AntivirusGold 2.0 Résolu/Fermé

Question

Bonjour à tous, A mon tour, j'ai chope AntivirusGold sur mon pc. Je suis un peu perdu! merci de votre aide

Neo-Nil@u · Answer

Salut Sophie, pour commencer, télécharge HijackThis : http://www.hijackthis.de/downloads/hijackthis_199.zip L'aide est ici : http://www.zebulon.fr/articles/HijackThis.php *** Dezippe-le dans un dossier prévu à cet effet Par exemple = C:\hijackthis *** Lance le puis clique sur "do a system scan and save logfile" *** Fais un copier coller du log entier sur le forum@+++

Sophie · Answer

Voila mon rapportLogfile of HijackThis v1.99.1Scan saved at 18:50:04, on 06/07/2005Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\alg.exeC:\Program Files\NavNT\defwatch.exeC:\Program Files\NavNTtvscan.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\msole32.exeC:\WINDOWS\System32\shnlog.exeC:\Program Files\Analog Devices\SoundMAX\SMTray.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\NavNT\vptray.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\WINDOWS\System32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_06\bin\jusched.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\System32\dgezf.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\intmon.exeC:\WINDOWS\System32\MsgSys.EXEC:\Program Files\Logitech\Video\FxSvr2.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Administrateur\Bureau\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - Default URLSearchHook is missingF2 - REG:system.ini: Shell=explorer.exe, msmsgs.exeO2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp8EC2.tmpO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exeO4 - HKLM\..\Run: [toolextradalejoy] C:\Documents and Settings\All Users\Application Data\secondobjtoolextra\Owns Browse.exeO4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nologO4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exeO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [BitsMeal] C:\DOCUME~1\ADMINI~1\APPLIC~1\OKAYWA~1\ping user.exeO4 - HKCU\..\Run: [dgezf] C:\WINDOWS\System32\dgezf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
pjpi142_06.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
pjpi142_06.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO15 - Trusted Zone: http://www.neededware.comO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://si-home.ath.cx//activex/AMC.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exeO23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNTtvscan.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Neo-Nil@u · Answer

Je dois partir ... mais sois patiente ! Quelqu'un de compétent s'occupera de toi !!! @+++++

Utilisateur anonyme · Answer

salut sophie, neotelecharge ceci:http://siri.urz.free.fr/Fix/SmitfraudFix.zipdezippe le, lance le et choisis l'option 1 (recherche/rapport)ensuite fais un copier coller du rapport ici.a+

Sophie · Answer

SmitFraudFix v0.5Date: 06/07/2005Executé à partir de:C:\Documents and Settings\Administrateur\BureauMicrosoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWSC:\WINDOWS\popuper.exe PRESENT !C:\WINDOWS\sites.ini PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32Salut moe31, tu prends le relais..lolC:\WINDOWS\system32\hhk.dll PRESENT !C:\WINDOWS\system32\hp????.tmp PRESENT !C:\WINDOWS\system32\intmon.exe PRESENT !C:\WINDOWS\system32\msmsgs.exe PRESENT !C:\WINDOWS\system32\msole32.exe PRESENT !C:\WINDOWS\system32\ole32vbs.exe PRESENT !C:\WINDOWS\system32\shnlog.exe  PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Utilisateur anonyme · Answer

salut sophieoui, je prend le relais ;-)laisse moi un peu de temps et je te donne la manip.à tout à l'heure.

Sophie · Answer

ok  je compte sur toiD'avance merci

Utilisateur anonyme · Answer

Déconnecte toi d'internet: Vide le cache d'Internet Explorer et supprime les cookies: * Panneau de configuration >> Options internet >> Onglet "Général" - Clic sur [supprimer les cookies] - Clic sur [Supprimer les fichiers] et coche la case "Supprimer tout le contenu hors connexion" Valide avec ok Redémarre en mode sans échec Laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows. Choisis le mode sans échec dans les options et valide avec entrée. Rend visible les fichiers cachés et systeme panneau de configuration > options des dossiers > onglet affichage Cocher " afficher les fichiers et dossiers cachés " Décocher " masquer les extentions des fichiers dont le type est connu Décocher " masquer les fichiers protégés du système" clic sur ok pour valider -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Lance hijackthis et clic sur "do a system scan only" cocher la case au début des lignes suivantes: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/ R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp8EC2.tmp O4 - HKLM\..\Run: [toolextradalejoy] C:\Documents and Settings\All Users\Application Data\secondobjtoolextra O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe O4 - HKCU\..\Run: [BitsMeal] C:\DOCUME~1\ADMINI~1\APPLIC~1\OKAYWA~1\ping user.exe O4 - HKCU\..\Run: [dgezf] C:\WINDOWS\System32\dgezf.exe O15 - Trusted Zone: http://www.neededware.com O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://si-home.ath.cx//activex/AMC.cab valider avec [fix checked] -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ lance smitfraudfix et choisis l'option 2 (fix) et enregistre le rapport pour pouvoir le recupérer plus tard. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Recherche et supprime: Dans le cas ou tu utiliserais la fonction Rechercher: Assure toi que dans: Tous les fichiers et tous les dossiers >> Options avancées • Rechercher dans les dossiers systemes <- DOIT ETRE COCHE ! • Rechercher dans les fichiers et les dossiers cachés <- DOIT ETRE COCHE ! • Rechercher dans les sous-dossiers <- DOIT ETRE COCHE ! Essaye de supprimer les fichiers en suivant le chemin des fichiers infectés avec l'explorateur, plutot que d'utiliser la fonction "Rechercher" /!\ Attention à l'orthographe et l'endroit ou se trouvent les fichiers, car certains fichiers portent pratiquement le meme nom que des fichiers sains, voir exactement le meme, mais dans des dossiers différents. S'ils sont présents, supprime: C:\WINDOWS\System32\dgezf.exe C:\Documents and Settings\All Users\Application Data\secondobjtoolextra C:\Documents and Settings\Administrateur\OKAYWA <- le dossier dont le nom commence par -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Ensuite, tres important: :: Supprimer les fichiers temporaires :: Manuellement: * C:\Documents and Settings on compte\Local Settings\Temp * C:\Documents and Settings ous les autres comptes\Local Settings\Temp * C:\Windows\Temp vider tout le contenu des dossiers en gras. :: Le contenu du dossier prefetch :: * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini Ou avec Cleanup: http://pageperso.aol.fr/balltrap34/CleanUp40.exe * Ne pas oublier de vider la corbeille ! -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Redemarre normalement et reposte un log hijack pour vérifier l'évolution + le rapport de smitfraudfix Ne pas oublier après les manips de recacher les fichiers systeme dans les options des dossiers. Pour des raisons de sécurité évidentes, laisse visible les extentions des fichiers. Si tu ne les à pas délà, je te conseille d'installer et de scanner ton pc avec: * Spybot S&D version 1.4: http://spybot.safer-networking.de/fr/mirrors/index.html l'aide: http://assiste.free.fr/p/internet_utilitaires/spybot_search_destroy.php#ssd_02 * Ad-aware 1.06: http://www.lavasoftusa.com/french/support/download/ l'aide: http://www.tutopat.com/viewtopic.php?t=1191 Le patch francais: http://download.lavasoft.de.edgesuite.net/public/pllangs.exe une fois installé, lance ad-aware, clic sur l'engrenage puis sur interface choisis french et clic sur proceed pour valider. Les mettre à jours avant d'utiliser ! (voir aide) a+

Sophie · Answer

Me revoila !!!!!comment trouve t'on les dossiers en gras pour les temporairesC:\Documents and Settings	on compte\Local Settings\Temp * C:\Documents and Settings	ous les autres comptes\Local Settings\Temp * C:\Windows\Temp J'ai de des dossiers mais pas en gras

