Sujet Précédent Sujet Suivant

Virus entrainant débordement mémoire tampon

Résolu/Fermé
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006 - 9 oct. 2006 à 22:40
 abdou - 15 juil. 2007 à 23:55
bonjour j'ai besoin d'aide pour résoudre un problème de blocage pour cause de débordement de la mémoire tampon décelé par virus scan entreprise 8.0
message type : c\:windows\system32\svchost.exe:: loadlibrarya

merci d'avance

gdf

34 réponses

  • 1
  • 2
Réponse 1 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
10 oct. 2006 à 15:33
Salut

télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
10 oct. 2006 à 20:15
Salut régis59, j'ai effectuer la manip que tu m'as demandé voici la copie du log

Logfile of HijackThis v1.99.1
Scan saved at 20:05:48, on 10/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\grand\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.packardbell.fr/center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.fr/center
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SurfairyHlp Class - {E0B9B5FE-B66E-4FB0-A1D9-726F0E743CFD} - C:\Program Files\Surfairy\SurfairyPP.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll

en espérant que tu puisses y voir quelque chose

merci d'avance

a+

gdf
0
Isabelle
12 nov. 2006 à 04:29
jai le meme probleme que gdf avait. peux-tu m'aider?

voici mes données:

Logfile of HijackThis v1.99.1
Scan saved at 5:59:31 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\PROGRA~1\EzButton\CPLDFL10.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CPLDFL10] C:\PROGRA~1\EzButton\CPLDFL10.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{78A04BF5-EF63-43B7-B047-FFE85A3DC7A6}: NameServer = 85.255.115.77,85.255.112.159
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F22C040-C162-4A4A-9BD5-379843DC9874}: NameServer = 85.255.115.77,85.255.112.159
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.77 85.255.112.159
O17 - HKLM\System\CS1\Services\Tcpip\..\{78A04BF5-EF63-43B7-B047-FFE85A3DC7A6}: NameServer = 85.255.115.77,85.255.112.159
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.77 85.255.112.159
O17 - HKLM\System\CS2\Services\Tcpip\..\{78A04BF5-EF63-43B7-B047-FFE85A3DC7A6}: NameServer = 85.255.115.77,85.255.112.159
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.77 85.255.112.159
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
abdou
15 juil. 2007 à 23:55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:22, on 15/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\windows\system32\azvfjr.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\linkprd.exe
C:\DOCUME~1\abdou\LOCALS~1\Temp\winlogon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\abdou\LOCALS~1\Temp\Rar$EX16.221\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\8d31f6e93a03bc7a736602ed1adb9986\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [jtdyef] c:\windows\system32\jtdyef.exe jtdyef
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\PCDRIV~1\UGDCcw.exe" -start
O4 - HKLM\..\Run: [ddasmjhdz] c:\windows\system32\ddasmjhdz.exe ddasmjhdz
O4 - HKLM\..\Run: [etircczx] c:\windows\system32\etircczx.exe etircczx
O4 - HKLM\..\Run: [etlzggn] c:\windows\system32\etlzggn.exe etlzggn
O4 - HKLM\..\Run: [azvfjr] c:\windows\system32\azvfjr.exe azvfjr
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\system32\system.exe
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\abdou\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8B8837E-EB2E-478C-B3BE-DC2FCBA3D219}: NameServer = 212.217.1.4 212.217.0.14
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O21 - SSODL: system32 - {0262E82C-2A91-47BB-8F5C-F5578F18933A} - sysprinters.dll (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
0
Réponse 2 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
10 oct. 2006 à 21:44
Salut

as tu ceci dans ajout/suppression de programme?

Surfairy

a+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
10 oct. 2006 à 21:56
salut

je n'ai pas surfairy dans ajout/suppression de programme

par contre je t'envoie une nouvelle copie de log car lors du premier envoi mon antivirus(virusscan entreprise 8.0), mon navigateur internet (mozilla) et ma connexion ethernet n'était pas en service
maintenant je suis en config normale ... si l'on peut dire ainsi...

nouveau log
Logfile of HijackThis v1.99.1
Scan saved at 21:42:12, on 10/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\winIogon.exe
C:\WINDOWS\System32\iexplore.exe
C:\WINDOWS\System32\algs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\lscas.exe
c:\windows\pwr.exe
c:\nwnmff_e26.exe
c:\dfndrff_e26.exe
C:\WINDOWS\explorer.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\grand\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SurfairyHlp Class - {E0B9B5FE-B66E-4FB0-A1D9-726F0E743CFD} - C:\Program Files\Surfairy\SurfairyPP.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e26.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e26.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\tqemeui.dll
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Administrator Services - Unknown owner - C:\WINDOWS\system32\lscas.exe

a+

merci
0
Réponse 3 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
10 oct. 2006 à 23:32
Salut;

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

A+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
11 oct. 2006 à 19:45
salut, voici ce que tu m'as demandé après exécution du programme

rapport

SmitFraudFix v2.109

Rapport fait à 19:41:34,48, 11/10/2006
Executé à partir de C:\Documents and Settings\grand\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\drsmartload?.exe PRESENT !
C:\drsmartload??.exe PRESENT !
C:\drsmartload???.exe PRESENT !
C:\drsmartload????.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\drsmartload2.dat PRESENT !
C:\WINDOWS\newname.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\grand


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\grand\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\grand\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

a+

gdf
0
Réponse 4 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
12 oct. 2006 à 12:21
Salut

Demarre en mode sans echec, relance smitfraudfix, choisit l option 2 puis enregistre le rapport.
Redemarre le pc et copie colle le rapport ici.

A+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
12 oct. 2006 à 14:46
salut

j'ai effectué les manips que tu m'as demandées voici le rapport

SmitFraudFix v2.109

Rapport fait à 14:37:05,73, 12/10/2006
Executé à partir de C:\Documents and Settings\grand\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\drsmartload?.exe supprimé
C:\WINDOWS\drsmartload2.dat supprimé
C:\WINDOWS\newname.dat supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

a+

gdf
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
12 oct. 2006 à 21:37
salut

remet un hijack this

a+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
12 oct. 2006 à 22:30
salut voici le log

Logfile of HijackThis v1.99.1
Scan saved at 22:23:49, on 12/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\lscas.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\winIogon.exe
C:\WINDOWS\System32\iexplore.exe
C:\WINDOWS\System32\algs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\grand\Local Settings\Temp\Répertoire temporaire 5 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SurfairyHlp Class - {E0B9B5FE-B66E-4FB0-A1D9-726F0E743CFD} - C:\Program Files\Surfairy\SurfairyPP.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\fp4403hqe.dll
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Administrator Services - Unknown owner - C:\WINDOWS\system32\lscas.exe


a+

gdf
0
Réponse 6 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
13 oct. 2006 à 16:12
Bonjour,

Méthode à suivre dans l'ordre...

