EBF7A6}] @="" [HKEY_CLASSES_ROOT\CLSID\{B83590A9-BAE0-4259-8453-21FF47EBF7A6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B83590A9-BAE0-4259-8453-21FF47EBF7A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B83590A9-BAE0-4259-8453-21FF47EBF7A6}\InprocServer32] @="C:\WINDOWS\system32\mzrapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}] @="" [HKEY_CLASSES_ROOT\CLSID\{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}\InprocServer32] @="C:\WINDOWS\system32\mxapsspc.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{79D35997-015E-4248-A54E-8A0ED47F4266}] @="" [HKEY_CLASSES_ROOT\CLSID\{79D35997-015E-4248-A54E-8A0ED47F4266}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{79D35997-015E-4248-A54E-8A0ED47F4266}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{79D35997-015E-4248-A54E-8A0ED47F4266}\InprocServer32] @="C:\WINDOWS\system32\kqdpl1.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{16524570-FB60-437B-8099-879CBDEB5397}] @="" [HKEY_CLASSES_ROOT\CLSID\{16524570-FB60-437B-8099-879CBDEB5397}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{16524570-FB60-437B-8099-879CBDEB5397}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{16524570-FB60-437B-8099-879CBDEB5397}\InprocServer32] @="C:\WINDOWS\system32\ontext32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2C5180A7-54ED-4BCA-A332-976BDB0607C9}] @="" [HKEY_CLASSES_ROOT\CLSID\{2C5180A7-54ED-4BCA-A332-976BDB0607C9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2C5180A7-54ED-4BCA-A332-976BDB0607C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2C5180A7-54ED-4BCA-A332-976BDB0607C9}\InprocServer32] @="C:\WINDOWS\system32\veajet32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{7369034E-1C47-498B-966B-8726D84E157C}] @="" [HKEY_CLASSES_ROOT\CLSID\{7369034E-1C47-498B-966B-8726D84E157C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7369034E-1C47-498B-966B-8726D84E157C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7369034E-1C47-498B-966B-8726D84E157C}\InprocServer32] @="C:\WINDOWS\system32\wjfeman.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DED983D6-1665-495A-9AFB-2FE61C38C422}] @="" [HKEY_CLASSES_ROOT\CLSID\{DED983D6-1665-495A-9AFB-2FE61C38C422}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DED983D6-1665-495A-9AFB-2FE61C38C422}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DED983D6-1665-495A-9AFB-2FE61C38C422}\InprocServer32] @="C:\WINDOWS\system32\mtbsync.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}] @="" [HKEY_CLASSES_ROOT\CLSID\{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}\InprocServer32] @="C:\WINDOWS\system32\szlunirl.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}] @="" [HKEY_CLASSES_ROOT\CLSID\{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}\InprocServer32] @="C:\WINDOWS\system32\nwlanui2.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Sun 12 Mar 2006 18:33:08 A.... 687 592 671,48 K dn4m01~1.dll Thu 16 Mar 2006 13:38:58 ..S.R 234 204 228,71 K elbycdio.dll Tue 17 Jan 2006 22:36:58 A.... 69 632 68,00 K f62m0g~1.dll Thu 16 Mar 2006 13:10:48 ..S.R 237 170 231,61 K ladrw13n.dll Wed 15 Mar 2006 20:58:10 ..S.R 237 170 231,61 K m2820c~1.dll Thu 16 Mar 2006 14:00:10 ..S.R 234 204 228,71 K mkolmprs.dll Sat 11 Mar 2006 12:28:30 A.... 2 640 2,58 K okecnv32.dll Tue 14 Mar 2006 18:41:20 ..S.R 237 170 231,61 K skctefzi.dll Fri 17 Mar 2006 12:58:48 A.... 15 334 14,97 K ssldr32.dll Sun 12 Mar 2006 18:32:48 A.... 11 776 11,50 K tcd32.dll Thu 16 Mar 2006 13:37:58 ..S.R 234 204 228,71 K __dele~1.dll Fri 17 Mar 2006 12:58:42 A.... 234 204 228,71 K 12 items found: 12 files (6 H/S), 0 directories. Total of file sizes: 2 435 300 bytes 2,32 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Fri 17 Mar 2006 12:58:44 A.... 235 782 230,25 K 1 item found: 1 file, 0 directories. Total of file sizes: 235 782 bytes 230,25 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 5027-17F3 R‚pertoire de C:\WINDOWS\System32 16/03/2006 14:00 234ÿ204 m2820cloefqc0.dll 16/03/2006 13:38 234ÿ204 dn4m01h1e.dll 16/03/2006 13:37 234ÿ204 tcd32.dll 16/03/2006 13:10 237ÿ170 f62m0gf1e62.dll 15/03/2006 20:58 237ÿ170 ladrw13n.dll 14/03/2006 18:41 237ÿ170 okecnv32.dll 12/03/2006 18:45 dllcache 16/03/2005 11:29 Microsoft 6 fichier(s) 1ÿ414ÿ122 octets 2 R‚p(s) 18ÿ148ÿ655ÿ104 octets libres

