des pop-ups sans cesseFermé

Question

bonjour ! jai un probleme et j'arrive pas a le resoudre ! depusi 2 jours que toujours des pop-ups qui ouvre tout le temps et sa fait fermer mon volume lol ! ses asser bizarre comme pop-up ! je croit bien que ses un trojan mais jen suis aps sur ! jai passer 2 fois norton anti-virus,passer ad-aware et spybots et tout ses programe etais mise a jours ! mais sa menleve absulemnt rien sa continue tout le temps ! si quelqun pourrai maider sa serai tres aprécier , jai chercher partout et je trouve rien .merci davance !

Christian* · Answer

C'est peut etre dans la liste de démarrage de ton pc .telecharge RegCleaner , puis dans " liste de demarrage"  ne garde que l'essentiel ( antivirus )  supprime le reste et redemarre le pc.

sebydm · Answer

jai fait ce que tu dit mais sa aide pas ! sa continu sans cesse , et comme mon pc ouvert 24/24 bien quand que je revien de travailler il a plein de age douverte et mon son se ferme toujours ! pas par les speaker mais par al barre de son ! je sais pas si qq1 aurai une autre solution ous si tu as une autre methode ! sa serai vraiemtn aprécier !

Regis59 · Answer

Salut sebytélécharge HijackThis ici: https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html Dézippe le dans un dossier prévu à cet effet. Par exemple C:\hijackthis < Enregistre le bien dans c : ! Démo : (Merci a Balltrap34 pour cette réalisation)   http://pageperso.aol.fr/balltrap34/Hijenr.gif Lance le puis: clique sur "do a system scan and save logfile" (cf démo) faire un copier coller du log entier sur le forumDémo : (Merci a Balltrap34 pour cette réalisation)   http://pageperso.aol.fr/balltrap34/demohijack.htm	Bon courageA+

sebydm · Answer

Logfile of HijackThis v1.99.1Scan saved at 02:26:20, on 2006-07-28Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeF:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeF:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeF:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\ATKKBService.exeF:\Program Files\Norton AntiVirus
avapsvc.exeF:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeF:\WINDOWS\System32
vsvc32.exeF:\Program Files\Cyberlink\Shared files\RichVideo.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeF:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeF:\WINDOWS\RTHDCPL.EXEF:\WINDOWS\System32\MMTray.exeF:\WINDOWS\System32\MMTray2k.exeF:\WINDOWS\System32\MMTrayLSI.exeF:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\dfndref_7.exeH:\Program Files\Microsoft AntiSpyware\gcasServ.exeF:\Program Files\Fichiers communs\{D4CBCC57-0BB8-1036-1027-050315060002}\Update.exeF:\Program Files\MSN Messenger\MsnMsgr.ExeH:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeH:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exeF:\Program Files\Windows Media Player\wmplayer.exeF:\Program Files\uTorrent\utorrent.exeF:\WINDOWS\explorer.exeH:\Program Files\Computer Alarm Clock\cac.exeF:\Program Files\Internet Explorer\iexplore.exeF:\Nouveau dossier\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [MMTray] MMTray.exeO4 - HKLM\..\Run: [MMTray2K] MMTray2k.exeO4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exeO4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\Language\Language.exe"O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [Computer Alarm Clock] H:\Program Files\Computer Alarm Clock\cac.exeO4 - HKLM\..\Run: [defender] C:\dfndref_7.exeO4 - HKLM\..\Run: [gcasServ] "H:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MétéoIMédia] h:\Program Files\MétéoMédia\MétéoIMédia\WeatherEyeO16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/2ed7ae64b6f1859c40abe14dc252808c_35.exeO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.frO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CABO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: Explorer - F:\WINDOWS\system32\ktjol7131.dllO21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
vsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Regis59 · Answer

Salut,Télécharge ceci: (merci a S!RI pour ce programme).http://siri.urz.free.fr/Fix/SmitfraudFix.zipExécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapportCopie/colle le sur le poste stp.A+

sebydm · Answer

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer»»»»»»»»»»»»»»»»»»»»»»»» F:\DOCUME~1\WANTED~1\Favoris»»»»»»»»»»»»»»»»»»»»»»»» Bureau»»»»»»»»»»»»»»»»»»»»»»»» H:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll»»»»»»»»»»»»»»»»»»»»»»»» Fin

sebydm · Answer

tien je sais pas si sa va aider ! messemble qui a pas grand chose sur ce rapport ! mais jattend de tes nouvelle merci pour le derangement

Regis59 · Answer

SalutLe rapport n est pas entier mais bon, il semble propre.Télécharge Blacklight (de F-Secure) a l’une des 2 adresses : https://www.f-secure.com/en https://www.f-secure.com/en et sauvegarde le sur ton Bureau. Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres). Copie et colle le contenu de ce rapport dans ta prochaine réponse a+

sebydm · Answer

sa ne fonctionne pas , sa marque quqand que je demarre le programme :F-Secure Blacklight could not acquire nessary privileges(sedebugprivilege)-your computer setting may prevent acquiring these privileges.-a malicious program might have disabled these privileges.je comprend pas bcp langlais ! donc je sais aps trop quoi faire ! si tu veut on peu se parler sur msn sa irai mieu ! puis apres jefface ton nom ! sebyseb808 sur hotmail. et si tu ha la solution pour le programme parce que je comprend pas pourquoi que sa marche pas !

Regis59 · Answer

RE,desole msn c est reservé a ceux que je connais ;-)Lorsque tu clik sur un des liens, il te demande d accepter qqchose?a+

sebydm · Answer

jai reussi a avoir le programme mais ses quand que je veut lutiliser ! il part mais al promiere page mindique ce que je tai ecrit !

Regis59 · Answer

Tu es en administrateur?

kouaw · Answer

je te conseille tout d abord de faire un scan antivirus en ligne par bitdefender ou autre :)( les 3/4 des amis ou contacts que j ai qui avais norton apres avoir passer bitdefender avais trouver + de 20 virus :) non trouver par norton ^^ )apres passe un coup de Ad-Aware pour retire les espions :)et si tu as encore des problemes dit le :)

sebydm · Answer

regis59........... quand que je me mets en admin le program disparais :S ce qui est tres bizarre ! je comprend pas ! je vais réasseyer ! je ten donne des nouvelle dici peu kouaw......... il en na trouver que javais pas avec norton mais sa aps regler le probleme ! donc non sa marche pas encore lol

sebydm · Answer

non je troue pas le programme en admin ! je sais pus quoi faire !

Regis59 · Answer

C'est pas grave.Lance un scan avec ewido et donne le rapportEwido: http://perso.orange.fr/entraide-hijackthis/Ewido/a+

sebydm · Answer

---------------------------------------------------------ewido anti-spyware - Scan Report--------------------------------------------------------- + Created at:	22:04:51 2006-07-31 + Scan result:	HKLM\SOFTWARE\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).F:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Cleaned with backup (quarantined).F:\WINDOWS\system32\pfwv220.dll -> Adware.Look2Me : Cleaned with backup (quarantined).F:\WINDOWS\Temp\ICD3.tmp\int_ver34.ocx -> Dialer.VB.j : Cleaned with backup (quarantined).F:\WINDOWS\Temp\ICD4.tmp\int_ver34.ocx -> Dialer.VB.j : Cleaned with backup (quarantined).F:\WINDOWS\Temp\ICD5.tmp\int_ver34.ocx -> Dialer.VB.j : Cleaned with backup (quarantined).F:\WINDOWS\Downloaded Program Files\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.F:\Documents and Settings\wanted prototype\Bureau\cracksearcher.zip/CrackSearcher.exe -> Not-A-Virus.HackTool.Win32.CrackSearch.a : Ignored.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.F:\Documents and Settings\wanted prototype\Cookies\wanted prototype@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.F:\Program Files\Fichiers communs\{D4CBCC57-0BB8-1036-1027-050315060002}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).           je sais pas si ses ce raport la que tu veut mais je trouve que sa dit pas grand chose ! tout a deleter comme il faut mais sa perciste encore !