Windows n est pas a jour, ton systeme est donc ouvert a toutes les infections et a tous pirates informatiques.
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

1/

Spybot S&D 1.4
https://www.safer-networking.org/

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/

Ad-Aware SE 1.06
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf

3/ Ewido:
http://download.ewido.net/ewido-setup.exe

4/ Ccleaner :

https://www.pcastuces.com/logitheque/ccleaner.htm
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O2 - BHO: SurfairyHlp Class - {E0B9B5FE-B66E-4FB0-A1D9-726F0E743CFD} - C:\Program Files\Surfairy\SurfairyPP.dll

O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe

O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe

O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe

O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)

O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\fp4403hqe.dll

O23 - Service: Remote Administrator Services - Unknown owner - C:\WINDOWS\system32\lscas.exe

----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

C:\Program Files\Surfairy
C:\Program Files\TheSearchAccelerator
C:\WINDOWS\System32\winIogon.exe << avec un I
C:\WINDOWS\System32\algs.exe
C:\WINDOWS\system32\lscas.exe
----------------------------------------------------------------------------
¤Arrête ces services :

Clique sur Démarrer->exécuter->tape: services.msc

Double-clique: Service: Remote Administrator Services

Règle-le sur "Arrêté" et "Désactivé".
----------------------------------------------------------------------------
¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
-------------------------------------------------------------------------------------------
¤ Lance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche. Va dans "Avancé" et décoche "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système/Avancé)
• Clique sur Analyse
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur Lancer le Nettoyage

Suppression des incohérence du registre

• Clique sur l'icône Erreurs situés dans la marge à gauche.
• Puis clique sur Analyser les erreurs
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur Corriger les erreurs.
Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Précise tes soucis s’il en reste....

Tiens-moi au courant

A+
0
Réponse 7 / 34
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
15 oct. 2006 à 12:39
Salut

Rq : pour commniquer avec toi je me connecte depuis un portable

j'ai effectué les manips que tu m'as demandé et rencontré plusieurs soucis :

pas de fichier Iscas.exe à supprimer

impossible de lancer spyboot en mode sans échec car je ne pouvais pas faire les mises à jour, je les ai donc faites en mode normal ...
après spyboot à fonctionner

Scan Ewido puis rapport

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:20:05 14/10/2006

+ Résultat de l'analyse:



C:\Documents and Settings\grand\Local Settings\Temporary Internet Files\Content.IE5\RYW7POQG\AppWrap[1].exe -> Adware.AdURL : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001505.exe -> Adware.AdURL : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000297.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000302.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000312.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000324.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000334.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000345.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000355.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000360.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000396.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001414.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001416.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001467.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001495.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001511.dll -> Adware.Look2Me : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001522.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\__delete_on_reboot__c_z_y_p_t_d_l_l_._d_l_l_ -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\__delete_on_reboot__g_u_a_r_d_._t_m_p_ -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\aysnt.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\cucfg32.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\dwdlgs.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\e6020gdoe60c0.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\guard.tmp_tobedeleted -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\h0n0la5m1d.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\iwv6mon.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\ixseng.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\mpwmdm.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\nkevtmsg.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\pKqsp.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\pfchdprf.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\ubrvpa.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\uhtheme.dll -> Adware.Look2Me : Ignoré.
[584] C:\WINDOWS\system32\uqandlg.dll -> Adware.Look2Me : Ignoré.
[716] C:\WINDOWS\system32\uqandlg.dll -> Adware.Look2Me : Ignoré.
C:\WINDOWS\system32\iexplore.exe -> Backdoor.Agobot.aix : Ignoré.
C:\WINDOWS\system32\hlzx.exe -> Backdoor.PoeBot.j : Ignoré.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8L2ZGPIZ\drsmartload1022a[1].exe -> Downloader.Adload.fu : Ignoré.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\D5NRWLNA\drsmartload45a[1].exe -> Downloader.Adload.fu : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000263.exe -> Downloader.Adload.fu : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000266.exe -> Downloader.Adload.fu : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001490.exe -> Downloader.Adload.fu : Ignoré.
C:\WINDOWS\dov9.exe -> Downloader.Adload.fu : Ignoré.
C:\doc.exe -> Downloader.Adload.fu : Ignoré.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8L2ZGPIZ\MTE3NDI6ODoxNgV2[1].exe -> Downloader.Agent.azc : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001492.exe -> Downloader.Agent.azc : Ignoré.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\D5NRWLNA\ac3_0010[1].exe -> Downloader.Small : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001489.exe -> Downloader.Small : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001428.exe -> Dropper.Paradrop.a : Ignoré.
:mozilla.15:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Cpvfeed : Ignoré.
:mozilla.16:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Cpvfeed : Ignoré.
:mozilla.17:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Cpvfeed : Ignoré.
:mozilla.18:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Cpvfeed : Ignoré.
:mozilla.52:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.53:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.54:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.55:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.56:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.10:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.11:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.12:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.13:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.6:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.7:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.8:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.9:C:\Documents and Settings\grand\Application Data\Mozilla\Profiles\default\7ajw1r8i.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000247.exe -> Trojan.Dialer.u : Ignoré.
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000262.exe -> Trojan.Dialer.u : Ignoré.
C:\mv.exe -> Trojan.Dialer.u : Ignoré.


Fin du rapport

Passage de Ad Adware :
détection des fichiers Adware.Look2Me (C\WINDOW\System32\irp2157o1.dll) et Adware.Look2Me (C\WINDOW\System32\rFsctrs.dll) impossible à supprimer . Le programme m'indique qu'ils seront supprimés au prochain rédémarrage ???

Passage de Spyboot
détection du fichier Look2Me.Topcobversing , impossible à supprimer, fichier toujours actif, sera supprimer au prochain rédémarrage ???