Sophie · Answer

Bon a priori ca MARCHE !!!!!!!Voici le rapport de Hijack:Logfile of HijackThis v1.99.1Scan saved at 20:57:20, on 06/07/2005Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\alg.exeC:\Program Files\NavNT\defwatch.exeC:\Program Files\NavNTtvscan.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\SMTray.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\NavNT\vptray.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\WINDOWS\System32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_06\bin\jusched.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\WINDOWS\System32\MsgSys.EXEC:\Program Files\Logitech\Video\FxSvr2.exeC:\Documents and Settings\Administrateur\Bureau\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exeO4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nologO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStartO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
pjpi142_06.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
pjpi142_06.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exeO23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNTtvscan.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeVoici le rapport detsmifraudFix:SmitFraudFix v0.5Date: 06/07/2005Executé à partir de:C:\Documents and Settings\Administrateur\BureauMicrosoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapportTOUT SEMBLE OKAdaware et Spybot n'ont rien trouverJe te remercie beaucoup et te tiens au courant si je trouve autre chose./A bientot    Sophie

Utilisateur anonyme · Answer

Saluttu peux cocher celles ci dans hijackR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/ pour les dossiers temp, il ne sont pas en gras dans ton pc, lolj'ai juste mis en gras le nom du dossier temp, pour que tu ne te trompe pas de dossier ;-)le but c'est de vider le contenu de ces dossiers.Est ce que tu as gardé le rapport que je t'avais demandé d'enregistrer quand tu as passé l'option 2 du fix ?Sinon, ca a l'air oka+

Sopie · Answer

J'ai retiré les 4 lignes du fichier HitjackJe n'ai pas enregistre l'option 2 du fix................DommageVoila,  encore un grand mercia+   Sophie

Utilisateur anonyme · Answer

ben, tant pis pour le rapport.Content que tout soit oka+

S!Ri · Answer

SalutCa semble bon ;-)

Utilisateur anonyme · Answer

pas de restauration a reactiver  ni de fichier a recacher?

dzadzou · Answer

salutmoi aussi j'ai le meme probleme mais mes resultats sont un peu differentsresultat de smithfraudfixSmitFraudFix v0.7Rapport fait à 17:41:38,54 le sam. 16/07/2005Executé à partir de C:\Documents and Settings\dzazdou\Mes documents\Unzipped\SmitfraudFix[1]OS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWSC:\WINDOWS\screen.html PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32C:\WINDOWS\system32\hookdump.exe PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapportresultats de hijackthis:Logfile of HijackThis v1.99.1Scan saved at 17:47:02, on 16/07/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\sysal.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pkrsq.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pkrsq.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pkrsq.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pkrsq.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pkrsq.dll/sp.html#37049R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pkrsq.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom SkynetR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Class - {64CBC2F6-6BBC-FF4A-8C67-D64BFD312060} - C:\WINDOWS\apiry.dllO2 - BHO: Class - {A0FE8830-AF81-1E4D-051B-1A46041255D0} - C:\WINDOWS\system32\sysyc32.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: Class - {C437648F-5744-78C9-4BC7-77C4AA1C8991} - C:\WINDOWS\d3mf.dllO2 - BHO: Class - {E95C5454-C210-9E5E-2CEE-9CBA9B6EA8A6} - C:\WINDOWS\winpg.dllO2 - BHO: Class - {F3A0397E-E3B9-0D76-D1C6-7FA1761B11A6} - C:\WINDOWS\iphv32.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exeO4 - HKLM\..\RunOnce: [sdkwb32.exe] C:\WINDOWS\sdkwb32.exeO4 - HKLM\..\RunOnce: [addbu.exe] C:\WINDOWS\addbu.exeO4 - HKLM\..\RunOnce: [iefy.exe] C:\WINDOWS\system32\iefy.exeO4 - HKLM\..\RunOnce: [sdkks32.exe] C:\WINDOWS\sdkks32.exeO4 - HKLM\..\RunOnce: [crpx.exe] C:\WINDOWS\system32\crpx.exeO4 - HKLM\..\RunOnce: [netuz32.exe] C:\WINDOWS\system32
etuz32.exeO4 - HKLM\..\RunOnce: [mspk32.exe] C:\WINDOWS\mspk32.exeO4 - HKLM\..\RunOnce: [crxp32.exe] C:\WINDOWS\crxp32.exeO4 - HKLM\..\RunOnce: [atlra32.exe] C:\WINDOWS\system32\atlra32.exeO4 - HKLM\..\RunOnce: [addnc32.exe] C:\WINDOWS\system32\addnc32.exeO4 - HKLM\..\RunOnce: [netgy.exe] C:\WINDOWS
etgy.exeO4 - HKLM\..\RunOnce: [winfg32.exe] C:\WINDOWS\winfg32.exeO4 - HKLM\..\RunOnce: [winzx32.exe] C:\WINDOWS\winzx32.exeO4 - HKLM\..\RunOnce: [netas32.exe] C:\WINDOWS\system32
etas32.exeO4 - HKLM\..\RunOnce: [addfm.exe] C:\WINDOWS\addfm.exeO4 - HKLM\..\RunOnce: [d3nd32.exe] C:\WINDOWS\d3nd32.exeO4 - HKLM\..\RunOnce: [javava32.exe] C:\WINDOWS\javava32.exeO4 - HKLM\..\RunOnce: [syscj32.exe] C:\WINDOWS\syscj32.exeO4 - HKLM\..\RunOnce: [javail.exe] C:\WINDOWS\javail.exeO4 - HKLM\..\RunOnce: [javacf32.exe] C:\WINDOWS\javacf32.exeO4 - HKLM\..\RunOnce: [mfchz.exe] C:\WINDOWS\mfchz.exeO4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.skynet.beO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dllO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mspk32.exe"  /s (file missing)O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMce serait genial si vous pouviez m'aider merci d'avance

balltrap34 · Answer

saluttelecharge cecihttp://www.downloads.subratam.org/l2mfix.exedecompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 1attend il vas faire un rapport fait un copier coller de celui cine fait surtout rien d autres