Regis59 · Answer

SalutIl doit en rester, remet un hijack thisa+

sebydm · Answer

Logfile of HijackThis v1.99.1Scan saved at 13:02:04, on 2006-08-02Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeF:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeF:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeF:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\Explorer.EXEF:\WINDOWS\ATKKBService.exeH:\Program Files\ewido anti-spyware 4.0\guard.exeF:\Program Files\Norton AntiVirus
avapsvc.exeF:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeF:\WINDOWS\System32\RUNDLL32.EXEF:\WINDOWS\RTHDCPL.EXEF:\WINDOWS\System32\MMTray.exeF:\WINDOWS\System32\MMTray2k.exeF:\WINDOWS\System32\MMTrayLSI.exeF:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeF:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeF:\WINDOWS\System32
vsvc32.exeF:\Program Files\Cyberlink\Shared files\RichVideo.exeH:\Program Files\Computer Alarm Clock\cac.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeF:\Program Files\QuickTime\qttask.exeH:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeF:\WINDOWS\logon.exeF:\WINDOWS\system32undll32.exeF:\WINDOWS\System32\wuauclt.exeH:\Program Files\ewido anti-spyware 4.0\ewido.exeF:\WINDOWS	snp2std.exeF:\WINDOWS\vsnp2std.exeF:\Program Files\MSN Messenger\MsnMsgr.ExeH:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exeF:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\GUILD WARS\Gw.exeF:\Nouveau dossier\HijackThis.exeF:\Program Files\Messenger\msmsgs.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [MMTray] MMTray.exeO4 - HKLM\..\Run: [MMTray2K] MMTray2k.exeO4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exeO4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\Language\Language.exe"O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [Computer Alarm Clock] H:\Program Files\Computer Alarm Clock\cac.exeO4 - HKLM\..\Run: [defender] C:\dfndref_7.exeO4 - HKLM\..\Run: [gcasServ] "H:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WinLogon] F:\WINDOWS\logon.exeO4 - HKLM\..\Run: [!ewido] "H:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKLM\..\Run: [tsnp2std] F:\WINDOWS	snp2std.exeO4 - HKLM\..\Run: [snp2std] F:\WINDOWS\vsnp2std.exeO4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MétéoIMédia] h:\Program Files\MétéoMédia\MétéoIMédia\WeatherEyeO4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.217/aboxinst_int16.exeO16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/2ed7ae64b6f1859c40abe14dc252808c_35.exeO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.frO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CABO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: RunOnceEx - F:\WINDOWS\system32\j4j60e1seh.dllO21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - H:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
vsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

sebydm · Answer

jai trouver le vers.....ses cette ligneO16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - ses un dialer . jai beau le supprimer du register et partout ou il se trouve dans le pc mais il revien tjs ! si tu as une solution pour enlever sa serai super ! ses sur que ses sa parce que a toute les fois que une nouvelle page apparait sur mon pc sa me rajoute cette ligne dans ewindo ! sa serai super si vosu trouverier comment le supprimer parceq ue jarrive pas a trouver sur le net !

Regis59 · Answer

Salut¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :O4 - HKLM\..\Run: [WinLogon] F:\WINDOWS\logon.exe O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.217/aboxinst_int16.exe O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/2ed7ae64b6f1859c40abe14dc252808c_35.exe O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB O20 - Winlogon Notify: RunOnceEx - F:\WINDOWS\system32\j4j60e1seh.dll O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file) ---------------------------------------------------------------------------- ¤Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5).  ----------------------------------------------------------------------------¤Recherche et supprime ceci: attention seulement les fichiers  (si présents).F:\WINDOWS\logon.exe Redemarre et remet un hijack thisa++

sebydm · Answer

jai fait ce que tu ma mais sa semble pas avoir supprimer aucune ligne ! voici le rapport Logfile of HijackThis v1.99.1Scan saved at 19:46:41, on 2006-08-03Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeF:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeF:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeF:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\ATKKBService.exeH:\Program Files\ewido anti-spyware 4.0\guard.exeF:\Program Files\Norton AntiVirus
avapsvc.exeF:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeF:\WINDOWS\System32
vsvc32.exeF:\Program Files\Cyberlink\Shared files\RichVideo.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeF:\WINDOWS\system32undll32.exeF:\WINDOWS\Explorer.EXEF:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeF:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeF:\WINDOWS\System32\RUNDLL32.EXEF:\WINDOWS\System32\wuauclt.exeF:\WINDOWS\RTHDCPL.EXEF:\WINDOWS\System32\MMTray.exeF:\WINDOWS\System32\MMTray2k.exeF:\WINDOWS\System32\MMTrayLSI.exeF:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeH:\Program Files\Computer Alarm Clock\cac.exeH:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeH:\Program Files\ewido anti-spyware 4.0\ewido.exeF:\WINDOWS	snp2std.exeF:\WINDOWS\vsnp2std.exeH:\Program Files\iTunes\iTunesHelper.exeH:\Program Files\Java\jre1.5.0_06\bin\jusched.exeH:\Program Files\QuickTime\qttask.exeH:\Program Files\DAEMON Tools\daemon.exeF:\Program Files\iPod\bin\iPodService.exeF:\Program Files\MSN Messenger\MsnMsgr.ExeH:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exeF:\Program Files\Messenger\msmsgs.exeF:\Nouveau dossier\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [MMTray] MMTray.exeO4 - HKLM\..\Run: [MMTray2K] MMTray2k.exeO4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exeO4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\Language\Language.exe"O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [Computer Alarm Clock] H:\Program Files\Computer Alarm Clock\cac.exeO4 - HKLM\..\Run: [defender] C:\dfndref_7.exeO4 - HKLM\..\Run: [gcasServ] "H:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [!ewido] "H:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKLM\..\Run: [tsnp2std] F:\WINDOWS	snp2std.exeO4 - HKLM\..\Run: [snp2std] F:\WINDOWS\vsnp2std.exeO4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MétéoIMédia] h:\Program Files\MétéoMédia\MétéoIMédia\WeatherEyeO4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CABO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WebCheck - F:\WINDOWS\system32\l6j80g1ue6.dllO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - H:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
vsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Regis59 · Answer

okTelecharge cecihttps://www.silentrunners.org/Silent%20Runners.vbs Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donneraA+

sebydm · Answer

"Silent Runners.vbs", revision 46, https://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\"{D4CBCC57-0BB8-1036-1027-050315060002}" = ""F:\Program Files\Fichiers communs\{D4CBCC57-0BB8-1036-1027-050315060002}\Update.exe" mc-110-12-0000272" [file not found]HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"MsnMsgr" = ""F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]"MétéoIMédia" = "h:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye" ["MétéoMédia/The Weather Network"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"ccApp" = ""F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]"SSC_UserPrompt" = "F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]"NvMediaCenter" = "RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"MMTray" = "MMTray.exe" ["Morgan Multimedia"]"MMTray2K" = "MMTray2k.exe" [null data]"MMTrayLSI" = "MMTrayLSI.exe" ["Morgan Multimedia"]