Passade de CCleaner : pas de problème à priori

Rapport Hijackthis final :

Logfile of HijackThis v1.99.1
Scan saved at 19:34:49, on 14/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\grand\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\o4480ehueh480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

Problèmes subsistants :

Lancement intempestif de Mozilla sur des sites de jeux type casino ou sur des sites de ventes d'antivirus...

Ce matin Arret du système suite à problème message suivant :

Problème avec le fichier C\WINDOW\System 32\Iass.exe erreur type 107 37 418 19

Voila ce que je peux t'indiquer bon courage

A+

GDF
0
Réponse 8 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
17 oct. 2006 à 12:54
Salut

Relance ewido et a la fin du scan, choisis delete
Puis remet le rapport

a+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
17 oct. 2006 à 21:04
Salut voici le rapport ewido en question

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:44:00 17/10/2006

+ Résultat de l'analyse:



C:\WINDOWS\system32\__delete_on_reboot__c_z_y_p_t_d_l_l_._d_l_l_ -> Adware.Look2Me : Aucune action entreprise.
C:\WINDOWS\system32\__delete_on_reboot__g_u_a_r_d_._t_m_p_ -> Adware.Look2Me : Aucune action entreprise.
C:\WINDOWS\system32\n62ulgf9162.dll -> Adware.Look2Me : Aucune action entreprise.
C:\WINDOWS\system32\nkevtmsg.dll -> Adware.Look2Me : Aucune action entreprise.
C:\WINDOWS\system32\pKqsp.dll -> Adware.Look2Me : Aucune action entreprise.
C:\WINDOWS\system32\pfchdprf.dll -> Adware.Look2Me : Aucune action entreprise.
C:\WINDOWS\system32\ubrvpa.dll -> Adware.Look2Me : Aucune action entreprise.
C:\WINDOWS\system32\uhtheme.dll -> Adware.Look2Me : Aucune action entreprise.


Fin du rapport

Rq : lors de l'allumage de mon micro, j'ai eu une erreur du même type que la fois précédente qui à entrainer un arret du système.

Pendant le scan ewido j'ai eu plusieurs démarrages intempestifs de Mozilla avec des connections sur des sites de jeux, de rencontres, d'immobilier.

J'ai eu l'apparition sur le bureau de 3 raccourcis surement vers des sites internet voici leur noms :

Online Dating
Cheap Holiday Travel
Free Online Music

Merci

A+

gdf
0
Réponse 9 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
18 oct. 2006 à 10:54
Salut;

Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe


- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée]

A+
0
Réponse 10 / 34
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
18 oct. 2006 à 14:11
salut, j'ai utilisé le programme en question, je te joins le rapport au cas ou

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\azas0c77ef.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6EF6876E-8CCB-3784-1CE9-221E167E383C}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
"{A0752120-6D75-D111-B5B1-0800095A2318}"="HandyBits EasyCrypto Shell Extensions"
"{BE7FC451-2B79-42E6-8408-3F28D7447790}"=""
"{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}"=""
"{96E0C116-31FD-4DB6-9228-6F91ABF97CBA}"=""
"{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}"=""
"{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}"=""
"{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}"=""
"{59EE1164-21F9-4916-BF4B-4BF5E20379C0}"=""
"{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}"=""
"{A152C159-37D3-4080-94FE-9D697715D876}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\InprocServer32]
@="C:\\WINDOWS\\system32\\aysnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\rFsctrs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\movbvm50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\InprocServer32]
@="C:\\WINDOWS\\system32\\jIvart.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aysnt.dll Sat 14 Oct 2006 11:50:26 ..S.R 236 646 231,10 K
azas0c~1.dll Wed 18 Oct 2006 13:53:06 ..S.R 236 934 231,38 K
cucfg32.dll Fri 13 Oct 2006 17:58:56 ..S.R 234 167 228,68 K
dnr401~1.dll Wed 18 Oct 2006 14:00:06 ..S.R 233 493 228,02 K
dwdlgs.dll Thu 12 Oct 2006 22:23:02 ..S.R 236 191 230,65 K
e6020g~1.dll Sat 14 Oct 2006 11:22:52 ..S.R 235 721 230,20 K
fpro03~1.dll Sun 15 Oct 2006 11:07:12 ..S.R 235 467 229,95 K
h0n0la~1.dll Sat 14 Oct 2006 13:52:28 ..S.R 234 037 228,55 K
iwv6mon.dll Thu 12 Oct 2006 14:36:06 ..S.R 234 251 228,76 K
ixseng.dll Sat 14 Oct 2006 11:46:22 ..S.R 235 721 230,20 K
jivart.dll Wed 18 Oct 2006 14:00:06 ..S.R 236 934 231,38 K
jt8s07~1.dll Wed 18 Oct 2006 13:56:06 ..S.R 235 846 230,32 K
k4440e~1.dll Sun 15 Oct 2006 12:00:04 ..S.R 235 518 229,99 K
k8pmli~1.dll Tue 17 Oct 2006 20:12:52 ..S.R 236 252 230,71 K
l26o0c~1.dll Sun 15 Oct 2006 11:00:30 ..S.R 235 436 229,92 K
mlrating.dll Tue 17 Oct 2006 20:15:18 ..S.R 235 074 229,56 K
mpwmdm.dll Wed 11 Oct 2006 19:18:16 ..S.R 235 747 230,22 K

17 items found: 17 files (17 H/S), 0 directories.
Total of file sizes: 4 003 435 bytes 3,82 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard~1.tmp Sat 14 Oct 2006 19:14:36 ..... 235 752 230,23 K

1 item found: 1 file, 0 directories.
Total of file sizes: 235 752 bytes 230,23 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 18CF-1E3A