dzadzou · Answer

L2MFIX find log 1.03 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" "SKY11"="IEAKSkynet" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{DCED20BE-3645-11D4-BC95-00C04F0E0588}"="InoShell" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ addcd.dll Thu 30 Jun 2005 23:15:54 ..... 84.642 82,66 K addcq.dll Sat 2 Jul 2005 21:30:16 ..... 84.642 82,66 K addjp.dll Tue 28 Jun 2005 2:59:14 ..... 84.642 82,66 K addng.dll Thu 30 Jun 2005 18:18:46 A.... 84.642 82,66 K addwl.dll Tue 21 Jun 2005 16:38:24 ..... 84.642 82,66 K addzl32.dll Tue 21 Jun 2005 1:26:34 A.... 84.642 82,66 K addzz32.dll Sat 25 Jun 2005 18:30:22 A.... 0 0,00 K apibd32.dll Mon 4 Jul 2005 22:01:06 ..... 84.642 82,66 K apigg32.dll Wed 29 Jun 2005 2:52:14 ..... 84.642 82,66 K appgh32.dll Sun 19 Jun 2005 20:26:40 A.... 0 0,00 K appza32.dll Wed 8 Jun 2005 17:54:20 ..... 84.642 82,66 K atlgu.dll Tue 21 Jun 2005 19:35:20 ..... 84.642 82,66 K atlld.dll Fri 24 Jun 2005 15:24:30 ..... 84.642 82,66 K atlop.dll Sat 11 Jun 2005 15:03:34 ..... 84.642 82,66 K atlxo32.dll Wed 8 Jun 2005 16:40:38 ..... 84.642 82,66 K bquwk.dll Sat 16 Jul 2005 3:22:38 A.... 66.560 65,00 K browseui.dll Mon 2 May 2005 22:57:10 A.... 1.020.416 996,50 K cdfview.dll Mon 2 May 2005 22:57:10 A.... 152.064 148,50 K cdm.dll Thu 26 May 2005 4:16:24 A.... 75.544 73,77 K cnmmo.dll Thu 23 Jun 2005 1:24:10 A.... 0 0,00 K crnf32.dll Wed 13 Jul 2005 9:41:02 ..... 84.642 82,66 K crok32.dll Tue 12 Jul 2005 13:14:00 ..... 84.642 82,66 K crxg.dll Sat 25 Jun 2005 8:23:50 ..... 84.642 82,66 K d3ef.dll Fri 1 Jul 2005 8:45:42 A.... 84.642 82,66 K d3mv.dll Thu 23 Jun 2005 8:51:38 ..... 84.642 82,66 K ddged.dll Fri 10 Jun 2005 23:10:28 A.... 0 0,00 K fytvw.dll Mon 4 Jul 2005 10:35:56 A.... 0 0,00 K gignh.dll Tue 28 Jun 2005 23:00:50 A.... 66.560 65,00 K hhsetup.dll Fri 27 May 2005 4:08:06 A.... 41.472 40,50 K icm32.dll Wed 29 Jun 2005 3:49:42 A.... 254.976 249,00 K iebz32.dll Fri 15 Jul 2005 6:00:14 ..... 84.642 82,66 K ielt.dll Wed 22 Jun 2005 15:20:16 A.... 84.642 82,66 K iepeers.dll Mon 2 May 2005 22:57:10 A.... 250.880 245,00 K ieqv32.dll Sun 3 Jul 2005 8:45:18 ..... 84.642 82,66 K iern.dll Sun 19 Jun 2005 23:19:40 A.... 0 0,00 K ieto32.dll Sat 2 Jul 2005 2:54:28 ..... 84.642 82,66 K ietp32.dll Thu 30 Jun 2005 23:50:56 ..... 84.642 82,66 K iets32.dll Thu 16 Jun 2005 15:15:16 ..... 84.642 82,66 K iewe.dll Sun 19 Jun 2005 6:38:16 A.... 0 0,00 K inseng.dll Mon 2 May 2005 22:57:12 A.... 96.768 94,50 K ipkp.dll Wed 29 Jun 2005 8:32:34 ..... 84.642 82,66 K ipow32.dll Wed 22 Jun 2005 14:03:58 ..... 84.642 82,66 K ipvw.dll Mon 13 Jun 2005 16:18:54 A.... 0 0,00 K ipwb32.dll Mon 20 Jun 2005 15:56:46 ..... 84.642 82,66 K itircl.dll Fri 27 May 2005 4:08:06 A.... 155.136 151,50 K itss.dll Fri 27 May 2005 4:08:06 A.... 137.216 134,00 K iuengine.dll Thu 26 May 2005 4:16:24 A.... 198.424 193,77 K javadf.dll Sun 10 Jul 2005 19:47:22 ..... 84.642 82,66 K javahr32.dll Mon 27 Jun 2005 0:36:16 ..... 84.642 82,66 K javaow.dll Tue 21 Jun 2005 13:20:20 ..... 84.642 82,66 K javaxl.dll Sun 19 Jun 2005 2:58:58 ..... 84.642 82,66 K javazw32.dll Thu 23 Jun 2005 18:13:14 ..... 84.642 82,66 K kpqrc.dll Wed 15 Jun 2005 9:06:44 A.... 0 0,00 K loplm.dll Sun 12 Jun 2005 13:38:58 A.... 0 0,00 K ltanu.dll Sun 12 Jun 2005 18:55:08 A.... 0 0,00 K mfcel.dll Tue 5 Jul 2005 12:53:38 ..... 84.642 82,66 K mfcgy.dll Wed 6 Jul 2005 3:45:48 ..... 84.642 82,66 K mfcpo.dll Sun 26 Jun 2005 7:16:18 ..... 84.642 82,66 K mfcqi32.dll Tue 28 Jun 2005 5:23:30 ..... 84.642 82,66 K mfczq32.dll Sat 9 Jul 2005 13:41:20 ..... 84.642 82,66 K mscms.dll Wed 29 Jun 2005 3:49:42 A.... 74.240 72,50 K msev32.dll Sun 19 Jun 2005 1:13:28 ..... 84.642 82,66 K mshtml.dll Mon 2 May 2005 22:57:12 A.... 3.011.072 2,87 M mshtmled.dll Mon 2 May 2005 22:57:12 A.... 448.512 438,00 K msi.dll Wed 4 May 2005 14:45:32 A.... 2.890.240 2,75 M msihnd.dll Wed 4 May 2005 14:45:36 A.... 271.360 265,00 K msimsg.dll Wed 4 May 2005 14:45:36 A.... 884.736 864,00 K msisip.dll Wed 4 May 2005 14:45:36 A.... 15.360 15,00 K msrating.dll Mon 2 May 2005 22:57:12 A.... 146.432 143,00 K msuj32.dll Tue 21 Jun 2005 22:22:40 ..... 84.642 82,66 K msxo.dll Sat 25 Jun 2005 1:42:56 ..... 84.642 82,66 K netdw32.dll Fri 1 Jul 2005 9:22:26 A.... 0 0,00 K netej.dll Mon 4 Jul 2005 13:35:14 ..... 84.642 82,66 K netld32.dll Mon 20 Jun 2005 21:19:48 ..... 84.642 82,66 K netoi32.dll Sun 12 Jun 2005 11:34:08 ..... 84.642 82,66 K ntaq32.dll Tue 28 Jun 2005 17:44:06 A.... 84.642 82,66 K ntfj32.dll Tue 21 Jun 2005 20:26:18 ..... 84.642 82,66 K ntgb32.dll Tue 14 Jun 2005 7:58:12 ..... 84.642 82,66 K ntpb.dll Mon 20 Jun 2005 10:22:40 ..... 84.642 82,66 K ntqd32.dll Thu 30 Jun 2005 13:17:20 A.... 0 0,00 K nv4_disp.dll Thu 12 May 2005 0:34:00 A.... 3.879.808 3,70 M nvcod.dll Thu 12 May 2005 0:34:00 A.... 32.768 32,00 K nvcodins.dll Thu 12 May 2005 0:34:00 A.... 32.768 32,00 K nvcpl.dll Thu 12 May 2005 0:34:00 A.... 6.729.728 6,42 M nvhwvid.dll Thu 12 May 2005 0:34:00 A.... 540.672 528,00 K nview.dll Thu 12 May 2005 0:34:00 A.... 1.462.272 1,39 M nvmctray.dll Thu 12 May 2005 0:34:00 A.... 86.016 84,00 K nvnt4cpl.dll Thu 12 May 2005 0:34:00 A.... 286.720 280,00 K nvoglnt.dll Thu 12 May 2005 0:34:00 A.... 5.132.288 4,89 M nvrsar.dll Thu 12 May 2005 0:34:00 A.... 315.392 308,00 K nvrscs.dll Thu 12 May 2005 0:34:00 A.... 233.472 228,00 K nvrsda.dll Thu 12 May 2005 0:34:00 A.... 241.664 236,00 K nvrsde.dll Thu 12 May 2005 0:34:00 A.... 266.240 260,00 K nvrsel.dll