Regis59 · Answer

salutle rapport n est pas entier, atend qqs minutes avant de le relevera+

sebydm · Answer

"Silent Runners.vbs", revision 46, https://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\"{D4CBCC57-0BB8-1036-1027-050315060002}" = ""F:\Program Files\Fichiers communs\{D4CBCC57-0BB8-1036-1027-050315060002}\Update.exe" mc-110-12-0000272" [file not found]HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"MsnMsgr" = ""F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]"MétéoIMédia" = "h:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye" ["MétéoMédia/The Weather Network"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"ccApp" = ""F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]"SSC_UserPrompt" = "F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]"NvMediaCenter" = "RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"MMTray" = "MMTray.exe" ["Morgan Multimedia"]"MMTray2K" = "MMTray2k.exe" [null data]"MMTrayLSI" = "MMTrayLSI.exe" ["Morgan Multimedia"]"LanguageShortcut" = ""H:\Program Files\Language\Language.exe"" [null data]"AdaptecDirectCD" = ""F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]"Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS]"Computer Alarm Clock" = "H:\Program Files\Computer Alarm Clock\cac.exe" ["Think Art Computing."]"defender" = "C:\dfndref_7.exe" [file not found]"gcasServ" = ""H:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]"NvCplDaemon" = "RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]"!ewido" = ""H:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]"tsnp2std" = "F:\WINDOWS\tsnp2std.exe" [empty string]"snp2std" = "F:\WINDOWS\vsnp2std.exe" ["Sonix"]"iTunesHelper" = ""H:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]"SunJavaUpdateSched" = "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]"QuickTime Task" = ""H:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"DAEMON Tools" = ""H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}"AAW" = (empty string)"SpybotSnD" = (empty string)HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"                   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                   \InProcServer32\(Default) = "F:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"                   \InProcServer32\(Default) = "F:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"                   \InProcServer32\(Default) = "F:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"                   \InProcServer32\(Default) = "F:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "F:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"                   \InProcServer32\(Default) = "F:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "h:\Program Files\WinRAR\rarext.dll" [null data]"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"  -> {HKLM...CLSID} = "WinZip"                   \InProcServer32\(Default) = "H:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"  -> {HKLM...CLSID} = "WinZip"                   \InProcServer32\(Default) = "H:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"  -> {HKLM...CLSID} = "WinZip"                   \InProcServer32\(Default) = "H:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"  -> {HKLM...CLSID} = "WinZip"                   \InProcServer32\(Default) = "H:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {HKLM...CLSID} = "Portable Media Devices"                   \InProcServer32\(Default) = "F:\WINDOWS\System32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {HKLM...CLSID} = "Portable Media Devices Menu"                   \InProcServer32\(Default) = "F:\WINDOWS\System32\Audiodev.dll" [MS]"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"  -> {HKLM...CLSID} = "iTunes"                   \InProcServer32\(Default) = "H:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"  -> {HKLM...CLSID} = "Adaptec DirectCD Shell Extension"                   \InProcServer32\(Default) = "F:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]"{324FDD93-DD5E-4024-8E78-83DED1E92245}" = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "F:\WINDOWS\system32\stdocvw.dll" [file not found]"{B58D4854-08D0-457B-A3BA-B977352351DC}" = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "F:\WINDOWS\system32\wudmtpus.dll" [file not found]"{4E64E235-92A9-449B-A30E-DD7C2CD479BD}" = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "F:\WINDOWS\system32\ifnathlp.dll" [file not found]"{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}" = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "F:\WINDOWS\system32\pfwv220.dll" [file not found]"{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}" = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "F:\WINDOWS\system32\guard.tmp" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"  -> {HKLM...CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1"                   \InProcServer32\(Default) = "H:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"                   \InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! WebCheck\DLLName = "F:\WINDOWS\system32\l6j80g1ue6.dll" [null data]HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"                   \InProcServer32\(Default) = "H:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"  -> {HKLM...CLSID} = "CContextScan Object"                   \InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"  -> {HKLM...CLSID} = "IEContextMenu Class"                   \InProcServer32\(Default) = "F:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "h:\Program Files\WinRAR\rarext.dll" [null data]WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"  -> {HKLM...CLSID} = "WinZip"                   \InProcServer32\(Default) = "H:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"  -> {HKLM...CLSID} = "CContextScan Object"                   \InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "h:\Program Files\WinRAR\rarext.dll" [null data]WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"  -> {HKLM...CLSID} = "WinZip"                   \InProcServer32\(Default) = "H:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"  -> {HKLM...CLSID} = "IEContextMenu Class"                   \InProcServer32\(Default) = "F:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "h:\Program Files\WinRAR\rarext.dll" [null data]WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"  -> {HKLM...CLSID} = "WinZip"                   \InProcServer32\(Default) = "H:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "F:\Documents and Settings\wanted prototype\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "F:\WINDOWS\System32\logon.scr" [MS]Startup items in "wanted prototype" & "All Users" startup folders:------------------------------------------------------------------F:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Adobe Reader Speed Launch" -> shortcut to: "H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]Enabled Scheduled Tasks:------------------------"Norton AntiVirus - Analyser mon ordinateur - wanted prototype" -> launches: "F:\PROGRA~1\NORTON~1\Navw32.exe /task:"F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]"Symantec NetDetect" -> launches: "F:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"  -> {HKLM...CLSID} = "Norton AntiVirus"                   \InProcServer32\(Default) = "F:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"  -> {HKLM...CLSID} = "&Google"                   \InProcServer32\(Default) = "f:\program files\google\googletoolbar1.dll" ["Google Inc."]HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"  -> {HKLM...CLSID} = "Yahoo! Toolbar"                   \InProcServer32\(Default) = "F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"  -> {HKLM...CLSID} = "&Google"                   \InProcServer32\(Default) = "f:\program files\google\googletoolbar1.dll" ["Google Inc."]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"  -> {HKLM...CLSID} = "Norton AntiVirus"                   \InProcServer32\(Default) = "F:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)  -> {HKLM...CLSID} = "Yahoo! Toolbar"                   \InProcServer32\(Default) = "F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)  -> {HKLM...CLSID} = "&Google"                   \InProcServer32\(Default) = "f:\program files\google\googletoolbar1.dll" ["Google Inc."]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Console Java (Sun)""CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"                   \InProcServer32\(Default) = "H:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]Miscellaneous IE Hijack Points------------------------------F:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"Missing lines (compared with English-language version):[Strings]: 1 lineHKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*W" (unwritable string)  -> {HKLM...CLSID} = "Yahoo! Toolbar"                   \InProcServer32\(Default) = "F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------ATK Keyboard Service, ATKKeyboardService, "F:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]Cyberlink RichVideo Service(CRVS), RichVideo, ""F:\Program Files\Cyberlink\Shared files\RichVideo.exe"" [empty string]ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "H:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]iPodService, iPodService, "F:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]Norton AntiVirus Firewall Monitor Service, NPFMntor, "F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]NVIDIA Display Driver Service, NVSvc, "F:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]Service Norton AntiVirus Auto-Protect, navapsvc, ""F:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]Symantec Core LC, Symantec Core LC, "F:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]Symantec Event Manager, ccEvtMgr, ""F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]Symantec Network Drivers Service, SNDSrvc, ""F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]Symantec Settings Manager, ccSetMgr, ""F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]Symantec SPBBCSvc, SPBBCSvc, "F:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]Windows User Mode Driver Framework, UMWdf, "F:\WINDOWS\System32\wdfmgr.exe" [MS]----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 108 seconds.+ The search for all Registry CLSIDs containing dormant Explorer Bars  took 17 seconds.---------- (total run time: 516 seconds)

Regis59 · Answer

SalutTélécharge l2mfix ici: http://www.downloads.subratam.org/l2mfix.exe Double clic sur l2mfix.exe pour lancer l'extraction Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche entrée. Le bloc note va s'ouvrir avec le résultat du scan. Fais un copier coller du résultat ici.