R‚pertoire de C:\WINDOWS\System32

18/10/2006 14:00 236ÿ934 jIvart.dll
18/10/2006 14:00 233ÿ493 dnr4019qe.dll
18/10/2006 13:56 235ÿ846 jt8s07l7e.dll
18/10/2006 13:53 236ÿ934 azas0c77ef.dll
17/10/2006 20:15 235ÿ074 mlrating.dll
17/10/2006 20:12 236ÿ252 k8pmli7118.dll
15/10/2006 12:00 235ÿ518 k4440ehqeh4e0.dll
15/10/2006 11:07 235ÿ467 fpro0393e.dll
15/10/2006 11:00 235ÿ436 l26o0cj3efo.dll
14/10/2006 13:52 234ÿ037 h0n0la5m1d.dll
14/10/2006 11:50 236ÿ646 aysnt.dll
14/10/2006 11:46 235ÿ721 ixseng.dll
14/10/2006 11:22 235ÿ721 e6020gdoe60c0.dll
13/10/2006 17:58 234ÿ167 cucfg32.dll
12/10/2006 22:23 236ÿ191 dwdlgs.dll
12/10/2006 14:36 234ÿ251 iwv6mon.dll
11/10/2006 19:35 <REP> dllcache
11/10/2006 19:18 235ÿ747 mpwmdm.dll
10/10/2006 21:38 75ÿ264 lscas.exe
10/10/2006 20:00 <REP> Microsoft
18 fichier(s) 4ÿ078ÿ699 octets
2 R‚p(s) 34ÿ329ÿ030ÿ656 octets libres


a+

gdf
0
Réponse 11 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
18 oct. 2006 à 18:53
Re,

Maintenant relances l2mfix.bat
et choisis l'option 2
Il va te demander d'appuyer sur une touche pour redémarrer
appuie sur n'importe quelle touche et laisse le pc redémarrer
le bloc note va s'ouvrir, copie et colle le contenu ici

A+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
18 oct. 2006 à 22:03
salut,
le bloc note ne s'est pas ouvert automatiquement par contre il y avait sur le bureau un fichier log.txt

L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/notibac.reg (164 bytes security) (deflated 87%)

Rq : sur le bureau sont apparus les fichiers
echo.reg
cleanup.bat
et le dossier backup.zip

a+

gdf
0
Réponse 12 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
19 oct. 2006 à 18:03
salut

relance lm2fix option 1 et remet le rapport stp

a+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
19 oct. 2006 à 19:04
salut voici le rapport en question

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\c600lgdm160a.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6EF6876E-8CCB-3784-1CE9-221E167E383C}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
"{A0752120-6D75-D111-B5B1-0800095A2318}"="HandyBits EasyCrypto Shell Extensions"
"{BE7FC451-2B79-42E6-8408-3F28D7447790}"=""
"{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}"=""
"{96E0C116-31FD-4DB6-9228-6F91ABF97CBA}"=""
"{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}"=""
"{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}"=""
"{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}"=""
"{59EE1164-21F9-4916-BF4B-4BF5E20379C0}"=""
"{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}"=""
"{A152C159-37D3-4080-94FE-9D697715D876}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\InprocServer32]
@="C:\\WINDOWS\\system32\\aysnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\rFsctrs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\movbvm50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\InprocServer32]
@="C:\\WINDOWS\\system32\\uabmon.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aysnt.dll Sat 14 Oct 2006 11:50:26 ..S.R 236 646 231,10 K
aza40e~1.dll Wed 18 Oct 2006 21:50:26 ..S.R 234 994 229,48 K
c600lg~1.dll Wed 18 Oct 2006 21:55:38 ..S.R 235 240 229,73 K
cucfg32.dll Fri 13 Oct 2006 17:58:56 ..S.R 234 167 228,68 K
dwdlgs.dll Thu 12 Oct 2006 22:23:02 ..S.R 236 191 230,65 K
e6020g~1.dll Sat 14 Oct 2006 11:22:52 ..S.R 235 721 230,20 K
fpro03~1.dll Sun 15 Oct 2006 11:07:12 ..S.R 235 467 229,95 K
h0n0la~1.dll Sat 14 Oct 2006 13:52:28 ..S.R 234 037 228,55 K
iogutil.dll Wed 18 Oct 2006 21:53:10 ..S.R 234 234 228,74 K
iwv6mon.dll Thu 12 Oct 2006 14:36:06 ..S.R 234 251 228,76 K
ixseng.dll Sat 14 Oct 2006 11:46:22 ..S.R 235 721 230,20 K
jt8s07~1.dll Wed 18 Oct 2006 13:56:06 ..S.R 235 846 230,32 K
k4440e~1.dll Sun 15 Oct 2006 12:00:04 ..S.R 235 518 229,99 K
k8pmli~1.dll Tue 17 Oct 2006 20:12:52 ..S.R 236 252 230,71 K
l26o0c~1.dll Sun 15 Oct 2006 11:00:30 ..S.R 235 436 229,92 K
lvnu09~1.dll Wed 18 Oct 2006 21:53:10 ..S.R 235 193 229,68 K
maastmib.dll Wed 18 Oct 2006 21:42:30 ..S.R 233 493 228,02 K
mlrating.dll Tue 17 Oct 2006 20:15:18 ..S.R 235 074 229,56 K
mpwmdm.dll Wed 11 Oct 2006 19:18:16 ..S.R 235 747 230,22 K
mv60l9~1.dll Wed 18 Oct 2006 22:04:38 ..S.R 234 234 228,74 K
pbnmap.dll Wed 18 Oct 2006 21:55:38 ..S.R 234 234 228,74 K
solwid.dll Wed 18 Oct 2006 21:50:26 ..S.R 234 234 228,74 K
uabmon.dll Thu 19 Oct 2006 19:00:12 ..S.R 235 240 229,73 K

23 items found: 23 files (23 H/S), 0 directories.
Total of file sizes: 5 407 170 bytes 5,16 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard~1.tmp Sat 14 Oct 2006 19:14:36 ..... 235 752 230,23 K

1 item found: 1 file, 0 directories.
Total of file sizes: 235 752 bytes 230,23 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 18CF-1E3A