Thu 12 May 2005 0:34:00 A.... 270.336 264,00 K nvrseng.dll Thu 12 May 2005 0:34:00 A.... 233.472 228,00 K nvrses.dll Thu 12 May 2005 0:34:00 A.... 270.336 264,00 K nvrsesm.dll Thu 12 May 2005 0:34:00 A.... 262.144 256,00 K nvrsfi.dll Thu 12 May 2005 0:34:00 A.... 233.472 228,00 K nvrsfr.dll Thu 12 May 2005 0:34:00 A.... 270.336 264,00 K nvrshe.dll Thu 12 May 2005 0:34:00 A.... 311.296 304,00 K nvrshu.dll Thu 12 May 2005 0:34:00 A.... 245.760 240,00 K nvrsit.dll Thu 12 May 2005 0:34:00 A.... 266.240 260,00 K nvrsja.dll Thu 12 May 2005 0:34:00 A.... 253.952 248,00 K nvrsko.dll Thu 12 May 2005 0:34:00 A.... 249.856 244,00 K nvrsnl.dll Thu 12 May 2005 0:34:00 A.... 262.144 256,00 K nvrsno.dll Thu 12 May 2005 0:34:00 A.... 241.664 236,00 K nvrspl.dll Thu 12 May 2005 0:34:00 A.... 241.664 236,00 K nvrspt.dll Thu 12 May 2005 0:34:00 A.... 258.048 252,00 K nvrsptb.dll Thu 12 May 2005 0:34:00 A.... 253.952 248,00 K nvrsru.dll Thu 12 May 2005 0:34:00 A.... 258.048 252,00 K nvrssk.dll Thu 12 May 2005 0:34:00 A.... 245.760 240,00 K nvrssl.dll Thu 12 May 2005 0:34:00 A.... 241.664 236,00 K nvrssv.dll Thu 12 May 2005 0:34:00 A.... 241.664 236,00 K nvrstr.dll Thu 12 May 2005 0:34:00 A.... 245.760 240,00 K nvrszhc.dll Thu 12 May 2005 0:34:00 A.... 212.992 208,00 K nvrszht.dll Thu 12 May 2005 0:34:00 A.... 114.688 112,00 K nvshell.dll Thu 12 May 2005 0:34:00 A.... 466.944 456,00 K nvwddi.dll Thu 12 May 2005 0:34:00 A.... 81.920 80,00 K nvwdmcpl.dll Thu 12 May 2005 0:34:00 A.... 1.662.976 1,59 M nvwimg.dll Thu 12 May 2005 0:34:00 A.... 1.019.904 996,00 K nvwrsar.dll Thu 12 May 2005 0:34:00 A.... 282.624 276,00 K nvwrscs.dll Thu 12 May 2005 0:34:00 A.... 286.720 280,00 K nvwrsda.dll Thu 12 May 2005 0:34:00 A.... 294.912 288,00 K nvwrsde.dll Thu 12 May 2005 0:34:00 A.... 311.296 304,00 K nvwrsel.dll Thu 12 May 2005 0:34:00 A.... 335.872 328,00 K nvwrseng.dll Thu 12 May 2005 0:34:00 A.... 286.720 280,00 K nvwrses.dll Thu 12 May 2005 0:34:00 A.... 335.872 328,00 K nvwrsesm.dll Thu 12 May 2005 0:34:00 A.... 327.680 320,00 K nvwrsfi.dll Thu 12 May 2005 0:34:00 A.... 303.104 296,00 K nvwrsfr.dll Thu 12 May 2005 0:34:00 A.... 327.680 320,00 K nvwrshe.dll Thu 12 May 2005 0:34:00 A.... 278.528 272,00 K nvwrshu.dll Thu 12 May 2005 0:34:00 A.... 315.392 308,00 K nvwrsit.dll Thu 12 May 2005 0:34:00 A.... 323.584 316,00 K nvwrsja.dll Thu 12 May 2005 0:34:00 A.... 212.992 208,00 K nvwrsko.dll Thu 12 May 2005 0:34:00 A.... 200.704 196,00 K nvwrsnl.dll Thu 12 May 2005 0:34:00 A.... 319.488 312,00 K nvwrsno.dll Thu 12 May 2005 0:34:00 A.... 299.008 292,00 K nvwrspl.dll Thu 12 May 2005 0:34:00 A.... 294.912 288,00 K nvwrspt.dll Thu 12 May 2005 0:34:00 A.... 323.584 316,00 K nvwrsptb.dll Thu 12 May 2005 0:34:00 A.... 319.488 312,00 K nvwrsru.dll Thu 12 May 2005 0:34:00 A.... 315.392 308,00 K nvwrssk.dll Thu 12 May 2005 0:34:00 A.... 299.008 292,00 K nvwrssl.dll Thu 12 May 2005 0:34:00 A.... 303.104 296,00 K nvwrssv.dll Thu 12 May 2005 0:34:00 A.... 294.912 288,00 K nvwrstr.dll Thu 12 May 2005 0:34:00 A.... 303.104 296,00 K nvwrszhc.dll Thu 12 May 2005 0:34:00 A.... 167.936 164,00 K nvwrszht.dll Thu 12 May 2005 0:34:00 A.... 172.032 168,00 K oannm.dll Fri 24 Jun 2005 7:33:54 A.... 0 0,00 K ofmyn.dll Sun 26 Jun 2005 22:19:34 A.... 66.560 65,00 K pngfilt.dll Mon 2 May 2005 22:57:12 A.... 39.424 38,50 K qohbs.dll Sat 16 Jul 2005 5:39:32 A.... 66.560 65,00 K rqami.dll Tue 12 Jul 2005 10:32:06 A.... 66.560 65,00 K s32evnt1.dll Fri 13 May 2005 19:50:10 A.... 91.856 89,70 K sdkbw.dll Sat 25 Jun 2005 20:19:32 ..... 84.642 82,66 K sdkik32.dll Wed 29 Jun 2005 7:18:54 ..... 84.642 82,66 K sdkkg.dll Fri 17 Jun 2005 22:04:22 ..... 84.642 82,66 K sdkkp32.dll Sat 25 Jun 2005 23:04:06 ..... 84.642 82,66 K sdksf.dll Sat 25 Jun 2005 6:19:28 ..... 84.642 82,66 K sdkyv.dll Sun 3 Jul 2005 20:48:14 ..... 84.642 82,66 K sdkzj.dll Sat 25 Jun 2005 5:34:30 ..... 84.642 82,66 K shdocvw.dll Mon 2 May 2005 22:57:12 A.... 1.484.288 1,41 M shktj.dll Mon 4 Jul 2005 23:21:24 A.... 66.560 65,00 K shlwapi.dll Mon 2 May 2005 22:57:12 A.... 474.112 463,00 K syssi32.dll Fri 8 Jul 2005 15:29:32 ..... 84.642 82,66 K sysyc32.dll Mon 11 Jul 2005 1:51:06 ..... 84.642 82,66 K sysyl32.dll Thu 30 Jun 2005 12:21:06 ..... 84.642 82,66 K tcyrn.dll Mon 27 Jun 2005 18:55:42 A.... 0 0,00 K tfziw.dll Fri 15 Jul 2005 12:58:38 A.... 66.560 65,00 K urlmon.dll Mon 2 May 2005 22:57:12 A.... 605.696 591,50 K winhb32.dll Fri 17 Jun 2005 6:23:04 A.... 84.642 82,66 K wininet.dll Mon 2 May 2005 22:57:12 A.... 662.016 646,50 K winqx.dll Fri 1 Jul 2005 4:38:56 ..... 84.642 82,66 K winuc.dll Mon 13 Jun 2005 10:54:06 ..... 84.642 82,66 K wuapi.dll Thu 26 May 2005 4:16:30 A.... 467.224 456,27 K wuaueng.dll Thu 26 May 2005 4:16:30 A.... 1.343.768 1,28 M wuaueng1.dll Thu 26 May 2005 4:16:32 A.... 195.352 190,77 K wucltui.dll Thu 26 May 2005 4:16:32 A.... 128.792 125,77 K wups.dll Thu 26 May 2005 4:16:30 A.... 41.240 40,27 K wups2.dll Thu 26 May 2005 4:16:30 A.... 18.200 17,77 K wuweb.dll Thu 26 May 2005 4:16:30 A.... 173.536 169,47 K xpsp3res.dll Tue 17 May 2005 2:42:14 ..... 16.896 16,50 K zoouv.dll Wed 22 Jun 2005 6:39:56 A.... 66.560 65,00 K 182 items found: 182 files, 0 directories. Total of file sizes: 57.470.696 bytes 54,80 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle BOOT Le num‚ro de s‚rie du volume est 646C-6A9F R‚pertoire de C:\WINDOWS\System32 02/07/2005 14:01 dllcache 25/06/2004 17:25 Microsoft 0 fichier(s) 0 octets 2 R‚p(s) 83.056.336.896 octets libres