incognito02 · Answer

Bonsoir,ferme toutes les applications,Relances l2mfix et sélectionne l'option #2L'ordi va redémarrer automatiquement sinon le faire manuellementRecopie le log et colle-le iciEnsuite, relance hijackthis et colle le log ici.A+

fred · Answer

Salut Ingognito2:Rapport L2MFix L2mfix 010406Creating Account.La commande s'est termin‚e correctement.Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX   ... successful Running From:C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.orgKilling PID 632 'smss.exe'Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.orgKilling PID 704 'winlogon.exe'Killing PID 704 'winlogon.exe'Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.orgKilling PID 1928 'explorer.exe'Killing PID 1928 'explorer.exe'Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.orgKilling PID 1620 'rundll32.exe'Killing PID 172 'rundll32.exe'Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs   ... successful Scanning First Pass. Please Wait! First Pass Completed  Second Pass Scanning  Second pass Completed!        1 fichier(s) copi‚(s).        1 fichier(s) copi‚(s).        1 fichier(s) copi‚(s).        1 fichier(s) copi‚(s).        1 fichier(s) copi‚(s).        1 fichier(s) copi‚(s).        1 fichier(s) copi‚(s).        1 fichier(s) copi‚(s).Deleting: C:\WINDOWS\system32\__delete_on_reboot__EISUIX32.DLL  Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__EISUIX32.DLL  Deleting: C:\WINDOWS\system32\dnro0193e.dll  Successfully Deleted: C:\WINDOWS\system32\dnro0193e.dll  Deleting: C:\WINDOWS\system32\f62m0gf1e62.dll  Successfully Deleted: C:\WINDOWS\system32\f62m0gf1e62.dll  Deleting: C:\WINDOWS\system32\ladrw13n.dll  Successfully Deleted: C:\WINDOWS\system32\ladrw13n.dll  Deleting: C:\WINDOWS\system32\m2820cloefqc0.dll  Successfully Deleted: C:\WINDOWS\system32\m2820cloefqc0.dll  Deleting: C:\WINDOWS\system32\okecnv32.dll  Successfully Deleted: C:\WINDOWS\system32\okecnv32.dll  Deleting: C:\WINDOWS\system32	cd32.dll  Successfully Deleted: C:\WINDOWS\system32	cd32.dll  Deleting: C:\WINDOWS\system32\guard.tmp  Successfully Deleted: C:\WINDOWS\system32\guard.tmp   msg11?.dll         0 fichier(s) copi‚(s).   Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key:****************************************************************************Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Mixer]"Asynchronous"=dword:00000001"Impersonate"=dword:00000001"StartShell"="Entry""DllName"="sndmixex.dll"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]"Asynchronous"=dword:00000000"DllName"="C:\WINDOWS\system32\k0800almedqa0.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellServiceObjectDelayLoad]"Asynchronous"=dword:00000000"DllName"="C:\WINDOWS\system32\m2820cloefqc0.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]"Asynchronous"=dword:00000000"DllName"="C:\WINDOWS\system32\rnnh.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001 The following are the files found: ****************************************************************************C:\WINDOWS\system32\__delete_on_reboot__EISUIX32.DLL C:\WINDOWS\system32\dnro0193e.dll C:\WINDOWS\system32\f62m0gf1e62.dll C:\WINDOWS\system32\ladrw13n.dll C:\WINDOWS\system32\m2820cloefqc0.dll C:\WINDOWS\system32\okecnv32.dll C:\WINDOWS\system32	cd32.dll C:\WINDOWS\system32\guard.tmp  Registry Entries that were Deleted: Please verify that the listing looks ok.  If there was something deleted wrongly there are backups in the backreg folder. ****************************************************************************Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}]@="""IDEx"="ADDR"[HKEY_CLASSES_ROOT\CLSID\{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}\InprocServer32]@="C:\WINDOWS\system32\lakrn13n.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}]@=""[HKEY_CLASSES_ROOT\CLSID\{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}\InprocServer32]@="C:\WINDOWS\system32\muvidctl.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{B83590A9-BAE0-4259-8453-21FF47EBF7A6}]@=""[HKEY_CLASSES_ROOT\CLSID\{B83590A9-BAE0-4259-8453-21FF47EBF7A6}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{B83590A9-BAE0-4259-8453-21FF47EBF7A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{B83590A9-BAE0-4259-8453-21FF47EBF7A6}\InprocServer32]@="C:\WINDOWS\system32\mzrapi.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}]@=""[HKEY_CLASSES_ROOT\CLSID\{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}\InprocServer32]@="C:\WINDOWS\system32\mxapsspc.