R‚pertoire de C:\WINDOWS\System32

19/10/2006 19:00 235ÿ240 uabmon.dll
18/10/2006 22:04 234ÿ234 mv60l9jm1.dll
18/10/2006 21:55 234ÿ234 pBnmap.dll
18/10/2006 21:55 235ÿ240 c600lgdm160a.dll
18/10/2006 21:53 234ÿ234 iogutil.dll
18/10/2006 21:53 235ÿ193 lvnu0959e.dll
18/10/2006 21:50 234ÿ234 solwid.dll
18/10/2006 21:50 234ÿ994 aza40ehqeh4e0.dll
18/10/2006 21:42 233ÿ493 maastmib.dll
18/10/2006 13:56 235ÿ846 jt8s07l7e.dll
17/10/2006 20:15 235ÿ074 mlrating.dll
17/10/2006 20:12 236ÿ252 k8pmli7118.dll
15/10/2006 12:00 235ÿ518 k4440ehqeh4e0.dll
15/10/2006 11:07 235ÿ467 fpro0393e.dll
15/10/2006 11:00 235ÿ436 l26o0cj3efo.dll
14/10/2006 13:52 234ÿ037 h0n0la5m1d.dll
14/10/2006 11:50 236ÿ646 aysnt.dll
14/10/2006 11:46 235ÿ721 ixseng.dll
14/10/2006 11:22 235ÿ721 e6020gdoe60c0.dll
13/10/2006 17:58 234ÿ167 cucfg32.dll
12/10/2006 22:23 236ÿ191 dwdlgs.dll
12/10/2006 14:36 234ÿ251 iwv6mon.dll
11/10/2006 19:35 <REP> dllcache
11/10/2006 19:18 235ÿ747 mpwmdm.dll
10/10/2006 21:38 75ÿ264 lscas.exe
10/10/2006 20:00 <REP> Microsoft
24 fichier(s) 5ÿ482ÿ434 octets
2 R‚p(s) 34ÿ325ÿ823ÿ488 octets libres

a+

gdf
0
Réponse 13 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
19 oct. 2006 à 19:23
Salut

Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm

Utilise la methode du bloc note (voir video)
Voici la liste:

C:\WINDOWS\System32\uabmon.dll
C:\WINDOWS\System32\mv60l9jm1.dll
C:\WINDOWS\System32\pBnmap.dll
C:\WINDOWS\System32\c600lgdm160a.dll
C:\WINDOWS\System32\iogutil.dll
C:\WINDOWS\System32\lvnu0959e.dll
C:\WINDOWS\System32\solwid.dll
C:\WINDOWS\System32\aza40ehqeh4e0.dll
C:\WINDOWS\System32\maastmib.dll
C:\WINDOWS\System32\jt8s07l7e.dll
C:\WINDOWS\System32\mlrating.dll
C:\WINDOWS\System32\k8pmli7118.dll
C:\WINDOWS\System32\k4440ehqeh4e0.dll
C:\WINDOWS\System32\fpro0393e.dll
C:\WINDOWS\System32\l26o0cj3efo.dll
C:\WINDOWS\System32\h0n0la5m1d.dll
C:\WINDOWS\System32\aysnt.dll
C:\WINDOWS\System32\ixseng.dll
C:\WINDOWS\System32\e6020gdoe60c0.dll
C:\WINDOWS\System32\cucfg32.dll
C:\WINDOWS\System32\dwdlgs.dll
C:\WINDOWS\System32\iwv6mon.dll
C:\WINDOWS\System32\mpwmdm.dll
C:\WINDOWS\System32\lscas.exe

Redemarre et remet un lm2fix option 1.

a+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
20 oct. 2006 à 13:10
salut

voici ce que tu m'as demandé

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jtr8079ue.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6EF6876E-8CCB-3784-1CE9-221E167E383C}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
"{A0752120-6D75-D111-B5B1-0800095A2318}"="HandyBits EasyCrypto Shell Extensions"
"{BE7FC451-2B79-42E6-8408-3F28D7447790}"=""
"{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}"=""
"{96E0C116-31FD-4DB6-9228-6F91ABF97CBA}"=""
"{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}"=""
"{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}"=""
"{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}"=""
"{59EE1164-21F9-4916-BF4B-4BF5E20379C0}"=""
"{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}"=""
"{A152C159-37D3-4080-94FE-9D697715D876}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\InprocServer32]
@="C:\\WINDOWS\\system32\\aysnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\rFsctrs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\movbvm50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\InprocServer32]
@="C:\\WINDOWS\\system32\\drmrtp.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aza0l9~1.dll Thu 19 Oct 2006 19:06:12 ..S.R 235 240 229,73 K
cbmres.dll Fri 20 Oct 2006 12:59:28 ..S.R 235 396 229,88 K
drmrtp.dll Fri 20 Oct 2006 13:04:24 ..S.R 236 293 230,75 K
e6jmlg~1.dll Fri 20 Oct 2006 12:53:54 ..S.R 234 234 228,74 K
fplo03~1.dll Fri 20 Oct 2006 13:04:24 ..S.R 236 626 231,08 K
jtr807~1.dll Fri 20 Oct 2006 12:59:28 ..S.R 236 293 230,75 K
t2r8lc~1.dll Fri 20 Oct 2006 12:49:52 A.... 236 126 230,59 K

7 items found: 7 files (6 H/S), 0 directories.
Total of file sizes: 1 650 208 bytes 1,57 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard~1.tmp Sat 14 Oct 2006 19:14:36 ..... 235 752 230,23 K

1 item found: 1 file, 0 directories.
Total of file sizes: 235 752 bytes 230,23 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 18CF-1E3A

R‚pertoire de C:\WINDOWS\System32

20/10/2006 13:04 236ÿ293 drmrtp.dll
20/10/2006 13:04 236ÿ626 fplo0333e.dll
20/10/2006 12:59 235ÿ396 cbmres.dll
20/10/2006 12:59 236ÿ293 jtr8079ue.dll
20/10/2006 12:53 234ÿ234 e6jmlg1116.dll
19/10/2006 19:06 235ÿ240 aza0l9jm1.dll
11/10/2006 19:35 <REP> dllcache
10/10/2006 20:00 <REP> Microsoft
6 fichier(s) 1ÿ414ÿ082 octets
2 R‚p(s) 34ÿ314ÿ784ÿ768 octets libres

Rq :

mozilla a lancé intempestivement un site de téléchargement appelé Anwinantyspyware et un site de casino

a+

gdf
0
Réponse 14 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
21 oct. 2006 à 12:48
Re,

Ok refais le meme mais avec ceci:

C:\WINDOWS\System32\drmrtp.dll
C:\WINDOWS\System32\fplo0333e.dll
C:\WINDOWS\System32\cbmres.dll
C:\WINDOWS\System32\e6jmlg1116.dll
C:\WINDOWS\System32\aza0l9jm1.dll
C:\WINDOWS\System32\jtr8079ue.dll