sebydm · Answer

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck] "Asynchronous"=dword:00000000 "DllName"="F:\WINDOWS\system32\l6j80g1ue6.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{3A4CACD6-9927-E674-00F5-25F887FB978A}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension" "{324FDD93-DD5E-4024-8E78-83DED1E92245}"="" "{B58D4854-08D0-457B-A3BA-B977352351DC}"="" "{4E64E235-92A9-449B-A30E-DD7C2CD479BD}"="" "{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}"="" "{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{324FDD93-DD5E-4024-8E78-83DED1E92245}] @="" [HKEY_CLASSES_ROOT\CLSID\{324FDD93-DD5E-4024-8E78-83DED1E92245}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{324FDD93-DD5E-4024-8E78-83DED1E92245}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{324FDD93-DD5E-4024-8E78-83DED1E92245}\InprocServer32] @="F:\WINDOWS\system32\stdocvw.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B58D4854-08D0-457B-A3BA-B977352351DC}] @="" [HKEY_CLASSES_ROOT\CLSID\{B58D4854-08D0-457B-A3BA-B977352351DC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B58D4854-08D0-457B-A3BA-B977352351DC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B58D4854-08D0-457B-A3BA-B977352351DC}\InprocServer32] @="F:\WINDOWS\system32\wudmtpus.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4E64E235-92A9-449B-A30E-DD7C2CD479BD}] @="" [HKEY_CLASSES_ROOT\CLSID\{4E64E235-92A9-449B-A30E-DD7C2CD479BD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4E64E235-92A9-449B-A30E-DD7C2CD479BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4E64E235-92A9-449B-A30E-DD7C2CD479BD}\InprocServer32] @="F:\WINDOWS\system32\ifnathlp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}] @="" [HKEY_CLASSES_ROOT\CLSID\{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}\InprocServer32] @="F:\WINDOWS\system32\pfwv220.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}] @="" [HKEY_CLASSES_ROOT\CLSID\{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}\InprocServer32] @="F:\WINDOWS\system32\guard.tmp" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: F:\WINDOWS\SYSTEM32\ cmdlin~1.dll Tue 2006-07-18 0:13:42 A.... 98 304 96,00 K divxwm~1.dll Wed 2006-06-21 6:33:42 A.... 12 288 12,00 K divx_x~1.dll Mon 2006-07-03 17:40:52 A.... 778 240 760,00 K divx_x~2.dll Mon 2006-07-03 17:40:52 A.... 778 240 760,00 K divx_x~3.dll Mon 2006-07-03 17:40:50 A.... 761 856 744,00 K dpl100.dll Wed 2006-06-21 6:34:22 A.... 90 112 88,00 K dpu10.dll Wed 2006-06-21 6:34:22 A.... 294 912 288,00 K dpu11.dll Wed 2006-06-21 6:34:22 A.... 294 912 288,00 K dpugui10.dll Wed 2006-06-21 6:49:48 A.... 53 248 52,00 K dpugui11.dll Wed 2006-06-21 6:34:22 A.... 593 920 580,00 K dpus11.dll Wed 2006-06-21 6:34:22 A.... 344 064 336,00 K dpv11.dll Wed 2006-06-21 6:34:22 A.... 57 344 56,00 K dtu100.dll Wed 2006-06-21 6:34:22 A.... 200 704 196,00 K l6j80g~1.dll Thu 2006-08-03 19:37:30 A.... 235 127 229,61 K legitc~1.dll Wed 2006-05-17 11:23:38 A.... 579 888 566,30 K libdivx.dll Wed 2006-06-21 6:42:58 A.... 1 044 480 1020,00 K lvrs09~1.dll Thu 2006-08-03 19:43:38 ..S.R 235 926 230,39 K px.dll Wed 2006-06-21 15:44:24 ..... 372 736 364,00 K pxdrv.dll Wed 2006-06-21 15:44:24 ..... 421 888 412,00 K pxmas.dll Wed 2006-06-21 15:44:24 ..... 172 032 168,00 K pxwave.dll Wed 2006-06-21 15:44:24 ..... 339 968 332,00 K qt-dx331.dll Wed 2006-06-21 6:43:06 A.... 3 596 288 3,43 M rewire.dll Mon 2006-07-17 22:12:44 A.... 225 280 220,00 K rexsha~1.dll Mon 2006-07-17 22:12:44 A.... 233 472 228,00 K ssldivx.dll Wed 2006-06-21 6:42:58 A.... 200 704 196,00 K vxblock.dll Wed 2006-06-21 15:44:24 ..... 28 672 28,00 K w6f78636.dll Wed 2006-07-26 2:06:00 A.... 4 380 4,28 K 27 items found: 27 files (1 H/S), 0 directories. Total of file sizes: 12 048 985 bytes 11,49 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur F s'appelle window Le num‚ro de s‚rie du volume est D4CB-CC57 R‚pertoire de F:\WINDOWS\System32 2006-08-03 19:43 235ÿ926 lvrs0997e.dll 2006-07-20 14:44 dllcache 2006-07-17 17:26 Microsoft 1 fichier(s) 235ÿ926 octets 2 R‚p(s) 203ÿ870ÿ208 octets libres

Regis59 · Answer

okrelance l2mfix et choisis l'option 2 accepte le redémarrage du pc une fois fais poste le rapport de l'option 2et ensuite un nouveau hijack thisa+

sebydm · Answer

voici le rapport de l2mfixL2mfix 051206Creating Account.La commande s'est termin‚e correctement.Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX   ... successful Running From:F:\WINDOWS\system32 Killing Processes!   Killing 'smss.exe'\SystemRoot\System32\smss.exe (812)  Killing 'winlogon.exe'winlogon.exe    (888)  Killing 'explorer.exe'explorer.exe    (3772)  Killing 'rundll32.exe'rundll32.exe "F:\WINDOWS\system32\guard.tmp",DllGetVersion (3292)Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs   ... successful Scanning First Pass. Please Wait! First Pass Completed  Second Pass Scanning  Second pass Completed!        1 fichier(s) copi‚(s).Deleting: F:\WINDOWS\system32\guard.tmp  Successfully Deleted: F:\WINDOWS\system32\guard.tmp   msg11?.dll         0 fichier(s) copi‚(s).   Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key:****************************************************************************Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]"Asynchronous"=dword:00000000"DllName"="F:\WINDOWS\system32\lv6u09j9e.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001 The following are the files found: ****************************************************************************F:\WINDOWS\system32\guard.tmp  Registry Entries that were Deleted: Please verify that the listing looks ok.  If there was something deleted wrongly there are backups in the backreg folder. ****************************************************************************Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{324FDD93-DD5E-4024-8E78-83DED1E92245}]@=""[HKEY_CLASSES_ROOT\CLSID\{324FDD93-DD5E-4024-8E78-83DED1E92245}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{324FDD93-DD5E-4024-8E78-83DED1E92245}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{324FDD93-DD5E-4024-8E78-83DED1E92245}\InprocServer32]@="F:\WINDOWS\system32\stdocvw.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{B58D4854-08D0-457B-A3BA-B977352351DC}]@=""[HKEY_CLASSES_ROOT\CLSID\{B58D4854-08D0-457B-A3BA-B977352351DC}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{B58D4854-08D0-457B-A3BA-B977352351DC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{B58D4854-08D0-457B-A3BA-B977352351DC}\InprocServer32]@="F:\WINDOWS\system32\wudmtpus.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{4E64E235-92A9-449B-A30E-DD7C2CD479BD}]@=""[HKEY_CLASSES_ROOT\CLSID\{4E64E235-92A9-449B-A30E-DD7C2CD479BD}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{4E64E235-92A9-449B-A30E-DD7C2CD479BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{4E64E235-92A9-449B-A30E-DD7C2CD479BD}\InprocServer32]@="F:\WINDOWS\system32\ifnathlp.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}]@=""[HKEY_CLASSES_ROOT\CLSID\{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}\InprocServer32]@="F:\WINDOWS\system32\pfwv220.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}]@=""[HKEY_CLASSES_ROOT\CLSID\{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}\InprocServer32]@="F:\WINDOWS\system32\guard.tmp""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{1C7B9283-0187-4352-970B-3C7E554B2ECC}]@=""[HKEY_CLASSES_ROOT\CLSID\{1C7B9283-0187-4352-970B-3C7E554B2ECC}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{1C7B9283-0187-4352-970B-3C7E554B2ECC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{1C7B9283-0187-4352-970B-3C7E554B2ECC}\InprocServer32]@="F:\WINDOWS\system32\waspdmod.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{642BEBF9-B75B-4E3D-B538-7F9D8297B55D}]@=""[HKEY_CLASSES_ROOT\CLSID\{642BEBF9-B75B-4E3D-B538-7F9D8297B55D}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{642BEBF9-B75B-4E3D-B538-7F9D8297B55D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{642BEBF9-B75B-4E3D-B538-7F9D8297B55D}\InprocServer32]@="F:\WINDOWS\system32\guard.tmp""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{432EF12C-F5A0-4BC8-ACDD-683B3D2EF17F}]@=""[HKEY_CLASSES_ROOT\CLSID\{432EF12C-F5A0-4BC8-ACDD-683B3D2EF17F}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{432EF12C-F5A0-4BC8-ACDD-683B3D2EF17F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{432EF12C-F5A0-4BC8-ACDD-683B3D2EF17F}\InprocServer32]@="F:\WINDOWS\system32\guard.tmp""ThreadingModel"="Apartment"REGEDIT4[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{324FDD93-DD5E-4024-8E78-83DED1E92245}"=-"{B58D4854-08D0-457B-A3BA-B977352351DC}"=-"{4E64E235-92A9-449B-A30E-DD7C2CD479BD}"=-"{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}"=-"{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}"=-"{1C7B9283-0187-4352-970B-3C7E554B2ECC}"=-"{642BEBF9-B75B-4E3D-B538-7F9D8297B55D}"=-"{432EF12C-F5A0-4BC8-ACDD-683B3D2EF17F}"=-[-HKEY_CLASSES_ROOT\CLSID\{324FDD93-DD5E-4024-8E78-83DED1E92245}][-HKEY_CLASSES_ROOT\CLSID\{B58D4854-08D0-457B-A3BA-B977352351DC}][-HKEY_CLASSES_ROOT\CLSID\{4E64E235-92A9-449B-A30E-DD7C2CD479BD}][-HKEY_CLASSES_ROOT\CLSID\{AFAB2DBB-FA7C-4B90-A09E-3963133C240B}][-HKEY_CLASSES_ROOT\CLSID\{BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E}][-HKEY_CLASSES_ROOT\CLSID\{1C7B9283-0187-4352-970B-3C7E554B2ECC}][-HKEY_CLASSES_ROOT\CLSID\{642BEBF9-B75B-4E3D-B538-7F9D8297B55D}][-HKEY_CLASSES_ROOT\CLSID\{432EF12C-F5A0-4BC8-ACDD-683B3D2EF17F}]REGEDIT4[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]****************************************************************************Desktop.ini Contents: ********************************************************************************************************************************************************Checking for L2MFix account(0=no 1=yes): 0Zipping up files for submission:  adding: dlls/guard.tmp (164 bytes security) (deflated 5%)  adding: backregs/1C7B9283-0187-4352-970B-3C7E554B2ECC.reg (212 bytes security) (deflated 70%)  adding: backregs/324FDD93-DD5E-4024-8E78-83DED1E92245.reg (212 bytes security) (deflated 70%)  adding: backregs/432EF12C-F5A0-4BC8-ACDD-683B3D2EF17F.reg (212 bytes security) (deflated 70%)  adding: backregs/4E64E235-92A9-449B-A30E-DD7C2CD479BD.reg (212 bytes security) (deflated 70%)  adding: backregs/642BEBF9-B75B-4E3D-B538-7F9D8297B55D.reg (212 bytes security) (deflated 70%)  adding: backregs/AFAB2DBB-FA7C-4B90-A09E-3963133C240B.reg (212 bytes security) (deflated 70%)  adding: backregs/B58D4854-08D0-457B-A3BA-B977352351DC.reg (212 bytes security) (deflated 70%)  adding: backregs/BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E.reg (212 bytes security) (deflated 70%)  adding: backregs/notibac.reg (164 bytes security) (deflated 62%)  adding: backregs/shell.reg (164 bytes security) (deflated 73%)

sebydm · Answer

voici le rapport de hijackthisLogfile of HijackThis v1.99.1Scan saved at 13:36:58, on 2006-08-06Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeF:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeF:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeF:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\system32undll32.exeF:\WINDOWS\ATKKBService.exeH:\Program Files\ewido anti-spyware 4.0\guard.exeF:\WINDOWS\Explorer.EXEF:\Program Files\Norton AntiVirus
avapsvc.exeF:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeF:\WINDOWS\system32
otepad.exeF:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeF:\WINDOWS\System32\RUNDLL32.EXEF:\WINDOWS\RTHDCPL.EXEF:\WINDOWS\System32\MMTray.exeF:\WINDOWS\System32\MMTray2k.exeF:\WINDOWS\System32\MMTrayLSI.exeF:\WINDOWS\System32
vsvc32.exeF:\Program Files\Cyberlink\Shared files\RichVideo.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeF:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeH:\Program Files\Computer Alarm Clock\cac.exeH:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeH:\Program Files\ewido anti-spyware 4.0\ewido.exeF:\WINDOWS	snp2std.exeF:\WINDOWS\vsnp2std.exeH:\Program Files\iTunes\iTunesHelper.exeH:\Program Files\Java\jre1.5.0_06\bin\jusched.exeH:\Program Files\QuickTime\qttask.exeH:\Program Files\DAEMON Tools\daemon.exeF:\Program Files\MSN Messenger\MsnMsgr.ExeF:\Program Files\iPod\bin\iPodService.exeH:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exeF:\WINDOWS\System32\wuauclt.exeF:\Program Files\Internet Explorer\iexplore.exeF:\Program Files\Messenger\msmsgs.exeF:\Nouveau dossier\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [MMTray] MMTray.exeO4 - HKLM\..\Run: [MMTray2K] MMTray2k.exeO4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exeO4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\Language\Language.exe"O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [Computer Alarm Clock] H:\Program Files\Computer Alarm Clock\cac.exeO4 - HKLM\..\Run: [defender] C:\dfndref_7.exeO4 - HKLM\..\Run: [gcasServ] "H:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [!ewido] "H:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKLM\..\Run: [tsnp2std] F:\WINDOWS	snp2std.exeO4 - HKLM\..\Run: [snp2std] F:\WINDOWS\vsnp2std.exeO4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MétéoIMédia] h:\Program Files\MétéoMédia\MétéoIMédia\WeatherEyeO4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CABO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: Installer - F:\WINDOWS\system32\lv6u09j9e.dllO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - H:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
vsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Regis59 · Answer

salutremet un lm2fix option 1a+

sebydm · Answer

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall] "Asynchronous"=dword:00000000 "DllName"="F:\WINDOWS\system32\lv6u09j9e.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{3A4CACD6-9927-E674-00F5-25F887FB978A}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension" "{210DFC57-D7F6-41C7-9D91-397411EB7A41}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{210DFC57-D7F6-41C7-9D91-397411EB7A41}] @="" [HKEY_CLASSES_ROOT\CLSID\{210DFC57-D7F6-41C7-9D91-397411EB7A41}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{210DFC57-D7F6-41C7-9D91-397411EB7A41}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{210DFC57-D7F6-41C7-9D91-397411EB7A41}\InprocServer32] @="F:\WINDOWS\system32\guard.tmp" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: F:\WINDOWS\SYSTEM32\ cmdlin~1.dll Tue 2006-07-18 0:13:42 A.... 98 304 96,00 K divxwm~1.dll Wed 2006-06-21 6:33:42 A.... 12 288 12,00 K divx_x~1.dll Mon 2006-07-03 17:40:52 A.... 778 240 760,00 K divx_x~2.dll Mon 2006-07-03 17:40:52 A.... 778 240 760,00 K divx_x~3.dll Mon 2006-07-03 17:40:50 A.... 761 856 744,00 K dpl100.dll Wed 2006-06-21 6:34:22 A.... 90 112 88,00 K dpu10.dll Wed 2006-06-21 6:34:22 A.... 294 912 288,00 K dpu11.dll Wed 2006-06-21 6:34:22 A.... 294 912 288,00 K dpugui10.dll Wed 2006-06-21 6:49:48 A.... 53 248 52,00 K dpugui11.dll Wed 2006-06-21 6:34:22 A.... 593 920 580,00 K dpus11.dll Wed 2006-06-21 6:34:22 A.... 344 064 336,00 K dpv11.dll Wed 2006-06-21 6:34:22 A.... 57 344 56,00 K dtu100.dll Wed 2006-06-21 6:34:22 A.... 200 704 196,00 K i2060c~1.dll Sun 2006-08-06 13:27:58 ..S.R 236 528 230,98 K ktjol7~1.dll Mon 2006-08-07 13:47:48 ..S.R 237 243 231,68 K l4n4le~1.dll Sat 2006-08-05 19:45:06 ..S.R 235 939 230,41 K legitc~1.dll Wed 2006-05-17 11:23:38 A.... 579 888 566,30 K libdivx.dll Wed 2006-06-21 6:42:58 A.... 1 044 480 1020,00 K lv6u09~1.dll Sat 2006-08-05 19:39:10 ..S.R 235 926 230,39 K px.dll Wed 2006-06-21 15:44:24 ..... 372 736 364,00 K pxdrv.dll Wed 2006-06-21 15:44:24 ..... 421 888 412,00 K pxmas.dll Wed 2006-06-21 15:44:24 ..... 172 032 168,00 K pxwave.dll Wed 2006-06-21 15:44:24 ..... 339 968 332,00 K qt-dx331.dll Wed 2006-06-21 6:43:06 A.... 3 596 288 3,43 M rewire.dll Mon 2006-07-17 22:12:44 A.... 225 280 220,00 K rexsha~1.dll Mon 2006-07-17 22:12:44 A.... 233 472 228,00 K ssldivx.dll Wed 2006-06-21 6:42:58 A.... 200 704 196,00 K vxblock.dll Wed 2006-06-21 15:44:24 ..... 28 672 28,00 K w6f78636.dll Wed 2006-07-26 2:06:00 A.... 4 380 4,28 K 29 items found: 29 files (4 H/S), 0 directories. Total of file sizes: 12 523 568 bytes 11,94 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur F s'appelle window Le num‚ro de s‚rie du volume est D4CB-CC57 R‚pertoire de F:\WINDOWS\System32 2006-08-07 13:47 237ÿ243 ktjol7131.dll 2006-08-06 13:27 236ÿ528 i2060cdsef060.dll 2006-08-05 19:45 235ÿ939 l4n4le5q1h.dll 2006-08-05 19:39 235ÿ926 lv6u09j9e.dll 2006-07-20 14:44 dllcache 2006-07-17 17:26 Microsoft 4 fichier(s) 945ÿ636 octets 2 R‚p(s) 119ÿ840ÿ768 octets libres

Regis59 · Answer

okrefais l option 2ensuite remet l option 1PS: desole pour toutes ces manips mais on va s en sortir (j espere que t es pas pressé)a+

sebydm · Answer

oui je suis tres patient ! je veut vraiment que sa se regle cette chose la ! alors je te poste loption 2 et je vais te faire un autr message pour loption 1 ! L2mfix 051206Creating Account.La commande s'est termin‚e correctement.Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX   ... successful Running From:F:\WINDOWS\system32 Killing Processes!   Killing 'smss.exe'\SystemRoot\System32\smss.exe (812)  Killing 'winlogon.exe'winlogon.exe    (888)  Killing 'explorer.exe'F:\WINDOWS\Explorer.EXE (1320)  Killing 'rundll32.exe'"F:\WINDOWS\System32\RUNDLL32.EXE" F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit (1544)rundll32.exe "F:\WINDOWS\system32\guard.tmp",DllGetVersion (3000)Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs   ... successful Scanning First Pass. Please Wait! First Pass Completed  Second Pass Scanning  Second pass Completed!        1 fichier(s) copi‚(s).        1 fichier(s) copi‚(s).Deleting: F:\WINDOWS\system32\i2060cdsef060.dll  Successfully Deleted: F:\WINDOWS\system32\i2060cdsef060.dll  Deleting: F:\WINDOWS\system32\l4n4le5q1h.dll  Successfully Deleted: F:\WINDOWS\system32\l4n4le5q1h.dll   msg11?.dll         0 fichier(s) copi‚(s).   Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key:****************************************************************************Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]"Asynchronous"=dword:00000000"DllName"="F:\WINDOWS\system32\lv6u09j9e.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001 The following are the files found: ****************************************************************************F:\WINDOWS\system32\i2060cdsef060.dll F:\WINDOWS\system32\l4n4le5q1h.dll  Registry Entries that were Deleted: Please verify that the listing looks ok.  If there was something deleted wrongly there are backups in the backreg folder. ****************************************************************************Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{210DFC57-D7F6-41C7-9D91-397411EB7A41}]@=""[HKEY_CLASSES_ROOT\CLSID\{210DFC57-D7F6-41C7-9D91-397411EB7A41}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{210DFC57-D7F6-41C7-9D91-397411EB7A41}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{210DFC57-D7F6-41C7-9D91-397411EB7A41}\InprocServer32]@="F:\WINDOWS\system32\guard.tmp""ThreadingModel"="Apartment"REGEDIT4[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{210DFC57-D7F6-41C7-9D91-397411EB7A41}"=-[-HKEY_CLASSES_ROOT\CLSID\{210DFC57-D7F6-41C7-9D91-397411EB7A41}]REGEDIT4[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]****************************************************************************Desktop.ini Contents: ********************************************************************************************************************************************************Checking for L2MFix account(0=no 1=yes): 0Zipping up files for submission:  adding: dlls/guard.tmp (164 bytes security) (deflated 5%)  adding: dlls/i2060cdsef060.dll (164 bytes security) (deflated 5%)  adding: dlls/l4n4le5q1h.dll (164 bytes security) (deflated 5%)  adding: backregs/1C7B9283-0187-4352-970B-3C7E554B2ECC.reg (212 bytes security) (deflated 70%)  adding: backregs/210DFC57-D7F6-41C7-9D91-397411EB7A41.reg (212 bytes security) (deflated 70%)  adding: backregs/324FDD93-DD5E-4024-8E78-83DED1E92245.reg (212 bytes security) (deflated 70%)  adding: backregs/432EF12C-F5A0-4BC8-ACDD-683B3D2EF17F.reg (212 bytes security) (deflated 70%)  adding: backregs/4E64E235-92A9-449B-A30E-DD7C2CD479BD.reg (212 bytes security) (deflated 70%)  adding: backregs/642BEBF9-B75B-4E3D-B538-7F9D8297B55D.reg (212 bytes security) (deflated 70%)  adding: backregs/AFAB2DBB-FA7C-4B90-A09E-3963133C240B.reg (212 bytes security) (deflated 70%)  adding: backregs/B58D4854-08D0-457B-A3BA-B977352351DC.reg (212 bytes security) (deflated 70%)  adding: backregs/BE546B45-B2E5-4DB8-AD11-A3EC44D7D78E.reg (212 bytes security) (deflated 70%)  adding: backregs/notibac.reg (164 bytes security) (deflated 87%)  adding: backregs/shell.reg (164 bytes security) (deflated 74%)

sebydm · Answer

loption 1 L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings] "Asynchronous"=dword:00000000 "DllName"="F:\WINDOWS\system32\lv6u09j9e.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{3A4CACD6-9927-E674-00F5-25F887FB978A}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension" "{8D22CA70-3BFB-4F9C-87EF-ACDDE7BB557E}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{8D22CA70-3BFB-4F9C-87EF-ACDDE7BB557E}] @="" [HKEY_CLASSES_ROOT\CLSID\{8D22CA70-3BFB-4F9C-87EF-ACDDE7BB557E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{8D22CA70-3BFB-4F9C-87EF-ACDDE7BB557E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{8D22CA70-3BFB-4F9C-87EF-ACDDE7BB557E}\InprocServer32] @="F:\WINDOWS\system32\mkimg32.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: F:\WINDOWS\SYSTEM32\ cmdlin~1.dll Tue 2006-07-18 0:13:42 A.... 98 304 96,00 K divxwm~1.dll Wed 2006-06-21 6:33:42 A.... 12 288 12,00 K divx_x~1.dll Mon 2006-07-03 17:40:52 A.... 778 240 760,00 K divx_x~2.dll Mon 2006-07-03 17:40:52 A.... 778 240 760,00 K divx_x~3.dll Mon 2006-07-03 17:40:50 A.... 761 856 744,00 K dpl100.dll Wed 2006-06-21 6:34:22 A.... 90 112 88,00 K dpu10.dll Wed 2006-06-21 6:34:22 A.... 294 912 288,00 K dpu11.dll Wed 2006-06-21 6:34:22 A.... 294 912 288,00 K dpugui10.dll Wed 2006-06-21 6:49:48 A.... 53 248 52,00 K dpugui11.dll Wed 2006-06-21 6:34:22 A.... 593 920 580,00 K dpus11.dll Wed 2006-06-21 6:34:22 A.... 344 064 336,00 K dpv11.dll Wed 2006-06-21 6:34:22 A.... 57 344 56,00 K dtu100.dll Wed 2006-06-21 6:34:22 A.... 200 704 196,00 K enlml1~1.dll Wed 2006-08-09 1:50:02 ..S.R 237 057 231,50 K ktjol7~1.dll Mon 2006-08-07 13:47:48 ..S.R 237 243 231,68 K legitc~1.dll Wed 2006-05-17 11:23:38 A.... 579 888 566,30 K libdivx.dll Wed 2006-06-21 6:42:58 A.... 1 044 480 1020,00 K lv6u09~1.dll Sat 2006-08-05 19:39:10 ..S.R 235 926 230,39 K px.dll Wed 2006-06-21 15:44:24 ..... 372 736 364,00 K pxdrv.dll Wed 2006-06-21 15:44:24 ..... 421 888 412,00 K pxmas.dll Wed 2006-06-21 15:44:24 ..... 172 032 168,00 K pxwave.dll Wed 2006-06-21 15:44:24 ..... 339 968 332,00 K qt-dx331.dll Wed 2006-06-21 6:43:06 A.... 3 596 288 3,43 M rewire.dll Mon 2006-07-17 22:12:44 A.... 225 280 220,00 K rexsha~1.dll Mon 2006-07-17 22:12:44 A.... 233 472 228,00 K ssldivx.dll Wed 2006-06-21 6:42:58 A.... 200 704 196,00 K vxblock.dll Wed 2006-06-21 15:44:24 ..... 28 672 28,00 K w6f78636.dll Wed 2006-07-26 2:06:00 A.... 4 380 4,28 K 28 items found: 28 files (3 H/S), 0 directories. Total of file sizes: 12 288 158 bytes 11,72 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur F s'appelle window Le num‚ro de s‚rie du volume est D4CB-CC57 R‚pertoire de F:\WINDOWS\System32 2006-08-09 01:50 237ÿ057 enlml1311.dll 2006-08-07 13:47 237ÿ243 ktjol7131.dll 2006-08-05 19:39 235ÿ926 lv6u09j9e.dll 2006-07-20 14:44 dllcache 2006-07-17 17:26 Microsoft 3 fichier(s) 710ÿ226 octets 2 R‚p(s) 182ÿ841ÿ344 octets libres