balltrap34 · Answer

nonrelance l2mfix et cette fois clik sur l option 2 et donne le rapportensuite relance le fix smitfraud et fait l option 2 et donne aussi le rapport et refait un hijack

dzadzou · Answer

et de un:L2Mfix 1.03a Running From:C:\Documents and Settings\dzazdou\Bureau\l2mfix  RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Denying C(CI) access for predefined group "Administrators" - adding new ACCESS DENY entry Registry Permissions set too:RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(CI)    DENY   --C-------   	BUILTIN\Administrateurs(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE Setting up for Reboot  Starting Reboot! C:\Documents and Settings\dzazdou\Bureau\l2mfix System Rebooted!  Running From:C:\Documents and Settings\dzazdou\Bureau\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.orgKilling PID 1204 'explorer.exe'Killing PID 1204 'explorer.exe'Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.orgError, Cannot find a process with an image name of rundll32.exe Scanning First Pass. Please Wait! First Pass Completed  Second Pass Scanning  Second pass Completed! Zipping up files for submission:  adding: clear.reg (164 bytes security) (deflated 2%)  adding: echo.reg (164 bytes security) (deflated 9%)  adding: direct.txt (164 bytes security) (stored 0%)  adding: lo2.txt (164 bytes security) (deflated 70%)  adding: readme.txt (164 bytes security) (deflated 49%)  adding: report.txt (164 bytes security) (deflated 71%)  adding: test.txt (164 bytes security) (stored 0%)  adding: test2.txt (164 bytes security) (stored 0%)  adding: test3.txt (164 bytes security) (stored 0%)  adding: test5.txt (164 bytes security) (stored 0%)  adding: backregs/shell.reg (164 bytes security) (deflated 74%) Restoring Registry Permissions:  RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Revoking access for predefined group "Administrators"Inherited ACE can not be revoked here!Inherited ACE can not be revoked here! Registry permissions set too:RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRERestoring Sedebugprivilege:  Granting SeDebugPrivilege to Administrators   ... failed (GetAccountSid(Administrators)=1332   The following Is the Current Export of the Winlogon notify key:****************************************************************************Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok.  If there was something deleted wrongly there are backups in the backreg folder. ****************************************************************************REGEDIT4[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]REGEDIT4[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"SV1"=""****************************************************************************Desktop.ini Contents: ********************************************************************************************************************************************************

dzadzou · Answer

et de deux:Logfile of HijackThis v1.99.1Scan saved at 22:23:32, on 16/07/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\sysal.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom SkynetR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Class - {17FC5AF7-0C0F-B62B-EE7D-6FB2FEABA69B} - C:\WINDOWS\system32\appsy32.dllO2 - BHO: Class - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - C:\WINDOWS\sdkni32.dllO2 - BHO: Class - {5C2283D1-61C9-9337-3709-169AA24C7206} - C:\WINDOWS\system32\syskp.dllO2 - BHO: Class - {7299CF30-F233-3F46-2E8C-DD294195AEBE} - C:\WINDOWS\system32\wincu32.dllO2 - BHO: Class - {73A2EFBB-38ED-18F3-2B78-49EE04A5FEAB} - C:\WINDOWS\ieif.dllO2 - BHO: Class - {80CE4264-DE48-7277-BAA4-D6E07C2653A2} - C:\WINDOWS\system32\mfccl32.dllO2 - BHO: Class - {9564CC48-05D0-7649-4D33-CBDCCFF9913B} - C:\WINDOWS\mfcfv32.dllO2 - BHO: Class - {A97AC2A2-0659-AC43-72DB-D9D913C43C45} - C:\WINDOWS\system32\iege.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: Class - {D3DA37FD-F982-375C-FB4D-EE7156A75905} - C:\WINDOWS\system32\atlac.dllO2 - BHO: Class - {E8983D00-0142-A0FE-63A0-D9E1F3C04A6B} - C:\WINDOWS\sdkzt.dllO2 - BHO: Class - {F3A0397E-E3B9-0D76-D1C6-7FA1761B11A6} - C:\WINDOWS\iphv32.dllO2 - BHO: Class - {F4D7791F-ADA5-B851-33CA-06EB8529CE7E} - C:\WINDOWS\system32\sdkxr32.dllO2 - BHO: Class - {FF534564-71EA-B589-BFE1-B3735E7B4CF5} - C:\WINDOWS\system32\sdkly32.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exeO4 - HKLM\..\RunOnce: [sdkri32.exe] C:\WINDOWS\system32\sdkri32.exeO4 - HKLM\..\RunOnce: [mshq.exe] C:\WINDOWS\system32\mshq.exeO4 - HKLM\..\RunOnce: [addlu32.exe] C:\WINDOWS\system32\addlu32.exeO4 - HKLM\..\RunOnce: [sysvu.exe] C:\WINDOWS\system32\sysvu.exeO4 - HKLM\..\RunOnce: [sysar32.exe] C:\WINDOWS\system32\sysar32.exeO4 - HKLM\..\RunOnce: [syspg32.exe] C:\WINDOWS\syspg32.exeO4 - HKLM\..\RunOnce: [netzx32.exe] C:\WINDOWS\system32
etzx32.exeO4 - HKLM\..\RunOnce: [syspw32.exe] C:\WINDOWS\syspw32.exeO4 - HKLM\..\RunOnce: [d3cb32.exe] C:\WINDOWS\system32\d3cb32.exeO4 - HKLM\..\RunOnce: [atlgh32.exe] C:\WINDOWS\system32\atlgh32.exeO4 - HKLM\..\RunOnce: [atlcw32.exe] C:\WINDOWS\system32\atlcw32.exeO4 - HKLM\..\RunOnce: [sysos32.exe] C:\WINDOWS\sysos32.exeO4 - HKLM\..\RunOnce: [javatu.exe] C:\WINDOWS\javatu.exeO4 - HKLM\..\RunOnce: [mfcyo32.exe] C:\WINDOWS\system32\mfcyo32.exeO4 - HKLM\..\RunOnce: [addzl32.exe] C:\WINDOWS\system32\addzl32.exeO4 - HKLM\..\RunOnce: [cref.exe] C:\WINDOWS\system32\cref.exeO4 - HKLM\..\RunOnce: [msyw.exe] C:\WINDOWS\msyw.exeO4 - HKLM\..\RunOnce: [sdkci.exe] C:\WINDOWS\system32\sdkci.exeO4 - HKLM\..\RunOnce: [atlqf32.exe] C:\WINDOWS\atlqf32.exeO4 - HKLM\..\RunOnce: [addlj.exe] C:\WINDOWS\system32\addlj.exeO4 - HKLM\..\RunOnce: [crky32.exe] C:\WINDOWS\system32\crky32.exeO4 - HKLM\..\RunOnce: [ipao32.exe] C:\WINDOWS\ipao32.exeO4 - HKLM\..\RunOnce: [ntiw.exe] C:\WINDOWS\system32
tiw.exeO4 - HKLM\..\RunOnce: [iedn32.exe] C:\WINDOWS\system32\iedn32.exeO4 - HKLM\..\RunOnce: [syslv.exe] C:\WINDOWS\system32\syslv.exeO4 - HKLM\..\RunOnce: [iemw.exe] C:\WINDOWS\system32\iemw.exeO4 - HKLM\..\RunOnce: [atljl32.exe] C:\WINDOWS\system32\atljl32.exeO4 - HKLM\..\RunOnce: [ipaa32.exe] C:\WINDOWS\system32\ipaa32.exeO4 - HKLM\..\RunOnce: [apive.exe] C:\WINDOWS\system32\apive.exeO4 - HKLM\..\RunOnce: [winuu32.exe] C:\WINDOWS\system32\winuu32.exeO4 - HKLM\..\RunOnce: [crsj.exe] C:\WINDOWS\crsj.exeO4 - HKLM\..\RunOnce: [ipxl32.exe] C:\WINDOWS\ipxl32.exeO4 - HKLM\..\RunOnce: [netrr32.exe] C:\WINDOWS
etrr32.exeO4 - HKLM\..\RunOnce: [apphg32.exe] C:\WINDOWS\system32\apphg32.exeO4 - HKLM\..\RunOnce: [atlpw32.exe] C:\WINDOWS\system32\atlpw32.exeO4 - HKLM\..\RunOnce: [ntqp32.exe] C:\WINDOWS
tqp32.exeO4 - HKLM\..\RunOnce: [winyx.exe] C:\WINDOWS\winyx.exeO4 - HKLM\..\RunOnce: [msub.exe] C:\WINDOWS\msub.exeO4 - HKLM\..\RunOnce: [apisz32.exe] C:\WINDOWS\apisz32.exeO4 - HKLM\..\RunOnce: [appsy32.exe] C:\WINDOWS\system32\appsy32.exeO4 - HKLM\..\RunOnce: [netif32.exe] C:\WINDOWS\system32
etif32.exeO4 - HKLM\..\RunOnce: [ieeu32.exe] C:\WINDOWS\ieeu32.exeO4 - HKLM\..\RunOnce: [netea.exe] C:\WINDOWS\system32
etea.exeO4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.skynet.beO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dllO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mspk32.exe"  /s (file missing)O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

dzadzou · Answer

et de trois:

SmitFraudFix v0.7

Rapport fait à 22:25:18,70 le sam. 16/07/2005
Executé à partir de C:\Documents and Settings\dzazdou\Mes documents\Unzipped\SmitfraudFix[1]
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\screen.html supprimé
C:\WINDOWS\system32\hookdump.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

balltrap34 · Answer

salut
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore et verifie que tu as les bonnes version c est imperatif

ad-aware (1)version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip

dzadzou · Answer

Logfile of HijackThis v1.99.1Scan saved at 12:17:57, on 17/07/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\sysal.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\WINDOWS\ServicePackFiles\i386\iexplore.exeC:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom SkynetR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Class - {14545639-0F65-AB15-C16B-B4F8EE42B3C1} - C:\WINDOWS\system32\sysrd32.dllO2 - BHO: Class - {4014B4D5-2904-EAE9-66BC-9F97C5F321F8} - C:\WINDOWS\system32\mfcok.dllO2 - BHO: Class - {4982D30C-67C2-4EDC-B9FB-50B7DB64D84D} - C:\WINDOWS\system32\mfckz32.dllO2 - BHO: Class - {4FBA7282-EDEE-36A3-D552-74FA9B7E58C7} - C:\WINDOWS\javaxv32.dllO2 - BHO: Class - {5216D1C9-464B-2CA0-2092-005ED043733C} - C:\WINDOWS\system32\ipkb32.dllO2 - BHO: Class - {9B2A5C16-0CC3-AAF0-E711-079D47C149CF} - C:\WINDOWS\system32\sysbn32.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Class - {B02C8A79-166D-EAED-C15F-3D1CC66CC436} - C:\WINDOWS\system32\javaiq32.dllO2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)O2 - BHO: Class - {BAC8C44D-2112-AF01-7896-5BA9C152A8BC} - C:\WINDOWS\sysps32.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: Class - {C49EE5EC-58A6-E279-05B8-E5C66D906219} - C:\WINDOWS\system32\apppd.dllO2 - BHO: Class - {C8B9D513-1F50-BEA9-4C7E-E088E7CE8BF6} - C:\WINDOWS\apiyu.dllO2 - BHO: Class - {CFC69D80-D884-9E2A-507A-6B067ADD8506} - C:\WINDOWS\apikx.dllO2 - BHO: Class - {E9288E70-5BA5-6326-846F-3AC0878A4536} - C:\WINDOWS\iepc32.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exeO4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exeO4 - HKLM\..\RunOnce: [apppt32.exe] C:\WINDOWS\system32\apppt32.exeO4 - HKLM\..\RunOnce: [apidu.exe] C:\WINDOWS\system32\apidu.exeO4 - HKLM\..\RunOnce: [mfcec32.exe] C:\WINDOWS\mfcec32.exeO4 - HKLM\..\RunOnce: [sysjw.exe] C:\WINDOWS\sysjw.exeO4 - HKLM\..\RunOnce: [mssw32.exe] C:\WINDOWS\system32\mssw32.exeO4 - HKLM\..\RunOnce: [ntxy.exe] C:\WINDOWS\system32
txy.exeO4 - HKLM\..\RunOnce: [apifn.exe] C:\WINDOWS\apifn.exeO4 - HKLM\..\RunOnce: [javawi.exe] C:\WINDOWS\javawi.exeO4 - HKLM\..\RunOnce: [apibc.exe] C:\WINDOWS\system32\apibc.exeO4 - HKLM\..\RunOnce: [msub.exe] C:\WINDOWS\msub.exeO4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exeO4 - HKLM\..\RunOnce: [mfctx32.exe] C:\WINDOWS\mfctx32.exeO4 - HKLM\..\RunOnce: [iehz32.exe] C:\WINDOWS\system32\iehz32.exeO4 - HKLM\..\RunOnce: [netwu32.exe] C:\WINDOWS\system32
etwu32.exeO4 - HKLM\..\RunOnce: [winby32.exe] C:\WINDOWS\system32\winby32.exeO4 - HKLM\..\RunOnce: [cros32.exe] C:\WINDOWS\cros32.exeO4 - HKLM\..\RunOnce: [d3og.exe] C:\WINDOWS\system32\d3og.exeO4 - HKLM\..\RunOnce: [d3qs32.exe] C:\WINDOWS\system32\d3qs32.exeO4 - HKLM\..\RunOnce: [mfcvn32.exe] C:\WINDOWS\mfcvn32.exeO4 - HKLM\..\RunOnce: [ipwc32.exe] C:\WINDOWS\system32\ipwc32.exeO4 - HKLM\..\RunOnce: [appbe.exe] C:\WINDOWS\appbe.exeO4 - HKLM\..\RunOnce: [ntzp.exe] C:\WINDOWS\system32
tzp.exeO4 - HKLM\..\RunOnce: [mfcam.exe] C:\WINDOWS\mfcam.exeO4 - HKLM\..\RunOnce: [ieng32.exe] C:\WINDOWS\system32\ieng32.exeO4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exeO4 - HKLM\..\RunOnce: [sysvy.exe] C:\WINDOWS\system32\sysvy.exeO4 - HKLM\..\RunOnce: [winhz32.exe] C:\WINDOWS\winhz32.exeO4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exeO4 - HKLM\..\RunOnce: [addhn32.exe] C:\WINDOWS\addhn32.exeO4 - HKLM\..\RunOnce: [atlfj.exe] C:\WINDOWS\atlfj.exeO4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exeO4 - HKLM\..\RunOnce: [netex32.exe] C:\WINDOWS\system32
etex32.exeO4 - HKLM\..\RunOnce: [atlox.exe] C:\WINDOWS\system32\atlox.exeO4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exeO4 - HKLM\..\RunOnce: [ieho.exe] C:\WINDOWS\ieho.exeO4 - HKLM\..\RunOnce: [netcx.exe] C:\WINDOWS
etcx.exeO4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.skynet.beO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dllO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe"  /s (file missing)O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exemes soucis:je crois que le virus est encore dans mon ordinateur exemple: dans mes favoris il y a des sites de porno,...merci deja pour tout parce-que j'ai vu que j'ai enleve des choses commen trojan horse downloader etc

balltrap34 · Answer

lol tous y est encore tu suis bien tous dans l ordre le mode sans echec et tous les prog

dzadzou · Answer

ai j'y comprends rien j'ai tout bien suivi c'est pas le virus qui se renouvle?

balltrap34 · Answer

la je crack
repasse ceci
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
et ensuite repete toute l operation

dzadzou · Answer

L2Mfix 1.03a

Running From:
C:\Documents and Settings\dzazdou\Bureau\l2mfix

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

Setting registry permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry

Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

Setting up for Reboot

Starting Reboot!

balltrap34 · Answer

il faut que l ont vire se service
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
demarrer > executer tape(ou fais un copier coller)

sc config 11Fßä#·ºÄÖ`I start= disabled
valide

demarrer > executer tape

sc stop 11Fßä#·ºÄÖ`I
valide

demarrer > executer tape
sc delete 11Fßä#·ºÄÖ`I
valide

redemarre le pc et reposte un hijack

dzadzou · Answer

Logfile of HijackThis v1.99.1Scan saved at 21:07:20, on 18/07/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\mfcsx.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom SkynetR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dllO2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dllO2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dllO2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dllO2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dllO2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS
etjc32.dllO2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dllO2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32
etlm32.dllO2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dllO2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dllO2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dllO2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dllO2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS
etnn32.dllO2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dllO2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dllO2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32
etxx32.dllO2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dllO2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dllO2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dllO2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dllO2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dllO2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dllO2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dllO2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exeO4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exeO4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exeO4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exeO4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exeO4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exeO4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exeO4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32
etko32.exeO4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exeO4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exeO4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exeO4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exeO4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS
tkb32.exeO4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exeO4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exeO4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exeO4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exeO4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exeO4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exeO4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exeO4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exeO4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exeO4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exeO4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32
etpl.exeO4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exeO4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exeO4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exeO4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exeO4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exeO4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exeO4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exeO4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exeO4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exeO4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exeO4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exeO4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exeO4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exeO4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exeO4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS
ethm32.exeO4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32
etkd32.exeO4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exeO4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exeO4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exeO4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exeO4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exeO4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exeO4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32
etmz32.exeO4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exeO4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS
etjs.exeO4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exeO4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exeO4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exeO4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exeO4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exeO4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32
tmd.exeO4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exeO4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exeO4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exeO4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exeO4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS
tex.exeO4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exeO4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS
ethh.exeO4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exeO4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exeO4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exeO4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exeO4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exeO4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exeO4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exeO4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exeO4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exeO4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exeO4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exeO4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exeO4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exeO4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exeO4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exeO4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exeO4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exeO4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exeO4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exeO4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exeO4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exeO4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exeO4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exeO4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS
txs32.exeO4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exeO4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS
etpy.exeO4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exeO4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exeO4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exeO4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exeO4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exeO4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exeO4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exeO4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exeO4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exeO4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exeO4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exeO4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exeO4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exeO4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exeO4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exeO4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exeO4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exeO4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exeO4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exeO4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exeO4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exeO4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exeO4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exeO4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exeO4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32
ettz32.exeO4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exeO4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exeO4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exeO4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exeO4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS
tfg.exeO4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exeO4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exeO4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exeO4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exeO4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS
trd.exeO4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exeO4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exeO4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exeO4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.skynet.beO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dllO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe"  /s (file missing)O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Utilisateur anonyme · Answer

Allucinant !

balltrap34 · Answer

recommence ceci
il faut que l ont vire se service
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)

sc config Workstation NetLogon Service start= disabled
valide

demarrer > executer tape

sc stop Workstation NetLogon Service
valide

demarrer > executer tape
sc delete Workstation NetLogon Service
valide

recherche et suppr cec i
C:\WINDOWS\apppw.exe

et fait ceci et ne redemarre surtous pas
relance hijack clik sur open the misk tolls section ensuite clik sur open ads spy
verifie que ceci est cocher
quick scan et ignore safe
clik ensuite sur scan
et a la fin sur save log et donne moi se log

dzadzou · Answer

Logfile of HijackThis v1.99.1Scan saved at 21:07:20, on 18/07/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\mfcsx.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom SkynetR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dllO2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dllO2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dllO2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dllO2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dllO2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS
etjc32.dllO2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dllO2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32
etlm32.dllO2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dllO2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dllO2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dllO2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dllO2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS
etnn32.dllO2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dllO2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dllO2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32
etxx32.dllO2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dllO2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dllO2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dllO2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dllO2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dllO2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dllO2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dllO2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exeO4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exeO4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exeO4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exeO4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exeO4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exeO4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exeO4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32
etko32.exeO4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exeO4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exeO4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exeO4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exeO4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS
tkb32.exeO4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exeO4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exeO4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exeO4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exeO4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exeO4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exeO4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exeO4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exeO4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exeO4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exeO4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32
etpl.exeO4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exeO4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exeO4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exeO4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exeO4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exeO4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exeO4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exeO4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exeO4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exeO4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exeO4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exeO4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exeO4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exeO4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exeO4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS
ethm32.exeO4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32
etkd32.exeO4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exeO4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exeO4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exeO4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exeO4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exeO4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exeO4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32
etmz32.exeO4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exeO4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS
etjs.exeO4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exeO4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exeO4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exeO4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exeO4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exeO4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32
tmd.exeO4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exeO4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exeO4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exeO4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exeO4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS
tex.exeO4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exeO4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS
ethh.exeO4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exeO4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exeO4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exeO4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exeO4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exeO4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exeO4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exeO4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exeO4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exeO4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exeO4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exeO4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exeO4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exeO4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exeO4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exeO4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exeO4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exeO4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exeO4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exeO4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exeO4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exeO4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exeO4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exeO4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS
txs32.exeO4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exeO4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS
etpy.exeO4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exeO4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exeO4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exeO4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exeO4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exeO4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exeO4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exeO4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exeO4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exeO4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exeO4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exeO4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exeO4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exeO4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exeO4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exeO4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exeO4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exeO4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exeO4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exeO4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exeO4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exeO4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exeO4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exeO4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exeO4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32
ettz32.exeO4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exeO4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exeO4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exeO4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exeO4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS
tfg.exeO4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exeO4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exeO4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exeO4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exeO4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS
trd.exeO4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exeO4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exeO4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exeO4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.skynet.beO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dllO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe"  /s (file missing)O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

balltrap34 · Answer

se n est pas se qaue je t est demander si tu ne lit pas tous et fait tous j abandonne

balltrap34 · Answer

lolont vas tous reprendretelecharge ceciAbout:Buster.  Tu le télécharges sur :   http://www.majorgeeks.com/download4289.htmlclik "Check for updates". telecharge les mises a jour referme leont l utiliseras plus tard-------telecharge cecihttp://lineofire.geekstogo.com/cwsserviceremove.zipdecompresse le et ont utilise plus tard-------relance hijack en mode normalcoche et fix ces lignesR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049 R3 - Default URLSearchHook is missing O2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dll O2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dll O2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dll O2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dll O2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dll O2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS
etjc32.dll O2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dll O2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32
etlm32.dll O2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dll O2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dll O2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dll O2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dll O2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS
etnn32.dll O2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dll O2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dll O2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32
etxx32.dll O2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dll O2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dll O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dll O2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dll O2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dll O2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dll O2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dll O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dll O2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dll O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe O4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exe O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe O4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exe O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32
etko32.exe O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exe O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe O4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exe O4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS
tkb32.exe O4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exe O4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exe O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe O4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exe O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe O4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exe O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exe O4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exe O4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exe O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32
etpl.exe O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exe O4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exe O4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exe O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe O4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exe O4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exe O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exe O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe O4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exe O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe O4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exe O4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exe O4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS
ethm32.exe O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32
etkd32.exe O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exe O4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exe O4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exe O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exe O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exe O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exe O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32
etmz32.exe O4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exe O4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS
etjs.exe O4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exe O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe O4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exe O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exe O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe O4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32
tmd.exe O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exe O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exe O4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exe O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS
tex.exe O4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exe O4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS
ethh.exe O4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exe O4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exe O4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exe O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe O4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exe O4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exe O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exe O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exe O4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exe O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exe O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe O4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exe O4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exe O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe O4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exe O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe O4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exe O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exe O4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exe O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS
txs32.exe O4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exe O4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS
etpy.exe O4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exe O4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exe O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exe O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exe O4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exe O4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exe O4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exe O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exe O4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exe O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe O4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exe O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exe O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe O4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exe O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe O4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exe O4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exe O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe O4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exe O4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exe O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe O4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32
ettz32.exe O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe O4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exe O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exe O4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS
tfg.exe O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exe O4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exe O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe O4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exe O4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS
trd.exe O4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exe O4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exe O4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exe O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing) ------------------redemarre en mode sans echecrecherche et suppr les fichiers n en oublie pas les fichier en fin de ligne ex/crcz32.dllO2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dll O2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dll O2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dll O2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dll O2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dll O2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS
etjc32.dll O2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dll O2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32
etlm32.dll O2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dll O2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dll O2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dll O2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dll O2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS
etnn32.dll O2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dll O2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dll O2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32
etxx32.dll O2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dll O2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dll O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dll O2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dll O2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dll O2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dll O2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dll O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dll O2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dll O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe O4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exe O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe O4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exe O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32
etko32.exe O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exe O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe O4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exe O4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS
tkb32.exe O4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exe O4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exe O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe O4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exe O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe O4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exe O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exe O4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exe O4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exe O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32
etpl.exe O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exe O4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exe O4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exe O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe O4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exe O4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exe O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exe O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe O4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exe O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe O4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exe O4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exe O4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS
ethm32.exe O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32
etkd32.exe O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exe O4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exe O4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exe O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exe O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exe O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exe O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32
etmz32.exe O4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exe O4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS
etjs.exe O4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exe O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe O4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exe O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exe O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe O4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32
tmd.exe O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exe O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exe O4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exe O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS
tex.exe O4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exe O4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS
ethh.exe O4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exe O4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exe O4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exe O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe O4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exe O4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exe O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exe O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exe O4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exe O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exe O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe O4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exe O4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exe O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe O4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exe O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe O4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exe O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exe O4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exe O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS
txs32.exe O4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exe O4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS
etpy.exe O4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exe O4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exe O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exe O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exe O4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exe O4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exe O4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exe O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exe O4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exe O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe O4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exe O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exe O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe O4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exe O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe O4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exe O4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exe O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe O4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exe O4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exe O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe O4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32
ettz32.exe O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe O4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exe O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exe O4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS
tfg.exe O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exe O4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exe O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe O4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exe O4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS
trd.exe O4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exe O4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exe O4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exe ------------maintenant  passe about buster autant de fois qu il trouve quelque chose4/5/6 fois si il faut------double clik sur le fichier telecharger tous a l heurecwsserviceremove.zip-----------redemarre et nouvel hijack

dzadzou · Answer

écoute baltrap moi j'ai fait tout ce que tu as dit bon je vais essayer encore ceci et sinon j'emporte mon pc chez un type du coin qui m'arrangera ça

balltrap34 · Answer

fait bien cela ont vas y arriver je c est  cest du boulot

dzadzou · Answer

ouf... fini!bon le aboput buster je l'ai passé au moins 30 foisogfile of HijackThis v1.99.1Scan saved at 11:51:59, on 19/07/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\apppw.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\ServicePackFiles\i386\iexplore.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cppfi.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cppfi.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom SkynetR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.skynet.beO17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe"  /s (file missing)O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exej'espere que les fichiers ne sont pas revenus cette fois ci

balltrap34 · Answer

recommence ceci ont y est presque dans cette ordre

about buster autant de fois qu il trouve quelque chose
4/5/6 fois si il faut
------
double clik sur le fichier telecharger tous a l heure
cwsserviceremove.zip

lance hijack et coche et fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)

recherche et suppr si tu trouve
C:\WINDOWS\cppfi.dll/sp.html#37049
C:\WINDOWS\cppfi.dll

copie ceci dans le bloc note et respecte la ligne vide au debut et a la fin

-----------------

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%AFå¤¶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\%AFå¤¶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\%AFå¤¶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\%AFå¤¶À¨]

---------------------
enregistre le et donne lui comme nom
fixsp.reg et met tous fichiers dans type

double clik dessus et confirme

redemarre et nouvelle hijack

Utilisateur anonyme · Answer

salut balltrap,c est quoi cette manip, au cas ou les sp.htlm en R1 sont tenaces?

balltrap34 · Answer

oui et le service est tenace aussi

dzadzou · Answer

merci baltrap le virus est parti si je peux faire quelque chose pour toi demande lemerci merci mercites genial

balltrap34 · Answer

de rien mais refait moi un hijack je veut m assurer de quelque chose

dzadzou · Answer

Logfile of HijackThis v1.99.1Scan saved at 17:34:09, on 19/07/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\apppw.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\DOCUME~1\dzazdou\LOCALS~1\Temp\~e5d141.tmpC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\WINDOWS\ServicePackFiles\i386\iexplore.exeC:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cppfi.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cppfi.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom SkynetR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKCU\..\RunOnce: [RealArcadeGameInstaller] C:\Program Files\Real\RealArcade\RNArcade.exeO4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.skynet.beO17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe"  /s (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

balltrap34 · Answer

lol il est toujours la et je pense que je me suis planter dans le regfait cecitelecharge cecihttp://pageperso.aol.fr/Balltrap34/SpHjfix.exepasse lepuis repasse se prog que tu as deja double clik sur le fichier et confirme ,telecharger hier et decompressercwsserviceremove.zip relance hijack coche et fix ceciR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cppfi.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cppfi.dll/sp.html#37049 R3 - Default URLSearchHook is missing O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing) -----------dans le bloc note copie colle ceci respecte la ligne vide au debut et a la fin---------Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11Fßä#·ºÄÖ`I] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\11Fßä#·ºÄÖ`I] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\11Fßä#·ºÄÖ`I] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\11Fßä#·ºÄÖ`I] ----------enregistre le et donne lui comme nom fixspy.reg et met tous fichiers dans type double clik dessus et confirme refait un hijack

S!Ri · Answer

SalutBalltrap, il y a un espace devant le nom du service:  " 11Fßä#·ºÄÖ`I"dzadzou, tu peux aussi essayer de supprimer ce service avec HijackThis:Boutons: Config, Misc Tools, Delete an NT service...Coller le nom du process (attention a l'espace en debut du nom) et confirmer.a+

balltrap34 · Answer

oui merci je l est vu ont me la signaler sur un autre forum

S!Ri · Answer

Ok coola bientôt

dzadzou · Answer

S!ri: j'ai essaye ta maniere mais hijack n'a pas arrivé a l'enlever parce que il etait en cours d'execution (donc allumé)baltrap :j'ai pas tres bien compris la fin( enregistre le et donne lui comme nom fixspy.reg et met tous fichiers dans type double clik dessus et confirme refait un hijack )

balltrap34 · Answer

tous cela vas ensembledans le bloc note copie colle ceci respecte la ligne vide au debut et a la fin --------- Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11Fßä#·ºÄÖ`I] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\11Fßä#·ºÄÖ`I] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\11Fßä#·ºÄÖ`I] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\11Fßä#·ºÄÖ`I] ---------- enregistre le et donne lui comme nom fixspy.reg et met tous fichiers dans type double clik dessus et confirme

dzadzou · Answer

quand je cliques dessus l'ordi me demande de mettre le contenu au registreje clique "oui"mais il dit que c'est impossible?????

balltrap34 · Answer

ouvre le fichier que je t est fait faire en faisant clik droit et modifierensuite met un espace entreWindows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ici11Fßä#·ºÄÖ`I] fait de meme sur les tros lignes et enregistre et clik dessus et confirme

dzadzou · Answer

comfirmer quoi(je suis désolé mais je ne comprend vraiment pas parce que j'ai mes les espaces mais quand je clique dessus il se passe la meme chose

dzadzou · Answer

comfirmer quoi(je suis désolé mais je ne comprend vraiment pas parce que j'ai mes les espaces mais quand je clique dessus il se passe la meme chose

balltrap34 · Answer

l espace est[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICI11Fßä#·ºÄÖ`I] et tu fait de meme a chaque ligneensuiteenregistre le et donne lui comme nom fixspy.reg et met tous fichiers dans type double clik dessus et confirme

JUAN · Answer

O SECOURS! Je vous écri d'un autre pc que le mien car mon ordi est complètement paralysé par le virus:Trojan/Lazar.A.1je c pa koi faire!! aidez moi!!!

AntivirusGold 2.0

56 réponses

Discussions similaires

Newsletters