Puis remet un rapport

a+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
23 oct. 2006 à 21:26
salut,

voici la suite de ce que tu m'as demandé

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n4l80e3ueh.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6EF6876E-8CCB-3784-1CE9-221E167E383C}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
"{A0752120-6D75-D111-B5B1-0800095A2318}"="HandyBits EasyCrypto Shell Extensions"
"{BE7FC451-2B79-42E6-8408-3F28D7447790}"=""
"{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}"=""
"{96E0C116-31FD-4DB6-9228-6F91ABF97CBA}"=""
"{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}"=""
"{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}"=""
"{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}"=""
"{59EE1164-21F9-4916-BF4B-4BF5E20379C0}"=""
"{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}"=""
"{A152C159-37D3-4080-94FE-9D697715D876}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}\InprocServer32]
@="C:\\WINDOWS\\system32\\aysnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\rFsctrs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\movbvm50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A152C159-37D3-4080-94FE-9D697715D876}\InprocServer32]
@="C:\\WINDOWS\\system32\\sdnike.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
c600lg~1.dll Mon 23 Oct 2006 21:18:26 ..S.R 234 671 229,17 K
dlsapi.dll Mon 23 Oct 2006 21:14:36 ..S.R 233 665 228,19 K
dnru01~1.dll Mon 23 Oct 2006 21:14:36 ..S.R 234 656 229,16 K
h60qlg~1.dll Mon 23 Oct 2006 20:56:28 ..S.R 234 001 228,52 K
ktr8l7~1.dll Mon 23 Oct 2006 20:50:08 ..S.R 234 196 228,71 K
n4l80e~1.dll Mon 23 Oct 2006 21:10:28 ..S.R 233 665 228,19 K
q668lg~1.dll Mon 23 Oct 2006 20:44:36 ..S.R 234 181 228,69 K
r4r6le~1.dll Mon 23 Oct 2006 20:53:28 ..S.R 234 095 228,61 K
sdnike.dll Mon 23 Oct 2006 21:18:26 ..S.R 233 665 228,19 K
t2r8lc~1.dll Fri 20 Oct 2006 12:49:52 A.... 236 126 230,59 K

10 items found: 10 files (9 H/S), 0 directories.
Total of file sizes: 2 342 921 bytes 2,23 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard~1.tmp Sat 14 Oct 2006 19:14:36 ..... 235 752 230,23 K

1 item found: 1 file, 0 directories.
Total of file sizes: 235 752 bytes 230,23 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 18CF-1E3A

R‚pertoire de C:\WINDOWS\System32

23/10/2006 21:18 233ÿ665 sdnike.dll
23/10/2006 21:18 234ÿ671 c600lgdm160a.dll
23/10/2006 21:14 233ÿ665 dlsapi.dll
23/10/2006 21:14 234ÿ656 dnru0199e.dll
23/10/2006 21:10 233ÿ665 n4l80e3ueh.dll
23/10/2006 20:56 234ÿ001 h60qlgd5160.dll
23/10/2006 20:53 234ÿ095 r4r6le9s1h.dll
23/10/2006 20:50 234ÿ196 ktr8l79u1.dll
23/10/2006 20:44 234ÿ181 q668lgju16o8.dll
11/10/2006 19:35 <REP> dllcache
10/10/2006 20:00 <REP> Microsoft
9 fichier(s) 2ÿ106ÿ795 octets
2 R‚p(s) 34ÿ308ÿ546ÿ560 octets libres

a+

gdf
0
Réponse 15 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
23 oct. 2006 à 21:31
Salut

Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix. Regarde bien les trois petites notes au bas, avant de débuter.
Télécharge Look2Me-Destroyer.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7

Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
• Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
• Coche Run this program as a task
• Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
• Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M ; les icônes de ton Bureau vont disparaître : c'est normal.
• Lorsque le scan termine, clique sur le bouton Remove L2M
• Un message Done Scanning apparaîtra, clique OK.
• Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer ; clique OK.
• Ton PC va maintenant s'éteindre.
• Démarre ton PC normalement.
• Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
*Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

**Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

***Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Puis remet un Hijack this + un LM2FIX option 1.

a+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
24 oct. 2006 à 20:01
salut
j'ai pu utilisé le programme Look2Me Destroyer sans trop de pb, j'ai juste rédémarrer une fois car l'ordi était planté.

voici les rapports :
le rapport Look2Me-Destroyer.txt se trouvait sur le bureau ??


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 24/10/2006 19:41:11

Infected! C:\WINDOWS\system32\c600lgdm160a.dll
Infected! C:\!KillBox\aysnt.dll
Infected! C:\!KillBox\aza0l9jm1.dll
Infected! C:\!KillBox\aza40ehqeh4e0.dll
Infected! C:\!KillBox\cucfg32.dll
Infected! C:\!KillBox\dwdlgs.dll
Infected! C:\!KillBox\e6020gdoe60c0.dll
Infected! C:\!KillBox\e6jmlg1116.dll
Infected! C:\!KillBox\fpro0393e.dll
Infected! C:\!KillBox\h0n0la5m1d.dll
Infected! C:\!KillBox\iogutil.dll
Infected! C:\!KillBox\iwv6mon.dll
Infected! C:\!KillBox\ixseng.dll
Infected! C:\!KillBox\jt8s07l7e.dll
Infected! C:\!KillBox\k4440ehqeh4e0.dll
Infected! C:\!KillBox\k8pmli7118.dll
Infected! C:\!KillBox\l26o0cj3efo.dll
Infected! C:\!KillBox\lvnu0959e.dll
Infected! C:\!KillBox\maastmib.dll
Infected! C:\!KillBox\mlrating.dll
Infected! C:\!KillBox\mpwmdm.dll
Infected! C:\!KillBox\solwid.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000297.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000302.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000312.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000324.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000334.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000345.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000355.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000360.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000396.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001414.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001416.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001467.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001495.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001511.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001522.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002541.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002547.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002565.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002581.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002589.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0003589.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004589.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004597.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004603.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004604.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004605.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004606.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004607.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004608.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004611.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004620.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004628.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005628.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005631.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005639.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005641.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005674.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005684.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005686.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005695.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0006693.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0006695.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0006703.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007695.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007703.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007706.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007707.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007708.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007709.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007710.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007711.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007712.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007713.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007714.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007715.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007716.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007717.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007718.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007719.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007720.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007721.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007722.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007723.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007725.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007733.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007735.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007743.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0008742.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0009742.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011742.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011745.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011746.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011747.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011755.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0012752.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0012756.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0012764.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0013763.dll
Infected! C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0014763.dll
Infected! C:\WINDOWS\system32\c600lgdm160a.dll
Infected! C:\WINDOWS\system32\cCpesnpn.dll
Infected! C:\WINDOWS\system32\dnru0199e.dll
Infected! C:\WINDOWS\system32\h60qlgd5160.dll
Infected! C:\WINDOWS\system32\ktr8l79u1.dll
Infected! C:\WINDOWS\system32\m2ju0c19ef.dll
Infected! C:\WINDOWS\system32\mv8sl9l71.dll
Infected! C:\WINDOWS\system32\n24slch71f4.dll
Infected! C:\WINDOWS\system32\q668lgju16o8.dll
Infected! C:\WINDOWS\system32\r4r6le9s1h.dll
Infected! C:\WINDOWS\system32\t2r8lc9u1f.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\c600lgdm160a.dll
C:\WINDOWS\system32\c600lgdm160a.dll Deleted successfully!