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{79D35997-015E-4248-A54E-8A0ED47F4266}]@=""[HKEY_CLASSES_ROOT\CLSID\{79D35997-015E-4248-A54E-8A0ED47F4266}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{79D35997-015E-4248-A54E-8A0ED47F4266}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{79D35997-015E-4248-A54E-8A0ED47F4266}\InprocServer32]@="C:\WINDOWS\system32\kqdpl1.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{16524570-FB60-437B-8099-879CBDEB5397}]@=""[HKEY_CLASSES_ROOT\CLSID\{16524570-FB60-437B-8099-879CBDEB5397}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{16524570-FB60-437B-8099-879CBDEB5397}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{16524570-FB60-437B-8099-879CBDEB5397}\InprocServer32]@="C:\WINDOWS\system32\ontext32.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{2C5180A7-54ED-4BCA-A332-976BDB0607C9}]@=""[HKEY_CLASSES_ROOT\CLSID\{2C5180A7-54ED-4BCA-A332-976BDB0607C9}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{2C5180A7-54ED-4BCA-A332-976BDB0607C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{2C5180A7-54ED-4BCA-A332-976BDB0607C9}\InprocServer32]@="C:\WINDOWS\system32\veajet32.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{7369034E-1C47-498B-966B-8726D84E157C}]@=""[HKEY_CLASSES_ROOT\CLSID\{7369034E-1C47-498B-966B-8726D84E157C}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{7369034E-1C47-498B-966B-8726D84E157C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{7369034E-1C47-498B-966B-8726D84E157C}\InprocServer32]@="C:\WINDOWS\system32\wjfeman.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{DED983D6-1665-495A-9AFB-2FE61C38C422}]@=""[HKEY_CLASSES_ROOT\CLSID\{DED983D6-1665-495A-9AFB-2FE61C38C422}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{DED983D6-1665-495A-9AFB-2FE61C38C422}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{DED983D6-1665-495A-9AFB-2FE61C38C422}\InprocServer32]@="C:\WINDOWS\system32\mtbsync.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}]@=""[HKEY_CLASSES_ROOT\CLSID\{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}\InprocServer32]@="C:\WINDOWS\system32\szlunirl.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}]@=""[HKEY_CLASSES_ROOT\CLSID\{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}\InprocServer32]@="C:\WINDOWS\system32\nwlanui2.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{E4D03A7F-4163-424B-BC03-ACD4EA08E57B}]@=""[HKEY_CLASSES_ROOT\CLSID\{E4D03A7F-4163-424B-BC03-ACD4EA08E57B}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{E4D03A7F-4163-424B-BC03-ACD4EA08E57B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{E4D03A7F-4163-424B-BC03-ACD4EA08E57B}\InprocServer32]@="C:\WINDOWS\system32\guard.tmp""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{30DBC83D-0D9C-432C-B450-2FC2DC2CA0CC}]@=""[HKEY_CLASSES_ROOT\CLSID\{30DBC83D-0D9C-432C-B450-2FC2DC2CA0CC}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{30DBC83D-0D9C-432C-B450-2FC2DC2CA0CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{30DBC83D-0D9C-432C-B450-2FC2DC2CA0CC}\InprocServer32]@="C:\WINDOWS\system32\EISUIX32.DLL""ThreadingModel"="Apartment"REGEDIT4[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}"=-"{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}"=-"{B83590A9-BAE0-4259-8453-21FF47EBF7A6}"=-"{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}"=-"{79D35997-015E-4248-A54E-8A0ED47F4266}"=-"{16524570-FB60-437B-8099-879CBDEB5397}"=-"{2C5180A7-54ED-4BCA-A332-976BDB0607C9}"=-"{7369034E-1C47-498B-966B-8726D84E157C}"=-"{DED983D6-1665-495A-9AFB-2FE61C38C422}"=-"{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}"=-"{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}"=-"{E4D03A7F-4163-424B-BC03-ACD4EA08E57B}"=-"{30DBC83D-0D9C-432C-B450-2FC2DC2CA0CC}"=-[-HKEY_CLASSES_ROOT\CLSID\{52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB}][-HKEY_CLASSES_ROOT\CLSID\{59C434B6-A5FE-4CAB-9BF1-E4009A34AB92}][-HKEY_CLASSES_ROOT\CLSID\{B83590A9-BAE0-4259-8453-21FF47EBF7A6}][-HKEY_CLASSES_ROOT\CLSID\{B81E416E-D52C-4E9B-ABE8-817909B0CF7C}][-HKEY_CLASSES_ROOT\CLSID\{79D35997-015E-4248-A54E-8A0ED47F4266}][-HKEY_CLASSES_ROOT\CLSID\{16524570-FB60-437B-8099-879CBDEB5397}][-HKEY_CLASSES_ROOT\CLSID\{2C5180A7-54ED-4BCA-A332-976BDB0607C9}][-HKEY_CLASSES_ROOT\CLSID\{7369034E-1C47-498B-966B-8726D84E157C}][-HKEY_CLASSES_ROOT\CLSID\{DED983D6-1665-495A-9AFB-2FE61C38C422}][-HKEY_CLASSES_ROOT\CLSID\{4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA}][-HKEY_CLASSES_ROOT\CLSID\{E2717D87-30E1-44B0-BDE2-94751CFC5ADD}][-HKEY_CLASSES_ROOT\CLSID\{E4D03A7F-4163-424B-BC03-ACD4EA08E57B}][-HKEY_CLASSES_ROOT\CLSID\{30DBC83D-0D9C-432C-B450-2FC2DC2CA0CC}]REGEDIT4[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]****************************************************************************Desktop.ini Contents: ********************************************************************************************************************************************************Checking for L2MFix account(0=no 1=yes): 0Zipping up files for submission:  adding: dlls/dnro0193e.dll (208 bytes security) (deflated 4%)  adding: dlls/f62m0gf1e62.dll (208 bytes security) (deflated 5%)  adding: dlls/guard.tmp (208 bytes security) (deflated 5%)  adding: dlls/ladrw13n.dll (208 bytes security) (deflated 5%)  adding: dlls/m2820cloefqc0.dll (208 bytes security) (deflated 4%)  adding: dlls/okecnv32.dll (208 bytes security) (deflated 5%)  adding: dlls/tcd32.dll (208 bytes security) (deflated 4%)  adding: dlls/__delete_on_reboot__EISUIX32.DLL (208 bytes security) (deflated 4%)  adding: backregs/16524570-FB60-437B-8099-879CBDEB5397.reg (212 bytes security) (deflated 70%)  adding: backregs/2C5180A7-54ED-4BCA-A332-976BDB0607C9.reg (212 bytes security) (deflated 70%)  adding: backregs/30DBC83D-0D9C-432C-B450-2FC2DC2CA0CC.reg (212 bytes security) (deflated 70%)  adding: backregs/4324C0C3-8EA3-4FFF-AECF-1AD1AA5647EA.reg (212 bytes security) (deflated 70%)  adding: backregs/52F40FA1-C2E3-43B0-8A1F-85E6B209E9EB.reg (212 bytes security) (deflated 69%)  adding: backregs/59C434B6-A5FE-4CAB-9BF1-E4009A34AB92.reg (212 bytes security) (deflated 70%)  adding: backregs/7369034E-1C47-498B-966B-8726D84E157C.reg (212 bytes security) (deflated 70%)  adding: backregs/79D35997-015E-4248-A54E-8A0ED47F4266.reg (212 bytes security) (deflated 70%)  adding: backregs/B81E416E-D52C-4E9B-ABE8-817909B0CF7C.reg (212 bytes security) (deflated 70%)  adding: backregs/B83590A9-BAE0-4259-8453-21FF47EBF7A6.reg (212 bytes security) (deflated 70%)  adding: backregs/DED983D6-1665-495A-9AFB-2FE61C38C422.reg (212 bytes security) (deflated 70%)  adding: backregs/E2717D87-30E1-44B0-BDE2-94751CFC5ADD.reg (212 bytes security) (deflated 70%)  adding: backregs/E4D03A7F-4163-424B-BC03-ACD4EA08E57B.reg (212 bytes security) (deflated 70%)  adding: backregs/notibac.reg (208 bytes security) (deflated 88%)  adding: backregs/shell.reg (208 bytes security) (deflated 73%)Rapport HiJackthis:Logfile of HijackThis v1.99.1Scan saved at 10:56:21, on 19/03/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\explorer.exeC:\WINDOWS\System32\RunDll32.exeC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\SlySoft\AnyDVD\AnyDVD.exeC:\mousepad3.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Free Download Manager\fdm.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Microsoft Office\Office\FINDFAST.EXEC:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exeC:\PROGRA~1\Pinnacle\SHARED~1\Filter\Server.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXEC:\Program Files\Network Associates\VirusScan\Avsynmgr.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Network Associates\VirusScan\VsStat.exeC:\Program Files\Network Associates\VirusScan\Vshwin32.exeC:\Program Files\Network Associates\VirusScan\Avconsol.exeC:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensF2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00005.exe",mlanperf.exeF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\mlanperf.exeO2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exeO4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exeO4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exeO4 - HKLM\..\Run: [keyboard] C:\keyboard3.exeO4 - HKLM\..\Run: [mousepad] C:\mousepad3.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorunO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Access Media] C:\WINDOWS\System32\mlanperf.exeO4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00005.exe"O4 - HKCU\..\Run: [kwoi] c:\stub_113_4_0_4_0.exeO4 - Startup: WebServer.lnk = C:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO20 - Winlogon Notify: Mixer - sndmixex.dll (file missing)O20 - Winlogon Notify: policies - C:\WINDOWS\system32\k0800almedqa0.dll (file missing)O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\m2820cloefqc0.dll (file missing)O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32nnh.dll (file missing)O21 - SSODL: WebControl Player - {CD0F739D-A68A-4A9D-80D5-F988F5B243FC} - C:\WINDOWS\System32\mqrtvusd.dll (file missing)O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZG8\command.exe (file missing)O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exeBon courage et merci@+

incognito02 · Answer

Bonsoir Fred,Tu vas avoir bcp de travail, aussi, je te conseille d'imprimer ma réponse, ça sera plus facile pour toi.Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.comF2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00005.exe",mlanperf.exeF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\mlanperf.exeO2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing) O4 - HKLM\..\Run: [keyboard] C:\keyboard3.exeO4 - HKLM\..\Run: [mousepad] C:\mousepad3.exe O4 - HKCU\..\Run: [Access Media] C:\WINDOWS\System32\mlanperf.exeO4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00005.exe"O4 - HKCU\..\Run: [kwoi] c:\stub_113_4_0_4_0.exe O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing)O20 - Winlogon Notify: policies - C:\WINDOWS\system32\k0800almedqa0.dll (file missing)O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\m2820cloefqc0.dll (file missing)O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32nnh.dll (file missing)O21 - SSODL: WebControl Player - {CD0F739D-A68A-4A9D-80D5-F988F5B243FC} - C:\WINDOWS\System32\mqrtvusd.dll (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZG8\command.exe (file missing) ---------------------------------------------------------------------------- Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5). ---------------------------------------------------------------------------- Affiche tous les fichiers et dossiers : Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage Coche « afficher les fichiers et dossiers cachés » Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" Décoche « masquer les extensions dont le type est connu » Puis fais «Ok» pour valider les changements. Et appliquer ! ---------------------------------------------------------------------------- Recherche et supprime ceci: attention seulement les fichiers (si présents). C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00005.exeC:\WINDOWS\System32\mlanperf.exeC:\WINDOWS\DH.dll C:\keyboard2.exeC:\mousepad2.exeC:\keyboard3.exeC:\mousepad3.exec:\stub_113_4_0_4_0.exe C:\WINDOWS\system32\k0800almedqa0.dll C:\WINDOWS\system32\m2820cloefqc0.dll C:\WINDOWS\system32nnh.dll C:\WINDOWS\System32\mqrtvusd.dll et le dossier : C:\WINDOWS\RnJlZG8vide la corbeille, redemarre en mode normal et relance hijackthis et colle le log ici.Bon courage.A+

Fred · Answer

Salut Incognito2,Voila le rapport demandé, ca marche de mieux en mieux, je pense que c'est bonLogfile of HijackThis v1.99.1Scan saved at 13:10:26, on 20/03/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\RunDll32.exeC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\SlySoft\AnyDVD\AnyDVD.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Free Download Manager\fdm.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Microsoft Office\Office\FINDFAST.EXEC:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exeC:\PROGRA~1\Pinnacle\SHARED~1\Filter\Server.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Network Associates\VirusScan\Avsynmgr.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXEC:\Program Files\Network Associates\VirusScan\VsStat.exeC:\Program Files\Network Associates\VirusScan\Vshwin32.exeC:\Program Files\Network Associates\VirusScan\Avconsol.exeC:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exeC:\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exeO4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exeO4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorunO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: WebServer.lnk = C:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZG8\command.exe (file missing)O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

incognito02 · Answer

Bonsoir Fred,C'est presque bon.Arrête ces services :Clique sur Démarrer->exécuter->tape: services.msc Double-clique: Service: Command Service (cmdService) Règle-le sur "Arrêté" et "Désactivé". Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked : O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZG8\command.exe (file missing) redemarre ton ordi et reposte un log hijackthis.Précise tes soucis s’il en reste.... Tiens-moi au courant  A+

Fred · Answer

Salut Incognito2,J'ai fait la 1ere étape:Arrête ces services :Clique sur Démarrer->exécuter->tape: services.mscDouble-clique: Service: Command Service (cmdService)Règle-le sur "Arrêté" et "Désactivé".Lorque j'ai lancé HijackThis je n'avais pas la ligne:O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZG8\command.exe (file missing) Tu trouveras ci après le rapport HijackThis:Logfile of HijackThis v1.99.1Scan saved at 19:14:32, on 21/03/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\RunDll32.exeC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\SlySoft\AnyDVD\AnyDVD.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Free Download Manager\fdm.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Java\jre1.5.0_04\bin\jucheck.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Microsoft Office\Office\FINDFAST.EXEC:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exeC:\PROGRA~1\Pinnacle\SHARED~1\Filter\Server.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Network Associates\VirusScan\Avsynmgr.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Network Associates\VirusScan\VsStat.exeC:\Program Files\Network Associates\VirusScan\Vshwin32.exeC:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXEC:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exeC:\Program Files\Network Associates\VirusScan\Avconsol.exeC:\WINDOWS\System32\wuauclt.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\WINDOWS\System32\wuauclt.exeC:\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exeO4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exeO4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorunO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: WebServer.lnk = C:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe@+

incognito02 · Answer

Bonsoir Fred,Ton log me parait OK, où en sont tes soucis ?A+

incognito02 · Answer

Bonsoir Fred,Ravi que tes problèmes soient résolus.Bonne Soirée.

Kristopher · Answer

Bonsoir Fred, incognito02 ;)Je pense que notre ami Fred est victime de l'adware Webhancer.Tu trouveras plus d'info ici :http://www.flowprotector.com/fr/spywarelist/spy_lexique_fiche.asp?numero=1294&langue=FROutre la désinstallation de webHancer via le Panneau de configuration, je recommanderai également un scan en ligne, qu'il est toujours pertinent d'effectuer pour voir s'il ne reste aucun malware sur le PC.Bon courage incognito02 ;)

[Virus] Infecté par spy sheriff

19 réponses

Discussions similaires

Newsletters