Regis59 · Answer

okTélécharge: Pocket Killbox ici http://www.downloads.subratam.org/KillBox.exe :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::http://pageperso.aol.fr/balltrap34/killbox.htm Regarde la video et utilise la methode du bloc note, voici la liste:F:\WINDOWS\System32\enlml1311.dll F:\WINDOWS\System32\ktjol7131.dll F:\WINDOWS\System32\lv6u09j9e.dll Redemarre et remet un lm2fix option 1 + hijack thisa+

sebydm · Answer

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability] "Asynchronous"=dword:00000000 "DllName"="F:\WINDOWS\system32\enlml1311.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{3A4CACD6-9927-E674-00F5-25F887FB978A}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension" "{8D22CA70-3BFB-4F9C-87EF-ACDDE7BB557E}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{8D22CA70-3BFB-4F9C-87EF-ACDDE7BB557E}] @="" [HKEY_CLASSES_ROOT\CLSID\{8D22CA70-3BFB-4F9C-87EF-ACDDE7BB557E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{8D22CA70-3BFB-4F9C-87EF-ACDDE7BB557E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{8D22CA70-3BFB-4F9C-87EF-ACDDE7BB557E}\InprocServer32] @="F:\WINDOWS\system32\mkimg32.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: F:\WINDOWS\SYSTEM32\ cmdlin~1.dll Tue 2006-07-18 0:13:42 A.... 98 304 96,00 K divxwm~1.dll Wed 2006-06-21 6:33:42 A.... 12 288 12,00 K divx_x~1.dll Mon 2006-07-03 17:40:52 A.... 778 240 760,00 K divx_x~2.dll Mon 2006-07-03 17:40:52 A.... 778 240 760,00 K divx_x~3.dll Mon 2006-07-03 17:40:50 A.... 761 856 744,00 K dpl100.dll Wed 2006-06-21 6:34:22 A.... 90 112 88,00 K dpu10.dll Wed 2006-06-21 6:34:22 A.... 294 912 288,00 K dpu11.dll Wed 2006-06-21 6:34:22 A.... 294 912 288,00 K dpugui10.dll Wed 2006-06-21 6:49:48 A.... 53 248 52,00 K dpugui11.dll Wed 2006-06-21 6:34:22 A.... 593 920 580,00 K dpus11.dll Wed 2006-06-21 6:34:22 A.... 344 064 336,00 K dpv11.dll Wed 2006-06-21 6:34:22 A.... 57 344 56,00 K dtu100.dll Wed 2006-06-21 6:34:22 A.... 200 704 196,00 K ktjol7~1.dll Mon 2006-08-07 13:47:48 ..S.R 237 243 231,68 K legitc~1.dll Wed 2006-05-17 11:23:38 A.... 579 888 566,30 K libdivx.dll Wed 2006-06-21 6:42:58 A.... 1 044 480 1020,00 K px.dll Wed 2006-06-21 15:44:24 ..... 372 736 364,00 K pxdrv.dll Wed 2006-06-21 15:44:24 ..... 421 888 412,00 K pxmas.dll Wed 2006-06-21 15:44:24 ..... 172 032 168,00 K pxwave.dll Wed 2006-06-21 15:44:24 ..... 339 968 332,00 K qt-dx331.dll Wed 2006-06-21 6:43:06 A.... 3 596 288 3,43 M rewire.dll Mon 2006-07-17 22:12:44 A.... 225 280 220,00 K rexsha~1.dll Mon 2006-07-17 22:12:44 A.... 233 472 228,00 K ssldivx.dll Wed 2006-06-21 6:42:58 A.... 200 704 196,00 K vxblock.dll Wed 2006-06-21 15:44:24 ..... 28 672 28,00 K w6f78636.dll Wed 2006-07-26 2:06:00 A.... 4 380 4,28 K 26 items found: 26 files (1 H/S), 0 directories. Total of file sizes: 11 815 175 bytes 11,27 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur F s'appelle window Le num‚ro de s‚rie du volume est D4CB-CC57 R‚pertoire de F:\WINDOWS\System32 2006-08-07 13:47 237ÿ243 ktjol7131.dll 2006-07-20 14:44 dllcache 2006-07-17 17:26 Microsoft 1 fichier(s) 237ÿ243 octets 2 R‚p(s) 179ÿ732ÿ480 octets libres

sebydm · Answer

Logfile of HijackThis v1.99.1Scan saved at 23:22:40, on 2006-08-09Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeF:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeF:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeF:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\Explorer.EXEF:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeF:\WINDOWS\System32\RUNDLL32.EXEF:\WINDOWS\RTHDCPL.EXEF:\WINDOWS\System32\MMTray.exeF:\WINDOWS\System32\MMTray2k.exeF:\WINDOWS\System32\MMTrayLSI.exeF:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeH:\Program Files\Computer Alarm Clock\cac.exeF:\WINDOWS\ATKKBService.exeH:\Program Files\ewido anti-spyware 4.0\guard.exeF:\Program Files\Norton AntiVirus
avapsvc.exeF:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeF:\WINDOWS\System32
vsvc32.exeF:\Program Files\Cyberlink\Shared files\RichVideo.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeH:\Program Files\ewido anti-spyware 4.0\ewido.exeH:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeF:\WINDOWS	snp2std.exeF:\WINDOWS\vsnp2std.exeH:\Program Files\iTunes\iTunesHelper.exeH:\Program Files\Java\jre1.5.0_06\bin\jusched.exeF:\Program Files\iPod\bin\iPodService.exeF:\Program Files\MSN Messenger\MsnMsgr.ExeF:\WINDOWS\System32\wuauclt.exeH:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exeF:\WINDOWS\system32\NOTEPAD.EXEF:\Program Files\Internet Explorer\iexplore.exeF:\Program Files\Windows Media Player\wmplayer.exeF:\Program Files\Messenger\msmsgs.exeF:\Nouveau dossier\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [MMTray] MMTray.exeO4 - HKLM\..\Run: [MMTray2K] MMTray2k.exeO4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exeO4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\Language\Language.exe"O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [Computer Alarm Clock] H:\Program Files\Computer Alarm Clock\cac.exeO4 - HKLM\..\Run: [defender] C:\dfndref_7.exeO4 - HKLM\..\Run: [gcasServ] "H:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [!ewido] "H:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKLM\..\Run: [tsnp2std] F:\WINDOWS	snp2std.exeO4 - HKLM\..\Run: [snp2std] F:\WINDOWS\vsnp2std.exeO4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MétéoIMédia] h:\Program Files\MétéoMédia\MétéoIMédia\WeatherEyeO4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CABO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: Reliability - F:\WINDOWS\system32\enlml1311.dll (file missing)O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - H:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
vsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Regis59 · Answer

SalutFixe ceciO20 - Winlogon Notify: Reliability - F:\WINDOWS\system32\enlml1311.dll (file missing)Avec la methode du bloc note, supprime ceciF:\WINDOWS\System32\ktjol7131.dll F:\WINDOWS\system32\enlml1311.dll Remet ensuite les 2 rapportsa+

sebydm · Answer

salut regis ! je voulais te dire que tu as reussi ! depuis hier jai rien heu ,dhabitude javais un pop-ups qui ouvrai a toute les 15 seconde et je devais remettre mon son dans la bar de tache puis depuis hier plus rien ! donc je te remerci enormement ! je croyais pas quon allais reussir ! en passant est ce que je peu garder ton mail au cas ou jaurai dautre chose ?? tu est vraiemnt bon !

Regis59 · Answer

SalutPeux tu remettre un Hijack this stp pour que je verifie; merciPour mon email lol, je ne le devoile pas lol mais tu peux te rendre sur le forum qui est dans mon profil, j en suis l administrateur et on pourra se contacter la bas.A+;-)

sebydm · Answer

Logfile of HijackThis v1.99.1Scan saved at 03:09:31, on 2006-08-11Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeF:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeF:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeF:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeF:\WINDOWS\system32\spoolsv.exeF:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeF:\WINDOWS\System32\RUNDLL32.EXEF:\WINDOWS\RTHDCPL.EXEF:\WINDOWS\System32\MMTray.exeF:\WINDOWS\System32\MMTray2k.exeF:\WINDOWS\System32\MMTrayLSI.exeF:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeH:\Program Files\Computer Alarm Clock\cac.exeF:\WINDOWS\ATKKBService.exeH:\Program Files\ewido anti-spyware 4.0\guard.exeF:\Program Files\Norton AntiVirus
avapsvc.exeF:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeF:\WINDOWS\System32
vsvc32.exeF:\Program Files\Cyberlink\Shared files\RichVideo.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeH:\Program Files\ewido anti-spyware 4.0\ewido.exeH:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeF:\WINDOWS	snp2std.exeF:\WINDOWS\vsnp2std.exeH:\Program Files\iTunes\iTunesHelper.exeH:\Program Files\Java\jre1.5.0_06\bin\jusched.exeF:\Program Files\iPod\bin\iPodService.exeF:\Program Files\MSN Messenger\MsnMsgr.ExeF:\WINDOWS\System32\wuauclt.exeH:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exeF:\Program Files\Windows Media Player\wmplayer.exeF:\WINDOWS\explorer.exeF:\Program Files\Internet Explorer\iexplore.exeF:\Nouveau dossier\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [MMTray] MMTray.exeO4 - HKLM\..\Run: [MMTray2K] MMTray2k.exeO4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exeO4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\Language\Language.exe"O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [Computer Alarm Clock] H:\Program Files\Computer Alarm Clock\cac.exeO4 - HKLM\..\Run: [defender] C:\dfndref_7.exeO4 - HKLM\..\Run: [gcasServ] "H:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [!ewido] "H:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKLM\..\Run: [tsnp2std] F:\WINDOWS	snp2std.exeO4 - HKLM\..\Run: [snp2std] F:\WINDOWS\vsnp2std.exeO4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MétéoIMédia] h:\Program Files\MétéoMédia\MétéoIMédia\WeatherEyeO4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CABO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: Reliability - F:\WINDOWS\system32\enlml1311.dll (file missing)O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - H:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
vsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Regis59 · Answer

Salut,¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :O4 - HKLM\..\Run: [defender] C:\dfndref_7.exe O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB O20 - Winlogon Notify: Reliability - F:\WINDOWS\system32\enlml1311.dll (file missing) ---------------------------------------------------------------------------- ¤Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5).  ----------------------------------------------------------------------------¤Recherche et supprime ceci: attention seulement les fichiers  (si présents).C:\dfndref_7.exe Redemarre et remet un rapport.a+

sebydm · Answer

le fichier a supprimer en mode sasn echec est absent ! je sais pas ou il est ! et jai fait une recherche et il ne le trouve pas non plus ! ais jai fait les autre manip .Logfile of HijackThis v1.99.1Scan saved at 15:44:49, on 2006-08-11Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeF:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeF:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeF:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\Explorer.EXEF:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeF:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeF:\WINDOWS\System32\RUNDLL32.EXEF:\WINDOWS\RTHDCPL.EXEF:\WINDOWS\System32\MMTray.exeF:\WINDOWS\System32\MMTray2k.exeF:\WINDOWS\System32\MMTrayLSI.exeH:\Program Files\Computer Alarm Clock\cac.exeF:\WINDOWS\ATKKBService.exeH:\Program Files\ewido anti-spyware 4.0\guard.exeF:\Program Files\Norton AntiVirus
avapsvc.exeF:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeF:\WINDOWS\System32
vsvc32.exeF:\Program Files\Cyberlink\Shared files\RichVideo.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeH:\Program Files\ewido anti-spyware 4.0\ewido.exeH:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeF:\WINDOWS	snp2std.exeF:\WINDOWS\vsnp2std.exeF:\WINDOWS\System32\wuauclt.exeH:\Program Files\iTunes\iTunesHelper.exeH:\Program Files\Java\jre1.5.0_06\bin\jusched.exeF:\Program Files\iPod\bin\iPodService.exeF:\Program Files\MSN Messenger\MsnMsgr.ExeF:\WINDOWS\System32\wuauclt.exeH:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exeF:\Program Files\Messenger\msmsgs.exeF:\Nouveau dossier\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [MMTray] MMTray.exeO4 - HKLM\..\Run: [MMTray2K] MMTray2k.exeO4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exeO4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\Language\Language.exe"O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [Computer Alarm Clock] H:\Program Files\Computer Alarm Clock\cac.exeO4 - HKLM\..\Run: [gcasServ] "H:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [!ewido] "H:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKLM\..\Run: [tsnp2std] F:\WINDOWS	snp2std.exeO4 - HKLM\..\Run: [snp2std] F:\WINDOWS\vsnp2std.exeO4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MétéoIMédia] h:\Program Files\MétéoMédia\MétéoIMédia\WeatherEyeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - H:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
vsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Regis59 · Answer

salut¤Affiche tous les fichiers et dossiers : Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage Coche « afficher les fichiers et dossiers cachés » Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" Décoche « masquer les extensions dont le type est connu » Puis fais «Ok» pour valider les changements. Et appliquer !Le trouves tu maintenant?a+

sebydm · Answer

salut !dsl si sa ete long , j'éetais parti en vacance 3 jours donc jai pas ete sur mon ordi :) jai fait la manipulation que tu ma dit et je le trouve pas ! jai chercher dans tous mes lecteur et imposible de le trouve ! je comprend pas

Regis59 · Answer

SalutBien les vacances?Télécharge: Pocket Killbox ici http://www.downloads.subratam.org/KillBox.exe :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::http://pageperso.aol.fr/balltrap34/killbox.htm Double clic sur killbox.exe (Pocket Killbox) - coche: delete on reboot - Dans "Full Path of File to Delete" - copie et colle:  C:\dfndref_7.exe -Sélectionne "single File"- clique sur la croix rouge - une fenêtre va apparaître pour confirmation clique sur YES - une seconde fenêtre te demande si tu veux redémarrer clique sur YES Si ce message s’affiche ignore le :http://tinypic.com/images/goodbye.jpg Laisse le pc redémarrer.Et après reposte un log HijackThis. A+

sebydm · Answer

sa veut pas redemarrer ! sa marque ,,,,,,pendingfilerenameperation registry data has benn removed by exterbal process !je sais pas si il a supprimer ! est ce que tu sais pourquoi que sa marque sa ??

Regis59 · Answer

salutoui ignore leredemarre ton pca+

sebydm · Answer

Logfile of HijackThis v1.99.1Scan saved at 03:37:16, on 2006-08-18Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeF:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeF:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\Explorer.EXEF:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeF:\WINDOWS\System32\RUNDLL32.EXEF:\WINDOWS\RTHDCPL.EXEF:\WINDOWS\System32\MMTray.exeF:\WINDOWS\System32\MMTray2k.exeF:\WINDOWS\System32\MMTrayLSI.exeH:\Program Files\Computer Alarm Clock\cac.exeF:\WINDOWS\ATKKBService.exeH:\Program Files\ewido anti-spyware 4.0\guard.exeH:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeF:\Program Files\Norton AntiVirus
avapsvc.exeF:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeF:\WINDOWS\System32
vsvc32.exeH:\Program Files\CyberLink\Shared files\RichVideo.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeF:\WINDOWS\vsnp2std.exeH:\Program Files\iTunes\iTunesHelper.exeH:\Program Files\Java\jre1.5.0_06\bin\jusched.exeF:\Program Files\iPod\bin\iPodService.exeF:\WINDOWS\System32undll32.exeF:\Program Files\MSN Messenger\MsnMsgr.ExeH:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exeF:\WINDOWS\System32\wuauclt.exeH:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exeH:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exeF:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Propellerhead\Reason\Reason.exeF:\Program Files\Internet Explorer\iexplore.exeF:\Nouveau dossier\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [MMTray] MMTray.exeO4 - HKLM\..\Run: [MMTray2K] MMTray2k.exeO4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exeO4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [Computer Alarm Clock] H:\Program Files\Computer Alarm Clock\cac.exeO4 - HKLM\..\Run: [gcasServ] "H:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [!ewido] "H:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKLM\..\Run: [tsnp2std] F:\WINDOWS	snp2std.exeO4 - HKLM\..\Run: [snp2std] F:\WINDOWS\vsnp2std.exeO4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exeO4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MétéoIMédia] h:\Program Files\MétéoMédia\MétéoIMédia\WeatherEyeO4 - HKCU\..\Run: [PowerBar] "H:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTimeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.comO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - H:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
vsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Regis59 · Answer

Salut,Ou en sont tes soucis?a+

sebydm · Answer

bien sa a lair reparer ! depuis plus aucun pop-ups , plsu rien de danormale pour linstant ! et jespere que sa restera comme sa longtemsp lol ! merci bcp pour toi ! a +

Regis59 · Answer

SalutSuper alors lolEvite de surfer sur n importe quoi et tu n auras aucuns problemes lolBon week end.a+

Des pop-ups sans cesse

54 réponses

Discussions similaires

Newsletters