Attempting to delete: C:\!KillBox\aysnt.dll
C:\!KillBox\aysnt.dll Deleted successfully!

Attempting to delete: C:\!KillBox\aza0l9jm1.dll
C:\!KillBox\aza0l9jm1.dll Deleted successfully!

Attempting to delete: C:\!KillBox\aza40ehqeh4e0.dll
C:\!KillBox\aza40ehqeh4e0.dll Deleted successfully!

Attempting to delete: C:\!KillBox\cucfg32.dll
C:\!KillBox\cucfg32.dll Deleted successfully!

Attempting to delete: C:\!KillBox\dwdlgs.dll
C:\!KillBox\dwdlgs.dll Deleted successfully!

Attempting to delete: C:\!KillBox\e6020gdoe60c0.dll
C:\!KillBox\e6020gdoe60c0.dll Deleted successfully!

Attempting to delete: C:\!KillBox\e6jmlg1116.dll
C:\!KillBox\e6jmlg1116.dll Deleted successfully!

Attempting to delete: C:\!KillBox\fpro0393e.dll
C:\!KillBox\fpro0393e.dll Deleted successfully!

Attempting to delete: C:\!KillBox\h0n0la5m1d.dll
C:\!KillBox\h0n0la5m1d.dll Deleted successfully!

Attempting to delete: C:\!KillBox\iogutil.dll
C:\!KillBox\iogutil.dll Deleted successfully!

Attempting to delete: C:\!KillBox\iwv6mon.dll
C:\!KillBox\iwv6mon.dll Deleted successfully!

Attempting to delete: C:\!KillBox\ixseng.dll
C:\!KillBox\ixseng.dll Deleted successfully!

Attempting to delete: C:\!KillBox\jt8s07l7e.dll
C:\!KillBox\jt8s07l7e.dll Deleted successfully!

Attempting to delete: C:\!KillBox\k4440ehqeh4e0.dll
C:\!KillBox\k4440ehqeh4e0.dll Deleted successfully!

Attempting to delete: C:\!KillBox\k8pmli7118.dll
C:\!KillBox\k8pmli7118.dll Deleted successfully!

Attempting to delete: C:\!KillBox\l26o0cj3efo.dll
C:\!KillBox\l26o0cj3efo.dll Deleted successfully!

Attempting to delete: C:\!KillBox\lvnu0959e.dll
C:\!KillBox\lvnu0959e.dll Deleted successfully!

Attempting to delete: C:\!KillBox\maastmib.dll
C:\!KillBox\maastmib.dll Deleted successfully!

Attempting to delete: C:\!KillBox\mlrating.dll
C:\!KillBox\mlrating.dll Deleted successfully!

Attempting to delete: C:\!KillBox\mpwmdm.dll
C:\!KillBox\mpwmdm.dll Deleted successfully!

Attempting to delete: C:\!KillBox\solwid.dll
C:\!KillBox\solwid.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000297.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000297.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000302.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000302.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000312.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000312.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000324.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000324.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000334.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000334.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000345.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000345.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000355.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000355.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000360.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000360.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000396.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0000396.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001414.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001414.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001416.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001416.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001467.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001467.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001495.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001495.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001511.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001511.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001522.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0001522.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002541.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002541.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002547.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002547.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002565.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002565.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002581.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002581.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002589.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP2\A0002589.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0003589.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0003589.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004589.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004589.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004597.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004597.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004603.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004603.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004604.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004604.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004605.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004605.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004606.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004606.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004607.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004607.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004608.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004608.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004611.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004611.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004620.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004620.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004628.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0004628.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005628.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005628.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005631.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005631.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005639.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005639.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005641.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005641.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005674.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005674.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005684.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005684.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005686.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005686.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005695.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0005695.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0006693.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0006693.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0006695.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0006695.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0006703.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0006703.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007695.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007695.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007703.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007703.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007706.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007706.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007707.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007707.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007708.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007708.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007709.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007709.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007710.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007710.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007711.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007711.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007712.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007712.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007713.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007713.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007714.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007714.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007715.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007715.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007716.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007716.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007717.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007717.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007718.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007718.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007719.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007719.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007720.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007720.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007721.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007721.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007722.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007722.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007723.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007723.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007725.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007725.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007733.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007733.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007735.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007735.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007743.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0007743.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0008742.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0008742.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0009742.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0009742.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011742.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011742.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011745.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011745.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011746.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011746.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011747.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011747.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011755.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0011755.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0012752.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0012752.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0012756.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0012756.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0012764.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0012764.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0013763.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0013763.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0014763.dll
C:\System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3\A0014763.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\c600lgdm160a.dll
C:\WINDOWS\system32\c600lgdm160a.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cCpesnpn.dll
C:\WINDOWS\system32\cCpesnpn.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnru0199e.dll
C:\WINDOWS\system32\dnru0199e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h60qlgd5160.dll
C:\WINDOWS\system32\h60qlgd5160.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ktr8l79u1.dll
C:\WINDOWS\system32\ktr8l79u1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m2ju0c19ef.dll
C:\WINDOWS\system32\m2ju0c19ef.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mv8sl9l71.dll
C:\WINDOWS\system32\mv8sl9l71.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n24slch71f4.dll
C:\WINDOWS\system32\n24slch71f4.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q668lgju16o8.dll
C:\WINDOWS\system32\q668lgju16o8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r4r6le9s1h.dll
C:\WINDOWS\system32\r4r6le9s1h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\t2r8lc9u1f.dll
C:\WINDOWS\system32\t2r8lc9u1f.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BE7FC451-2B79-42E6-8408-3F28D7447790}"
HKCR\Clsid\{BE7FC451-2B79-42E6-8408-3F28D7447790}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}"
HKCR\Clsid\{3334FE85-C609-4B41-B1C1-1E52CD79F1FC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{96E0C116-31FD-4DB6-9228-6F91ABF97CBA}"
HKCR\Clsid\{96E0C116-31FD-4DB6-9228-6F91ABF97CBA}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}"
HKCR\Clsid\{29068B4E-5D2F-4B88-B946-A272CA4A3E0E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}"
HKCR\Clsid\{7A1445DC-30A9-4F8D-9B4F-E039EE2B14EC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}"
HKCR\Clsid\{0F97195D-DFB2-44BB-9478-7AF687B7A2A3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{59EE1164-21F9-4916-BF4B-4BF5E20379C0}"
HKCR\Clsid\{59EE1164-21F9-4916-BF4B-4BF5E20379C0}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}"
HKCR\Clsid\{F01C7487-C6F7-4B3B-86E0-5CFB15A600FA}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A152C159-37D3-4080-94FE-9D697715D876}"
HKCR\Clsid\{A152C159-37D3-4080-94FE-9D697715D876}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrateurs - Succeeded


Rapport Hijack This
Logfile of HijackThis v1.99.1
Scan saved at 19:48:53, on 24/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\grand\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

Rapport LM2fix
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
"{A0752120-6D75-D111-B5B1-0800095A2318}"="HandyBits EasyCrypto Shell Extensions"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

No matches found.
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard~1.tmp Sat 14 Oct 2006 19:14:36 ..... 235 752 230,23 K

1 item found: 1 file, 0 directories.
Total of file sizes: 235 752 bytes 230,23 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 18CF-1E3A

R‚pertoire de C:\WINDOWS\System32

11/10/2006 19:35 <REP> dllcache
10/10/2006 20:00 <REP> Microsoft
0 fichier(s) 0 octets
2 R‚p(s) 34ÿ311ÿ725ÿ056 octets libres

a+

gdf
0
Réponse 16 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
25 oct. 2006 à 22:06
Salut

C'est beaucoup mieux, remet un hijack this stp

a+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
26 oct. 2006 à 19:43
salut

voici le log hijack this demandé

Logfile of HijackThis v1.99.1
Scan saved at 19:38:30, on 26/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Documents and Settings\grand\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

ps :
si tu veux me répondre je suis joignable jusqu'à ce soir 22h30
après je suis en vacances et injoignable jusqu'au 5/11 inclu

merci

a+

gdf
0
Réponse 17 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
27 oct. 2006 à 09:32
Salut

Ca semble ok, ou en sont tes soucis?
Par contre, windows n est pas a jour et du coup, tu laisses les failles aux pirates et aux infections.
Ca serait bien de telecharge le Service Pack 1 ou 2 (SP1 ou SP2)

a+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
5 nov. 2006 à 22:38
salut,

peux tu me donner un lien pour télécharger SP1 ou SP2

merci

a+

gdf
0
Réponse 18 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
6 nov. 2006 à 18:27
Salut

Voila: http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=fr

A+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
6 nov. 2006 à 22:37
salut,

voici ce que j'ai quand je vais sur le lien que tu m'as donné

Thank you for your interest in obtaining updates from our site.

To use this site, you must be running Microsoft Internet Explorer 5 or later.

To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website.

If you prefer to use a different web browser, you can obtain updates from the Microsoft Download Center or you can stay up to date with the latest critical and security updates by using Automatic Updates. To turn on Automatic Updates:

1. Click Start, and then click Control Panel.
2. Depending on which Control Panel view you use, Classic or Category, do one of the following:
* Click System, and then click the Automatic Updates tab.
* Click Performance and Maintenance, click System, and then click the Automatic Updates tab.
3. Click the option that you want. Make sure Automatic Updates is not turned off.


A priori il s'agit de configurer les mises à jour par le panneau de config, je l'ai fait plusieurs mises à jour se sont effectué, comment savoir si tout est OK et si le pack SP2 est installé.

D'autre part sur le bureau j'ai toujours les raccourcis

Online Dating
Free Online Music
Cheap Holiday Travel

plus les icônes suivant

dossier backregs et dlls
fichier echo.reg

peux tu me confirmer que je peux supprimer tout cela

Sinon à priori il n'y a plus de connections intempestives sur les différents sites déjà évoqués.

VIRUS SCAN m'a détecté 4 virus lors d'une analyse à la demande

un cheval de troie A0004599.exe type DollarRevenue.gen qui a été supprimé
3 virus A0004600.exe et A004601.exe détécté en tant que W32/Poebot.gen et A004602.exe détecté en tant que W32/Sdbot.worm.gen.z

ils sont tous les 4 situés dans le dossier suivant
c:\ System Volume Information\_restore{B2E81E50-A630-4002-822C-1C120AAC30F2}\RP3

que dois je faire pour les supprimer

a+

gdf
0
Réponse 19 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
7 nov. 2006 à 19:54
Salut

remet moi un hijack this, je verrais si le sp2 est installé.

Oui tu peux supprimer ce qu il y a sur le bureau

Les infections sont inactives...

¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.

Puis,

¤Réactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu décoches la case « désactiver la restauration » et applique.

A+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
7 nov. 2006 à 21:00
salut,

j'ai effectué les manips demandées

voici le rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20:58:46, on 07/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\grand\Local Settings\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

a+

gdf
0
Réponse 20 / 34
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
8 nov. 2006 à 18:09
Re

Le sp2 n est pas installé, est ce que tu l as bien telechargé?

a+
0
gdf Messages postés 22 Date d'inscription lundi 9 octobre 2006 Statut Membre Dernière intervention 13 novembre 2006
8 nov. 2006 à 22:58
salut,

à priori maintenant SP2 est bien télécharger

hijack log

Logfile of HijackThis v1.99.1
Scan saved at 22:56:16, on 08/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\DOCUME~1\grand\LOCALS~1\Temp\Répertoire temporaire 5 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

je pense que tout est OK

a+

gdf
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
comment vider la mémoire tampon du PC?
AKADIRI -
perrido -

19 réponses
Memoire video dedié 128 MB
Guervyl -
Guervyl -

4 réponses
tampon d'encre epson xp 540
MINETTE -
bazfile -

1 réponse
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses