Sujet Précédent Sujet Suivant

Iexplore.exe ...complètement "vérolé'" !

Résolu/Fermé
Pascal-33-37 Messages postés 112 Date d'inscription jeudi 7 juillet 2005 Statut Membre Dernière intervention 3 avril 2008 - 8 juil. 2005 à 14:30
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 - 20 juil. 2005 à 18:08
Bonjours à tous... (ceux qui savent comment ça marche, et ceux qui comme moi, aimeraient bien comprendre...).


Mon fichier "iexplore.exe" est devenu un nid à virus. En regardant sur le message de Sabrina, j'ai deja pu éditer le fichier depuis HijackThis. Je trouve ça trés joli, mais pour la suite, il parait que certaines personnes arrivent à expliquer la procédure à suivre ! (l'informatique m'impressionnera toujours autant).

Alors voici la bête...




Logfile of HijackThis v1.99.1
Scan saved at 20:22:59, on 07/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\sysvn32.exe
C:\Program Files\SpyFighter\SpyFighter.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\a2hijackfree.exe
C:\WINDOWS\system32\ntbp32.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rdcrx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rdcrx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rdcrx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rdcrx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rdcrx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rdcrx.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rdcrx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.free.fr:3128;ftp=proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {504E4541-72B8-7FED-2346-675BD8F5509F} - C:\WINDOWS\system32\sysab32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {D476F3A0-4D6E-CAD1-1014-B290A1A15520} - C:\WINDOWS\netrq.dll
O2 - BHO: Class - {EE94A522-58DF-C2C1-BCF2-94D49D453684} - C:\WINDOWS\system32\mspg32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [Media-Search] "C:\Program Files\msnet\v9\msnet.EXE" /H
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [sysvn32.exe] C:\WINDOWS\sysvn32.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [syssr32.exe] C:\WINDOWS\system32\syssr32.exe
O4 - HKLM\..\RunOnce: [apisu.exe] C:\WINDOWS\system32\apisu.exe
O4 - HKLM\..\RunOnce: [msea.exe] C:\WINDOWS\msea.exe
O4 - HKLM\..\RunOnce: [msrz.exe] C:\WINDOWS\msrz.exe
O4 - HKLM\..\RunOnce: [appfu.exe] C:\WINDOWS\system32\appfu.exe
O4 - HKLM\..\RunOnce: [apidw.exe] C:\WINDOWS\system32\apidw.exe
O4 - HKLM\..\RunOnce: [sysbg32.exe] C:\WINDOWS\sysbg32.exe
O4 - HKLM\..\RunOnce: [ntkk32.exe] C:\WINDOWS\system32\ntkk32.exe
O4 - HKLM\..\RunOnce: [netug.exe] C:\WINDOWS\system32\netug.exe
O4 - HKLM\..\RunOnce: [d3cc.exe] C:\WINDOWS\system32\d3cc.exe
O4 - HKLM\..\RunOnce: [ipyi32.exe] C:\WINDOWS\ipyi32.exe
O4 - HKLM\..\RunOnce: [winkl32.exe] C:\WINDOWS\winkl32.exe
O4 - HKLM\..\RunOnce: [javapf.exe] C:\WINDOWS\javapf.exe
O4 - HKLM\..\RunOnce: [mfcul32.exe] C:\WINDOWS\system32\mfcul32.exe
O4 - HKLM\..\RunOnce: [ntbp32.exe] C:\WINDOWS\system32\ntbp32.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMSERVICE_1051.dll,InstantAccess
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.mairie-saintnazaire.fr/wfplayer/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1050_pack_XP.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Propriétaire\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/112a62793e5a97027019/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) - http://fr4-download.nocreditcardgay.com/download/Object/DialerHTML/DHTMLAccessXP1043.cab
O16 - DPF: {D7B59209-0ED9-4986-BD4A-527BE836C6B2} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1051_XP.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR_XP.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä #•ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apisu.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe


D'avance, Bravo à ceux qui comprennent, et merci à ceux qui me répondront (qui j'espère, seront les mêmes !).
A voir également:

84 réponses

Précédent
Réponse 21 / 84
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
9 juil. 2005 à 20:05
lol je te dit pas le nettoyage a la main d un nombre incertain de dll
au secours lol
0
Réponse 22 / 84
Utilisateur anonyme
9 juil. 2005 à 20:10
le pauvre, j espere qu il galere pas, sinon n hesite pas a demander pascal
(j avais pas vu que tu avais mis une demarche au dessu , y en a un paquet a virer lol <---- il doit en avoir marre)

a bientot pascal et gerard ^^ <---hip hip hip hourra !!!! Balltrap l AS des AS !
0
Réponse 23 / 84
Pascal-33-37 Messages postés 112 Date d'inscription jeudi 7 juillet 2005 Statut Membre Dernière intervention 3 avril 2008
9 juil. 2005 à 22:04
Epuisé par cet interminable combat (...j'y suis depuis des heures, même pas mangé !!!).

Bon... au rapport !!! :

Niveau iexplore.exe, malheureusement aucune amélioration !!! En faisant un scan avec a-squared, je tombe toujours sur les même trojans et consort dans ce fichier. Pas mal d’autres problèmes semblent par contre avoir disparu.

En faisant tourné Spybot, je tombe toujours sur un Downloadware (et non pas downloadware.exe comme j'avais dit plus haut) impossible à effacer !!!

A part ça, j'ai fait tourné "microsoft antispyware" après ad-aware, et ça à trouvé des cochonneries que ce dernier n'avait pas détecté. Ce logiciel que j'avais chargé en désespoir de cause m'a l'air assez intéressant (peut-être certains ont-ils un avis ou un conseil à donner là-dessus).

Pour le reste, mon ordi semble tout de même beaucoup mieux fonctionner après ces longues manips, seul l’exploration d’internet reste totalement vérolé.
0
Réponse 24 / 84
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
9 juil. 2005 à 22:06
refait un hijack tu nas toujours pas put mettre a jour aboutbuster
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 84
Pascal-33-37 Messages postés 112 Date d'inscription jeudi 7 juillet 2005 Statut Membre Dernière intervention 3 avril 2008
10 juil. 2005 à 12:06
Continuons le combat...


Petit "hijack" pour voir où j'en suis...


Logfile of HijackThis v1.99.1
Scan saved at 12:02:40, on 10/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ipkk.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\sysss.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\addtj.exe
C:\WINDOWS\system32\addfy32.exe
C:\WINDOWS\javacp.exe
C:\WINDOWS\system32\msgz.exe
C:\WINDOWS\system32\ntqk.exe
C:\WINDOWS\system32\apibg32.exe
C:\WINDOWS\system32\javaol.exe
C:\WINDOWS\appzb.exe
C:\WINDOWS\appsh32.exe
C:\WINDOWS\system32\wingi32.exe
C:\WINDOWS\atlzi.exe
C:\WINDOWS\system32\iewt.exe
C:\WINDOWS\msii.exe
C:\WINDOWS\system32\addvj.exe
C:\WINDOWS\system32\mfcqt.exe
C:\WINDOWS\appou32.exe
C:\WINDOWS\system32\mfcco.exe
C:\WINDOWS\system32\mfcoi.exe
C:\WINDOWS\ipwc.exe
C:\WINDOWS\ipwc.exe
C:\WINDOWS\system32\javasl.exe
C:\WINDOWS\system32\javasl.exe
C:\WINDOWS\ipwc.exe
C:\WINDOWS\netpm32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\sysfg.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.free.fr:3128;ftp=proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {D21A00C4-F99D-2284-C1F1-4E3683ECFEDA} - C:\WINDOWS\system32\ipaq32.dll
O2 - BHO: Class - {F6EA6551-340F-5201-2756-CC23A6CAF416} - C:\WINDOWS\system32\mfcwm32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [javaln.exe] C:\WINDOWS\javaln.exe
O4 - HKLM\..\Run: [systz.exe] C:\WINDOWS\system32\systz.exe
O4 - HKLM\..\Run: [winri.exe] C:\WINDOWS\winri.exe
O4 - HKLM\..\Run: [ipkk.exe] C:\WINDOWS\system32\ipkk.exe
O4 - HKLM\..\RunOnce: [addtj.exe] C:\WINDOWS\addtj.exe
O4 - HKLM\..\RunOnce: [appzn.exe] C:\WINDOWS\system32\appzn.exe
O4 - HKLM\..\RunOnce: [winng32.exe] C:\WINDOWS\winng32.exe
O4 - HKLM\..\RunOnce: [iepp.exe] C:\WINDOWS\iepp.exe
O4 - HKLM\..\RunOnce: [mfcoi.exe] C:\WINDOWS\system32\mfcoi.exe
O4 - HKLM\..\RunOnce: [atlej.exe] C:\WINDOWS\system32\atlej.exe
O4 - HKLM\..\RunOnce: [iewt.exe] C:\WINDOWS\system32\iewt.exe
O4 - HKLM\..\RunOnce: [javami.exe] C:\WINDOWS\system32\javami.exe
O4 - HKLM\..\RunOnce: [atlpd.exe] C:\WINDOWS\atlpd.exe
O4 - HKLM\..\RunOnce: [syslj.exe] C:\WINDOWS\syslj.exe
O4 - HKLM\..\RunOnce: [appou32.exe] C:\WINDOWS\appou32.exe
O4 - HKLM\..\RunOnce: [mfcgq32.exe] C:\WINDOWS\mfcgq32.exe
O4 - HKLM\..\RunOnce: [apioy32.exe] C:\WINDOWS\apioy32.exe
O4 - HKLM\..\RunOnce: [atlzi.exe] C:\WINDOWS\atlzi.exe
O4 - HKLM\..\RunOnce: [crye32.exe] C:\WINDOWS\crye32.exe
O4 - HKLM\..\RunOnce: [ipnq32.exe] C:\WINDOWS\system32\ipnq32.exe
O4 - HKLM\..\RunOnce: [addvj.exe] C:\WINDOWS\system32\addvj.exe
O4 - HKLM\..\RunOnce: [netew32.exe] C:\WINDOWS\system32\netew32.exe
O4 - HKLM\..\RunOnce: [craq.exe] C:\WINDOWS\craq.exe
O4 - HKLM\..\RunOnce: [atlsk.exe] C:\WINDOWS\atlsk.exe
O4 - HKLM\..\RunOnce: [appqd32.exe] C:\WINDOWS\appqd32.exe
O4 - HKLM\..\RunOnce: [addfy32.exe] C:\WINDOWS\system32\addfy32.exe
O4 - HKLM\..\RunOnce: [msnc32.exe] C:\WINDOWS\msnc32.exe
O4 - HKLM\..\RunOnce: [msgz.exe] C:\WINDOWS\system32\msgz.exe
O4 - HKLM\..\RunOnce: [ipxz.exe] C:\WINDOWS\system32\ipxz.exe
O4 - HKLM\..\RunOnce: [javand.exe] C:\WINDOWS\javand.exe
O4 - HKLM\..\RunOnce: [apibg32.exe] C:\WINDOWS\system32\apibg32.exe
O4 - HKLM\..\RunOnce: [javajs.exe] C:\WINDOWS\system32\javajs.exe
O4 - HKLM\..\RunOnce: [ipbj.exe] C:\WINDOWS\ipbj.exe
O4 - HKLM\..\RunOnce: [appgl32.exe] C:\WINDOWS\system32\appgl32.exe
O4 - HKLM\..\RunOnce: [javalw32.exe] C:\WINDOWS\javalw32.exe
O4 - HKLM\..\RunOnce: [nthg32.exe] C:\WINDOWS\nthg32.exe
O4 - HKLM\..\RunOnce: [addee.exe] C:\WINDOWS\system32\addee.exe
O4 - HKLM\..\RunOnce: [systl.exe] C:\WINDOWS\systl.exe
O4 - HKLM\..\RunOnce: [mspv.exe] C:\WINDOWS\mspv.exe
O4 - HKLM\..\RunOnce: [netai.exe] C:\WINDOWS\netai.exe
O4 - HKLM\..\RunOnce: [javaol.exe] C:\WINDOWS\system32\javaol.exe
O4 - HKLM\..\RunOnce: [mfcdk32.exe] C:\WINDOWS\mfcdk32.exe
O4 - HKLM\..\RunOnce: [wingi32.exe] C:\WINDOWS\system32\wingi32.exe
O4 - HKLM\..\RunOnce: [crlm32.exe] C:\WINDOWS\system32\crlm32.exe
O4 - HKLM\..\RunOnce: [windi.exe] C:\WINDOWS\windi.exe
O4 - HKLM\..\RunOnce: [iebu.exe] C:\WINDOWS\system32\iebu.exe
O4 - HKLM\..\RunOnce: [appzb.exe] C:\WINDOWS\appzb.exe
O4 - HKLM\..\RunOnce: [crqb.exe] C:\WINDOWS\crqb.exe
O4 - HKLM\..\RunOnce: [javauk32.exe] C:\WINDOWS\javauk32.exe
O4 - HKLM\..\RunOnce: [msii.exe] C:\WINDOWS\msii.exe
O4 - HKLM\..\RunOnce: [ipok32.exe] C:\WINDOWS\ipok32.exe
O4 - HKLM\..\RunOnce: [appsh32.exe] C:\WINDOWS\appsh32.exe
O4 - HKLM\..\RunOnce: [msjw.exe] C:\WINDOWS\msjw.exe
O4 - HKLM\..\RunOnce: [d3vb32.exe] C:\WINDOWS\d3vb32.exe
O4 - HKLM\..\RunOnce: [javazd32.exe] C:\WINDOWS\javazd32.exe
O4 - HKLM\..\RunOnce: [addgg.exe] C:\WINDOWS\system32\addgg.exe
O4 - HKLM\..\RunOnce: [netpt.exe] C:\WINDOWS\system32\netpt.exe
O4 - HKLM\..\RunOnce: [mfcqt.exe] C:\WINDOWS\system32\mfcqt.exe
O4 - HKLM\..\RunOnce: [winqe.exe] C:\WINDOWS\winqe.exe
O4 - HKLM\..\RunOnce: [ntqk.exe] C:\WINDOWS\system32\ntqk.exe
O4 - HKLM\..\RunOnce: [atltc32.exe] C:\WINDOWS\system32\atltc32.exe
O4 - HKLM\..\RunOnce: [sysss.exe] C:\WINDOWS\sysss.exe
O4 - HKLM\..\RunOnce: [mfcco.exe] C:\WINDOWS\system32\mfcco.exe
O4 - HKLM\..\RunOnce: [d3an32.exe] C:\WINDOWS\system32\d3an32.exe
O4 - HKLM\..\RunOnce: [mshn32.exe] C:\WINDOWS\mshn32.exe
O4 - HKLM\..\RunOnce: [atlmc32.exe] C:\WINDOWS\atlmc32.exe
O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\addyk32.exe
O4 - HKLM\..\RunOnce: [javacp.exe] C:\WINDOWS\javacp.exe
O4 - HKLM\..\RunOnce: [addeh.exe] C:\WINDOWS\addeh.exe
O4 - HKLM\..\RunOnce: [msgb.exe] C:\WINDOWS\system32\msgb.exe
O4 - HKLM\..\RunOnce: [crbp.exe] C:\WINDOWS\system32\crbp.exe
O4 - HKLM\..\RunOnce: [javaqs.exe] C:\WINDOWS\javaqs.exe
O4 - HKLM\..\RunOnce: [ipxe32.exe] C:\WINDOWS\system32\ipxe32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syssf32.exe] C:\WINDOWS\syssf32.exe
O4 - HKLM\..\RunOnce: [sdkni32.exe] C:\WINDOWS\system32\sdkni32.exe
O4 - HKLM\..\RunOnce: [windv32.exe] C:\WINDOWS\windv32.exe
O4 - HKLM\..\RunOnce: [nttb.exe] C:\WINDOWS\system32\nttb.exe
O4 - HKLM\..\RunOnce: [appqk.exe] C:\WINDOWS\appqk.exe
O4 - HKLM\..\RunOnce: [javaiz32.exe] C:\WINDOWS\javaiz32.exe
O4 - HKLM\..\RunOnce: [sdkmb.exe] C:\WINDOWS\sdkmb.exe
O4 - HKLM\..\RunOnce: [atlus32.exe] C:\WINDOWS\atlus32.exe
O4 - HKLM\..\RunOnce: [msdc.exe] C:\WINDOWS\system32\msdc.exe
O4 - HKLM\..\RunOnce: [d3lz.exe] C:\WINDOWS\system32\d3lz.exe
O4 - HKLM\..\RunOnce: [d3om32.exe] C:\WINDOWS\system32\d3om32.exe
O4 - HKLM\..\RunOnce: [atlew32.exe] C:\WINDOWS\atlew32.exe
O4 - HKLM\..\RunOnce: [winas32.exe] C:\WINDOWS\system32\winas32.exe
O4 - HKLM\..\RunOnce: [javaae.exe] C:\WINDOWS\system32\javaae.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.mairie-saintnazaire.fr/wfplayer/tdserver.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addtj.exe" /s (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe


...
0
Réponse 26 / 84
Utilisateur anonyme
10 juil. 2005 à 12:49
salut,
dis moi a² te detecte quelque chose?

a+
0
Réponse 27 / 84
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
10 juil. 2005 à 12:51
bon tu ne dit pas si tu as put utiliser about buster
je te donne cette version elle est a jour
http://pageperso.aol.fr/balltrap34/AboutBuster.exe

recommence toutes la procedure
0
Réponse 28 / 84
Pascal-33-37 Messages postés 112 Date d'inscription jeudi 7 juillet 2005 Statut Membre Dernière intervention 3 avril 2008
10 juil. 2005 à 13:42
J'arrive à utiliser about:buster, mais pas toujours du premier coup.

Pour le reste, voici ce que le scan de a-squared me renvoie comme détail de l'infection trouvée sur iexplore.exe :


Iexplore Services / iexplore.exe / Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

System Configuration / iexplore.exe / Added by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

Internet Explorer / IEXPLORE.EXE / Added by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

Program in Windows / iexplore.exe / Added by a variant of the LOVGATE WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

OPTIMIZER / iexplore.exe / Added by the EVIVINC TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

$WindowsRegKey%update / IEXPLORE.EXE / Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

IEXPLORE / iexplore.exe / Added by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

Slide / Iexplore.exe / Added by the GASLIDE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

Java Runtimes / iexplore.exe / Added by the KILLAV.B TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!


Microsoft IE / Iexplore.exe / Added by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

Microsoft Internet Explorer / iexplore.exe / Added by the POEBOT-J WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

Explorer Updater / IEXPLORE.exe / Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!

Iexplore / iexplore.exe / Added by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!
0
Réponse 29 / 84
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
10 juil. 2005 à 16:06
refait un nouvel hijack ont te mettra la nouvelle manip a fair entierement et dans l ordre
0
Réponse 30 / 84
Pascal-33-37 Messages postés 112 Date d'inscription jeudi 7 juillet 2005 Statut Membre Dernière intervention 3 avril 2008
10 juil. 2005 à 18:21
Ok, dernier Hijack en date...

---------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:15:52, on 10/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\javaln.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.free.fr:3128;ftp=proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {13AF610F-11F9-1AF3-779B-C19B937033C0} - C:\WINDOWS\appfw.dll
O2 - BHO: Class - {150CED05-2D5F-EDB3-4566-BFE13A15F24A} - C:\WINDOWS\addsl.dll
O2 - BHO: Class - {18C2B1ED-7635-92A8-5DB5-E71520573650} - C:\WINDOWS\d3ky32.dll
O2 - BHO: Class - {2594D338-824C-6462-C8D1-B3F1F3AF312D} - C:\WINDOWS\system32\ipps32.dll
O2 - BHO: Class - {27C69AB9-7058-A173-08CD-4881744A47E8} - C:\WINDOWS\system32\netlh.dll
O2 - BHO: Class - {28A5E86A-BEB3-2A6B-44A8-08239C13BA8E} - C:\WINDOWS\netjy.dll
O2 - BHO: Class - {2E060147-D980-CDD2-64D5-AD18C7E395DE} - C:\WINDOWS\mfchj32.dll
O2 - BHO: Class - {433C7071-2FBD-32B1-026E-7B1AF33C122A} - C:\WINDOWS\system32\javabp.dll
O2 - BHO: Class - {4990967D-A77F-78C6-04CB-7D9FC81AF19C} - C:\WINDOWS\system32\mfcfh32.dll
O2 - BHO: Class - {4D7AC8D0-B7DA-54F3-5D1F-FECFC9AC592E} - C:\WINDOWS\sysul.dll
O2 - BHO: Class - {4FBA7282-EDEE-36A3-D552-74FA9B7E58C7} - C:\WINDOWS\javazf32.dll
O2 - BHO: Class - {5AF31457-2CF3-3FC6-66B1-9712121F763D} - C:\WINDOWS\system32\apitc32.dll
O2 - BHO: Class - {62883FE9-57A7-4A38-F908-7FA3F3C59429} - C:\WINDOWS\system32\javanz.dll
O2 - BHO: Class - {646D843D-7CDF-78F8-2D9D-391E871C2089} - C:\WINDOWS\ipnj.dll
O2 - BHO: Class - {6B2B1D4A-827F-5433-DF52-88CA090883DD} - C:\WINDOWS\system32\d3gf32.dll
O2 - BHO: Class - {8002B6F0-0D81-F712-A8F6-D0072EF4DAA2} - C:\WINDOWS\apivd32.dll
O2 - BHO: Class - {871DF81E-AF47-62AD-B624-F9791F484A5D} - C:\WINDOWS\msoj.dll
O2 - BHO: Class - {88260434-8547-32F0-C3AF-72B7C69C143F} - C:\WINDOWS\system32\syswm.dll
O2 - BHO: Class - {894BD570-B4A2-85DB-D1B7-4D7DD80E9927} - C:\WINDOWS\apirs32.dll
O2 - BHO: Class - {9254F668-D36B-CADD-7F24-278697DD83EA} - C:\WINDOWS\system32\winch32.dll
O2 - BHO: Class - {926F8F49-E185-44FD-C147-41DE91F3DD33} - C:\WINDOWS\crwd32.dll
O2 - BHO: Class - {93464980-E36A-6033-9ACA-5AB545A0FFA2} - C:\WINDOWS\mfcds.dll
O2 - BHO: Class - {9909396E-A25C-7E2A-352D-32FB283C4EEB} - C:\WINDOWS\javadq.dll
O2 - BHO: Class - {A25979EE-BE35-5458-D774-3F3F6BCC6BD3} - C:\WINDOWS\system32\apixn.dll
O2 - BHO: Class - {A3ADFA24-B6C7-2903-DCA0-B839562EC0DC} - C:\WINDOWS\crsk.dll
O2 - BHO: Class - {A8955C5E-7D09-18F5-1D0E-99FB9B61BC16} - C:\WINDOWS\system32\addqb32.dll
O2 - BHO: Class - {A96C5AC5-3757-499C-81C5-9CE344BBEFEC} - C:\WINDOWS\ipbd32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {AEE963C3-B79E-B7F1-4CBF-657FECF4CE92} - C:\WINDOWS\system32\apphf.dll
O2 - BHO: Class - {B1C06315-99CB-109E-436B-FB8F3258519B} - C:\WINDOWS\system32\cruu32.dll
O2 - BHO: Class - {B764800B-F1F8-8788-4C16-55E92C3AB819} - C:\WINDOWS\system32\addcm.dll
O2 - BHO: Class - {B849DA45-86A4-E0DA-DD53-02A7363DFCC4} - C:\WINDOWS\winmq32.dll
O2 - BHO: Class - {BDA74CC6-38A7-086D-02AC-3E704D602E43} - C:\WINDOWS\system32\d3io32.dll
O2 - BHO: Class - {BF04EC21-B4D7-E397-C0E8-1F5F00D064D8} - C:\WINDOWS\system32\msmz.dll
O2 - BHO: Class - {C2FA80DA-98A5-92AA-61BD-3EDED8569F27} - C:\WINDOWS\sysyw.dll
O2 - BHO: Class - {D017A1A4-51FE-686D-883E-896573BFFC91} - C:\WINDOWS\system32\atlbj.dll
O2 - BHO: Class - {D824B254-597D-9A93-F4CB-A00EA3F77B89} - C:\WINDOWS\netzo.dll
O2 - BHO: Class - {E7A8D32E-66F3-8478-4596-9CD041EAC392} - C:\WINDOWS\crpj.dll
O2 - BHO: Class - {EC3AD07F-3DBE-C7B3-AD29-010A94FC8B05} - C:\WINDOWS\system32\addoa32.dll
O2 - BHO: Class - {FA168010-C6D6-4D24-E877-91477B61A199} - C:\WINDOWS\winaf32.dll
O2 - BHO: Class - {FA224A3B-80E3-FC4E-47BB-C7027C3BE4E9} - C:\WINDOWS\system32\javawa32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [javaln.exe] C:\WINDOWS\javaln.exe
O4 - HKLM\..\Run: [systz.exe] C:\WINDOWS\system32\systz.exe
O4 - HKLM\..\Run: [winri.exe] C:\WINDOWS\winri.exe
O4 - HKLM\..\Run: [ipkk.exe] C:\WINDOWS\system32\ipkk.exe
O4 - HKLM\..\RunOnce: [addtj.exe] C:\WINDOWS\addtj.exe
O4 - HKLM\..\RunOnce: [appzn.exe] C:\WINDOWS\system32\appzn.exe
O4 - HKLM\..\RunOnce: [winng32.exe] C:\WINDOWS\winng32.exe
O4 - HKLM\..\RunOnce: [iepp.exe] C:\WINDOWS\iepp.exe
O4 - HKLM\..\RunOnce: [mfcoi.exe] C:\WINDOWS\system32\mfcoi.exe
O4 - HKLM\..\RunOnce: [atlej.exe] C:\WINDOWS\system32\atlej.exe
O4 - HKLM\..\RunOnce: [atlpd.exe] C:\WINDOWS\atlpd.exe
O4 - HKLM\..\RunOnce: [syslj.exe] C:\WINDOWS\syslj.exe
O4 - HKLM\..\RunOnce: [mfcgq32.exe] C:\WINDOWS\mfcgq32.exe
O4 - HKLM\..\RunOnce: [crye32.exe] C:\WINDOWS\crye32.exe
O4 - HKLM\..\RunOnce: [ipnq32.exe] C:\WINDOWS\system32\ipnq32.exe
O4 - HKLM\..\RunOnce: [addvj.exe] C:\WINDOWS\system32\addvj.exe
O4 - HKLM\..\RunOnce: [netew32.exe] C:\WINDOWS\system32\netew32.exe
O4 - HKLM\..\RunOnce: [craq.exe] C:\WINDOWS\craq.exe
O4 - HKLM\..\RunOnce: [atlsk.exe] C:\WINDOWS\atlsk.exe
O4 - HKLM\..\RunOnce: [addfy32.exe] C:\WINDOWS\system32\addfy32.exe
O4 - HKLM\..\RunOnce: [msnc32.exe] C:\WINDOWS\msnc32.exe
O4 - HKLM\..\RunOnce: [msgz.exe] C:\WINDOWS\system32\msgz.exe
O4 - HKLM\..\RunOnce: [javand.exe] C:\WINDOWS\javand.exe
O4 - HKLM\..\RunOnce: [javajs.exe] C:\WINDOWS\system32\javajs.exe
O4 - HKLM\..\RunOnce: [ipbj.exe] C:\WINDOWS\ipbj.exe
O4 - HKLM\..\RunOnce: [appgl32.exe] C:\WINDOWS\system32\appgl32.exe
O4 - HKLM\..\RunOnce: [nthg32.exe] C:\WINDOWS\nthg32.exe
O4 - HKLM\..\RunOnce: [addee.exe] C:\WINDOWS\system32\addee.exe
O4 - HKLM\..\RunOnce: [systl.exe] C:\WINDOWS\systl.exe
O4 - HKLM\..\RunOnce: [mspv.exe] C:\WINDOWS\mspv.exe
O4 - HKLM\..\RunOnce: [javaol.exe] C:\WINDOWS\system32\javaol.exe
O4 - HKLM\..\RunOnce: [mfcdk32.exe] C:\WINDOWS\mfcdk32.exe
O4 - HKLM\..\RunOnce: [wingi32.exe] C:\WINDOWS\system32\wingi32.exe
O4 - HKLM\..\RunOnce: [crlm32.exe] C:\WINDOWS\system32\crlm32.exe
O4 - HKLM\..\RunOnce: [windi.exe] C:\WINDOWS\windi.exe
O4 - HKLM\..\RunOnce: [iebu.exe] C:\WINDOWS\system32\iebu.exe
O4 - HKLM\..\RunOnce: [appzb.exe] C:\WINDOWS\appzb.exe
O4 - HKLM\..\RunOnce: [javauk32.exe] C:\WINDOWS\javauk32.exe
O4 - HKLM\..\RunOnce: [msii.exe] C:\WINDOWS\msii.exe
O4 - HKLM\..\RunOnce: [ipok32.exe] C:\WINDOWS\ipok32.exe
O4 - HKLM\..\RunOnce: [msjw.exe] C:\WINDOWS\msjw.exe
O4 - HKLM\..\RunOnce: [javazd32.exe] C:\WINDOWS\javazd32.exe
O4 - HKLM\..\RunOnce: [addgg.exe] C:\WINDOWS\system32\addgg.exe
O4 - HKLM\..\RunOnce: [netpt.exe] C:\WINDOWS\system32\netpt.exe
O4 - HKLM\..\RunOnce: [winqe.exe] C:\WINDOWS\winqe.exe
O4 - HKLM\..\RunOnce: [ntqk.exe] C:\WINDOWS\system32\ntqk.exe
O4 - HKLM\..\RunOnce: [atltc32.exe] C:\WINDOWS\system32\atltc32.exe
O4 - HKLM\..\RunOnce: [sysss.exe] C:\WINDOWS\sysss.exe
O4 - HKLM\..\RunOnce: [mfcco.exe] C:\WINDOWS\system32\mfcco.exe
O4 - HKLM\..\RunOnce: [mshn32.exe] C:\WINDOWS\mshn32.exe
O4 - HKLM\..\RunOnce: [atlmc32.exe] C:\WINDOWS\atlmc32.exe
O4 - HKLM\..\RunOnce: [javacp.exe] C:\WINDOWS\javacp.exe
O4 - HKLM\..\RunOnce: [addeh.exe] C:\WINDOWS\addeh.exe
O4 - HKLM\..\RunOnce: [crbp.exe] C:\WINDOWS\system32\crbp.exe
O4 - HKLM\..\RunOnce: [javaqs.exe] C:\WINDOWS\javaqs.exe
O4 - HKLM\..\RunOnce: [ipxe32.exe] C:\WINDOWS\system32\ipxe32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [sdkni32.exe] C:\WINDOWS\system32\sdkni32.exe
O4 - HKLM\..\RunOnce: [windv32.exe] C:\WINDOWS\windv32.exe
O4 - HKLM\..\RunOnce: [appqk.exe] C:\WINDOWS\appqk.exe
O4 - HKLM\..\RunOnce: [sdkmb.exe] C:\WINDOWS\sdkmb.exe
O4 - HKLM\..\RunOnce: [atlus32.exe] C:\WINDOWS\atlus32.exe
O4 - HKLM\..\RunOnce: [msdc.exe] C:\WINDOWS\system32\msdc.exe
O4 - HKLM\..\RunOnce: [d3lz.exe] C:\WINDOWS\system32\d3lz.exe
O4 - HKLM\..\RunOnce: [atlew32.exe] C:\WINDOWS\atlew32.exe
O4 - HKLM\..\RunOnce: [winas32.exe] C:\WINDOWS\system32\winas32.exe
O4 - HKLM\..\RunOnce: [netyv32.exe] C:\WINDOWS\system32\netyv32.exe
O4 - HKLM\..\RunOnce: [sdkld.exe] C:\WINDOWS\system32\sdkld.exe
O4 - HKLM\..\RunOnce: [addhs32.exe] C:\WINDOWS\addhs32.exe
O4 - HKLM\..\RunOnce: [applf.exe] C:\WINDOWS\system32\applf.exe
O4 - HKLM\..\RunOnce: [addpu.exe] C:\WINDOWS\addpu.exe
O4 - HKLM\..\RunOnce: [ieix32.exe] C:\WINDOWS\ieix32.exe
O4 - HKLM\..\RunOnce: [netaz32.exe] C:\WINDOWS\system32\netaz32.exe
O4 - HKLM\..\RunOnce: [atlfg.exe] C:\WINDOWS\system32\atlfg.exe
O4 - HKLM\..\RunOnce: [ntqn32.exe] C:\WINDOWS\ntqn32.exe
O4 - HKLM\..\RunOnce: [iewo.exe] C:\WINDOWS\system32\iewo.exe
O4 - HKLM\..\RunOnce: [msfk.exe] C:\WINDOWS\msfk.exe
O4 - HKLM\..\RunOnce: [addqt32.exe] C:\WINDOWS\system32\addqt32.exe
O4 - HKLM\..\RunOnce: [ntvg32.exe] C:\WINDOWS\ntvg32.exe
O4 - HKLM\..\RunOnce: [atljo.exe] C:\WINDOWS\atljo.exe
O4 - HKLM\..\RunOnce: [syscl32.exe] C:\WINDOWS\system32\syscl32.exe
O4 - HKLM\..\RunOnce: [sysoy.exe] C:\WINDOWS\system32\sysoy.exe
O4 - HKLM\..\RunOnce: [sdkjv32.exe] C:\WINDOWS\system32\sdkjv32.exe
O4 - HKLM\..\RunOnce: [javafv32.exe] C:\WINDOWS\system32\javafv32.exe
O4 - HKLM\..\RunOnce: [winkl.exe] C:\WINDOWS\system32\winkl.exe
O4 - HKLM\..\RunOnce: [ipmz.exe] C:\WINDOWS\ipmz.exe
O4 - HKLM\..\RunOnce: [ipej32.exe] C:\WINDOWS\ipej32.exe
O4 - HKLM\..\RunOnce: [msqx32.exe] C:\WINDOWS\msqx32.exe
O4 - HKLM\..\RunOnce: [sysfx32.exe] C:\WINDOWS\sysfx32.exe
O4 - HKLM\..\RunOnce: [sdkwp32.exe] C:\WINDOWS\system32\sdkwp32.exe
O4 - HKLM\..\RunOnce: [javaqy32.exe] C:\WINDOWS\javaqy32.exe
O4 - HKLM\..\RunOnce: [appij32.exe] C:\WINDOWS\system32\appij32.exe
O4 - HKLM\..\RunOnce: [syspa.exe] C:\WINDOWS\syspa.exe
O4 - HKLM\..\RunOnce: [ieai.exe] C:\WINDOWS\system32\ieai.exe
O4 - HKLM\..\RunOnce: [atlfk.exe] C:\WINDOWS\atlfk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.mairie-saintnazaire.fr/wfplayer/tdserver.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addtj.exe" /s (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

----------------------
0
Réponse 31 / 84
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
10 juil. 2005 à 18:29
Téléchargez le RKFILES.ZIP d'ici :
http://skads.org/special/rkfiles.zip

Créez un nouveau dossier appelé c:RKFiles
Extrayez le contenu de RKFILES.ZIP dans ce nouveau dossier RKFILES.

Alors,

Redémarrez dans Mode sans echec

Ouvrez C:RKFiles dossier
double-cliquer RKFILES.BAT
attend qu il est fini
il vas crer un rapport donne moi le

Notez : Il devrait sauvegarder par défaut à C:\Log.txt
* Trouver ce journal, cliquez avec le bouton droit et renommez-le RKFiles_log.txt donc vous pouvez le poster.
0
Réponse 32 / 84
Pascal-33-37 Messages postés 112 Date d'inscription jeudi 7 juillet 2005 Statut Membre Dernière intervention 3 avril 2008
10 juil. 2005 à 21:35
Petit problème...


J'ai fais plusieurs fois cette procédure. A chaque fois, j'obtiens une fenêtre ou le texte suivant apparait :

1 fichier(s) copié(s).
Le chemin d'accès spécifié est introuvable.
0 fichier(s) copié(s).
1 fichier(s) copié(s).
Please wait until this Dos windows closes... post the content sof Log.tx
Cheking system folder...


Un fichier Log.txt est alors crée aussitot et ne contient que C:\RKFiles comme texte (antant dire... vide !)

....?
0
Réponse 33 / 84
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
10 juil. 2005 à 23:04
le fichier C:\RKFiles renomme le en renommez-le RKFiles_log.txt
0
Pascal-33-37 Messages postés 112 Date d'inscription jeudi 7 juillet 2005 Statut Membre Dernière intervention 3 avril 2008
11 juil. 2005 à 11:24
Est-ce le fichier portant le nom de Log.txt que je dois renommer en RKFiles_log.txt, ou le texte C:/RKFiles contenu dans ce fichier ?
0
Réponse 34 / 84
Pascal-33-37 Messages postés 112 Date d'inscription jeudi 7 juillet 2005 Statut Membre Dernière intervention 3 avril 2008
11 juil. 2005 à 11:15
3 heures pour faire tourner mon armada d'antivirus et antispyware ! Ca résout pas tout, mais ça soulage quand même un peu !!!


Sinon, juste une petite précision :

Est-ce le fichier portant le nom de Log.txt que je dois renommer en RKFiles_log.txt, ou le texte C:/RKFiles contenu dans ce fichier ?
0
Réponse 35 / 84
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
11 juil. 2005 à 22:00
laisse tomber fait ceci
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 1
attend il vas faire un rapport fait un copier coller de celui ci
ne fait surtout rien d autres
0
Réponse 36 / 84
pascal-33-37
11 juil. 2005 à 22:55
Ouff !! impressionnant le fichier !!!

En tout cas, ça a marché


L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"FREE"="IEAK"
"SV1"=""
"i-NavFourF"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{CE000992-A58C-4441-8938-744CD72AB27F}"="i-Nav IDN Resolver"
"{CE000994-A58C-4441-8938-744CD72AB27F}"="i-Nav IDN SearchHook"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
addao32.dll Mon 20 Jun 2005 9:22:40 ..... 87 732 85,68 K
addax.dll Sat 18 Jun 2005 12:45:10 ..... 87 732 85,68 K
addbs32.dll Thu 30 Jun 2005 12:20:18 ..... 87 732 85,68 K
addcm.dll Sat 11 Jun 2005 1:48:42 ..... 87 732 85,68 K
adddy32.dll Sun 19 Jun 2005 7:07:46 ..... 87 732 85,68 K
addii.dll Thu 30 Jun 2005 14:20:10 A.... 0 0,00 K
addlb32.dll Wed 15 Jun 2005 15:51:18 ..... 87 732 85,68 K
addoa32.dll Tue 28 Jun 2005 2:47:26 ..... 87 732 85,68 K
addpj32.dll Sun 3 Jul 2005 4:20:46 ..... 87 732 85,68 K
addqb32.dll Mon 13 Jun 2005 6:18:28 ..... 87 732 85,68 K
addrv32.dll Mon 20 Jun 2005 14:50:48 A.... 0 0,00 K
addsg.dll Sun 12 Jun 2005 10:03:06 A.... 0 0,00 K
addvj.dll Sat 9 Jul 2005 21:42:14 ..... 87 732 85,68 K
apibb32.dll Sun 3 Jul 2005 19:01:58 ..... 87 732 85,68 K
apibw32.dll Sun 19 Jun 2005 5:02:02 ..... 87 732 85,68 K
apidc32.dll Sat 2 Jul 2005 16:47:06 ..... 87 732 85,68 K
apidj32.dll Wed 6 Jul 2005 12:53:18 ..... 87 732 85,68 K
apifq.dll Tue 28 Jun 2005 5:09:58 ..... 87 732 85,68 K
apihc32.dll Mon 20 Jun 2005 14:09:28 ..... 87 732 85,68 K
apihx32.dll Fri 24 Jun 2005 18:21:52 ..... 87 732 85,68 K
apijw32.dll Mon 20 Jun 2005 21:26:30 ..... 87 732 85,68 K
apime32.dll Sun 26 Jun 2005 23:37:16 A.... 0 0,00 K
apimq.dll Wed 6 Jul 2005 0:47:34 A.... 0 0,00 K
apimv.dll Sat 18 Jun 2005 4:02:38 ..... 87 732 85,68 K
apinf32.dll Sat 2 Jul 2005 1:38:34 ..... 87 732 85,68 K
apioe.dll Sun 3 Jul 2005 3:23:20 ..... 87 732 85,68 K
apipy.dll Sun 10 Jul 2005 13:27:14 ..... 87 732 85,68 K
apirb32.dll Sun 26 Jun 2005 0:40:14 ..... 87 732 85,68 K
apiss.dll Sun 26 Jun 2005 3:51:16 ..... 87 732 85,68 K
apitc32.dll Tue 5 Jul 2005 22:34:46 ..... 87 732 85,68 K
apiti32.dll Fri 8 Jul 2005 15:27:42 ..... 87 732 85,68 K
apivr.dll Sat 25 Jun 2005 6:32:28 ..... 87 732 85,68 K
apivy32.dll Thu 7 Jul 2005 1:14:06 A.... 0 0,00 K
apixn.dll Sun 19 Jun 2005 23:50:54 ..... 87 732 85,68 K
apixr.dll Thu 16 Jun 2005 6:11:36 A.... 0 0,00 K
appcr32.dll Wed 29 Jun 2005 4:55:54 ..... 87 732 85,68 K
appdu32.dll Fri 8 Jul 2005 9:10:06 ..... 87 732 85,68 K
appgk32.dll Sat 18 Jun 2005 3:02:46 ..... 87 732 85,68 K
appgq.dll Sat 18 Jun 2005 18:27:26 ..... 87 732 85,68 K
apphf.dll Fri 24 Jun 2005 23:01:40 ..... 87 732 85,68 K
appjq32.dll Fri 1 Jul 2005 4:45:06 ..... 87 732 85,68 K
appkv32.dll Sat 2 Jul 2005 0:08:34 ..... 87 732 85,68 K
appmi.dll Sat 2 Jul 2005 9:58:10 ..... 87 732 85,68 K
appmp.dll Sun 3 Jul 2005 9:15:32 ..... 87 732 85,68 K
appnj32.dll Sat 18 Jun 2005 13:53:48 A.... 34 958 34,14 K
appor32.dll Fri 1 Jul 2005 7:43:16 ..... 87 732 85,68 K
apppm32.dll Mon 13 Jun 2005 11:28:44 ..... 87 732 85,68 K
appqb.dll Wed 6 Jul 2005 0:22:54 A.... 0 0,00 K
appql.dll Sun 12 Jun 2005 0:11:04 ..... 87 732 85,68 K
apptu.dll Fri 17 Jun 2005 5:36:54 ..... 87 732 85,68 K
appux.dll Mon 27 Jun 2005 8:34:32 ..... 87 732 85,68 K
appvd.dll Thu 16 Jun 2005 3:22:02 ..... 87 732 85,68 K
appvy32.dll Sat 25 Jun 2005 1:17:38 A.... 0 0,00 K
appwu.dll Wed 6 Jul 2005 18:00:08 A.... 0 0,00 K
appzn.dll Tue 5 Jul 2005 12:02:08 ..... 87 732 85,68 K
atlbg32.dll Fri 10 Jun 2005 18:59:30 ..... 87 732 85,68 K
atlbj.dll Thu 30 Jun 2005 22:19:30 ..... 87 732 85,68 K
atleh.dll Sun 26 Jun 2005 6:19:40 ..... 87 732 85,68 K
atlfl.dll Mon 13 Jun 2005 1:53:30 A.... 0 0,00 K
atlfn32.dll Wed 29 Jun 2005 6:12:24 ..... 87 732 85,68 K
atlhp.dll Thu 16 Jun 2005 6:01:06 ..... 87 732 85,68 K
atlis.dll Sun 10 Jul 2005 3:25:28 ..... 87 732 85,68 K
atljn.dll Wed 6 Jul 2005 22:47:44 ..... 87 732 85,68 K
atllx.dll Tue 5 Jul 2005 20:32:52 ..... 87 732 85,68 K
atlnj.dll Wed 29 Jun 2005 0:22:30 ..... 87 732 85,68 K
atlpk.dll Tue 14 Jun 2005 3:53:32 ..... 87 732 85,68 K
atlrf32.dll Mon 27 Jun 2005 19:42:22 ..... 87 732 85,68 K
atlrp32.dll Tue 21 Jun 2005 8:18:32 ..... 87 732 85,68 K
atlsc32.dll Wed 15 Jun 2005 8:59:24 ..... 87 732 85,68 K
atltw32.dll Sat 2 Jul 2005 18:16:40 ..... 87 732 85,68 K
atlvo32.dll Fri 24 Jun 2005 22:45:08 ..... 87 732 85,68 K
atlwo.dll Thu 16 Jun 2005 1:31:52 ..... 87 732 85,68 K
atlxc32.dll Thu 23 Jun 2005 1:34:46 ..... 87 732 85,68 K
atlyq.dll Tue 14 Jun 2005 23:17:00 ..... 87 732 85,68 K
bodqe.dll Wed 29 Jun 2005 6:55:34 A.... 0 0,00 K
browseui.dll Mon 2 May 2005 22:57:10 A.... 1 020 416 996,50 K
cdfview.dll Mon 2 May 2005 22:57:10 A.... 152 064 148,50 K
cdm.dll Thu 26 May 2005 4:16:24 A.... 75 544 73,77 K
crca.dll Fri 10 Jun 2005 6:50:18 ..... 87 732 85,68 K
crcl.dll Fri 8 Jul 2005 13:10:28 ..... 87 732 85,68 K
crec32.dll Fri 10 Jun 2005 14:00:12 ..... 87 732 85,68 K
croi.dll Thu 30 Jun 2005 16:41:48 ..... 87 732 85,68 K
crou.dll Fri 8 Jul 2005 17:25:26 ..... 87 732 85,68 K
crui32.dll Wed 29 Jun 2005 23:22:40 A.... 0 0,00 K
cruu32.dll Fri 8 Jul 2005 10:06:34 ..... 87 732 85,68 K
crvo32.dll Fri 24 Jun 2005 1:49:22 A.... 0 0,00 K
cryd.dll Thu 7 Jul 2005 15:17:42 ..... 87 732 85,68 K
d3au.dll Fri 8 Jul 2005 23:59:36 ..... 87 732 85,68 K
d3dg.dll Wed 22 Jun 2005 18:32:52 A.... 0 0,00 K
d3di32.dll Wed 29 Jun 2005 22:19:10 ..... 87 732 85,68 K
d3fr32.dll Tue 28 Jun 2005 20:04:18 ..... 87 732 85,68 K
d3gf32.dll Wed 22 Jun 2005 11:22:42 ..... 87 732 85,68 K
d3gw32.dll Mon 27 Jun 2005 12:56:00 ..... 87 732 85,68 K
d3io32.dll Tue 21 Jun 2005 9:15:00 ..... 87 732 85,68 K
d3le.dll Fri 1 Jul 2005 20:11:48 A.... 0 0,00 K
d3no.dll Mon 13 Jun 2005 13:52:54 ..... 87 732 85,68 K
d3rb32.dll Wed 22 Jun 2005 13:35:32 ..... 87 732 85,68 K
d3sb.dll Tue 28 Jun 2005 12:19:12 ..... 87 732 85,68 K
d3sc.dll Sun 12 Jun 2005 21:27:36 ..... 87 732 85,68 K
d3tf.dll Fri 24 Jun 2005 21:02:44 ..... 87 732 85,68 K
d3ud.dll Mon 13 Jun 2005 15:50:12 ..... 87 732 85,68 K
d3vf.dll Wed 6 Jul 2005 1:44:18 ..... 87 732 85,68 K
gccoll~1.dll Fri 24 Jun 2005 15:24:22 A.... 126 680 123,71 K
gcunco~1.dll Fri 24 Jun 2005 15:24:20 A.... 95 448 93,21 K
hashlib.dll Fri 24 Jun 2005 15:24:22 A.... 117 976 115,21 K
hhsetup.dll Fri 27 May 2005 4:08:06 A.... 41 472 40,50 K
ieac32.dll Wed 15 Jun 2005 16:53:48 ..... 87 732 85,68 K
iecu32.dll Wed 22 Jun 2005 21:12:28 ..... 87 732 85,68 K
ieeo32.dll Thu 23 Jun 2005 8:57:46 ..... 87 732 85,68 K
iegx.dll Wed 22 Jun 2005 6:50:04 ..... 87 732 85,68 K
iejr32.dll Tue 14 Jun 2005 12:25:06 ..... 87 732 85,68 K
iekp.dll Sat 25 Jun 2005 0:11:54 A.... 0 0,00 K
iekp32.dll Sat 9 Jul 2005 13:31:32 ..... 87 732 85,68 K
iell32.dll Tue 21 Jun 2005 17:16:58 ..... 87 732 85,68 K
iemc32.dll Wed 15 Jun 2005 16:23:40 ..... 87 732 85,68 K
ienu32.dll Mon 20 Jun 2005 15:02:06 ..... 87 732 85,68 K
ieoa32.dll Thu 7 Jul 2005 9:01:46 ..... 87 732 85,68 K
ieoq32.dll Fri 17 Jun 2005 10:17:12 ..... 87 732 85,68 K
iepeers.dll Mon 2 May 2005 22:57:10 A.... 250 880 245,00 K
iesa32.dll Wed 15 Jun 2005 5:47:28 ..... 87 732 85,68 K
iesd32.dll Sat 9 Jul 2005 7:41:38 ..... 87 732 85,68 K
iett32.dll Fri 17 Jun 2005 12:31:16 ..... 87 732 85,68 K
ieyb.dll Fri 8 Jul 2005 3:24:22 ..... 87 732 85,68 K
iezf.dll Mon 4 Jul 2005 12:07:54 ..... 87 732 85,68 K
inseng.dll Mon 2 May 2005 22:57:12 A.... 96 768 94,50 K
ipaq.dll Thu 7 Jul 2005 15:33:18 ..... 87 732 85,68 K
ipbo32.dll Fri 8 Jul 2005 6:58:00 ..... 87 732 85,68 K
ipew32.dll Sat 2 Jul 2005 20:54:40 ..... 87 732 85,68 K
iphl32.dll Wed 6 Jul 2005 2:11:28 ..... 87 732 85,68 K
ipio.dll Sun 19 Jun 2005 6:57:32 ..... 87 732 85,68 K
ipjg.dll Wed 22 Jun 2005 20:54:28 ..... 87 732 85,68 K
ipkk.dll Sat 2 Jul 2005 23:52:06 ..... 87 732 85,68 K
iplq.dll Tue 21 Jun 2005 18:46:46 ..... 87 732 85,68 K
ippq.dll Thu 9 Jun 2005 3:20:18 ..... 87 732 85,68 K
ipps32.dll Thu 30 Jun 2005 14:19:16 ..... 87 732 85,68 K
ippx32.dll Sat 18 Jun 2005 21:36:46 ..... 87 732 85,68 K
ipqh32.dll Sun 12 Jun 2005 11:30:00 ..... 87 732 85,68 K
ipvv32.dll Fri 8 Jul 2005 1:15:44 ..... 87 732 85,68 K
ipxe32.dll Thu 23 Jun 2005 4:46:44 ..... 87 732 85,68 K
ipyz.dll Tue 5 Jul 2005 4:21:50 ..... 87 732 85,68 K
itircl.dll Fri 27 May 2005 4:08:06 A.... 155 136 151,50 K
itss.dll Fri 27 May 2005 4:08:06 A.... 137 216 134,00 K
iuengine.dll Thu 26 May 2005 4:16:24 A.... 198 424 193,77 K
javaao32.dll Fri 17 Jun 2005 21:50:50 ..... 87 732 85,68 K
javabp.dll Sat 11 Jun 2005 18:02:40 ..... 87 732 85,68 K
javacv.dll Thu 30 Jun 2005 12:38:18 ..... 87 732 85,68 K
javafr32.dll Fri 8 Jul 2005 18:40:54 ..... 87 732 85,68 K
javaib32.dll Wed 15 Jun 2005 0:53:02 ..... 87 732 85,68 K
javajs.dll Sun 12 Jun 2005 19:14:46 ..... 87 732 85,68 K
javakg32.dll Sat 11 Jun 2005 21:06:32 ..... 87 732 85,68 K
javame32.dll Tue 28 Jun 2005 9:56:46 ..... 87 732 85,68 K
javamp32.dll Fri 8 Jul 2005 8:04:42 ..... 87 732 85,68 K
javanz.dll Sat 25 Jun 2005 15:08:28 ..... 87 732 85,68 K
javasr32.dll Sun 26 Jun 2005 12:44:04 ..... 87 732 85,68 K
javatx.dll Sat 2 Jul 2005 16:13:40 A.... 0 0,00 K
javavp.dll Sat 9 Jul 2005 20:55:46 ..... 87 732 85,68 K
javawa32.dll Thu 7 Jul 2005 16:56:10 ..... 87 732 85,68 K
javawj32.dll Wed 6 Jul 2005 5:59:56 A.... 0 0,00 K
javayk32.dll Thu 16 Jun 2005 15:25:20 ..... 87 732 85,68 K
javayp32.dll Sun 26 Jun 2005 5:34:10 ..... 87 732 85,68 K
javayt.dll Fri 10 Jun 2005 3:18:14 ..... 87 732 85,68 K
jszqf.dll Sat 9 Jul 2005 22:25:26 A.... 0 0,00 K
mfcbd.dll Sat 11 Jun 2005 23:23:46 ..... 87 732 85,68 K
mfcbd32.dll Wed 29 Jun 2005 12:33:06 ..... 87 732 85,68 K
mfcbe.dll Wed 15 Jun 2005 23:56:28 ..... 87 732 85,68 K
mfcbh.dll Thu 7 Jul 2005 15:08:10 ..... 87 732 85,68 K
mfccm32.dll Tue 5 Jul 2005 7:06:20 ..... 87 732 85,68 K
mfcfh32.dll Thu 23 Jun 2005 3:36:40 ..... 87 732 85,68 K
mfcfo32.dll Sat 25 Jun 2005 20:36:46 ..... 87 732 85,68 K
mfchx.dll Tue 28 Jun 2005 3:57:30 ..... 87 732 85,68 K
mfcik.dll Mon 20 Jun 2005 8:25:14 ..... 87 732 85,68 K
mfcju.dll Sat 18 Jun 2005 4:32:46 ..... 87 732 85,68 K
mfckm32.dll Sat 2 Jul 2005 1:53:20 A.... 0 0,00 K
mfcmv32.dll Mon 4 Jul 2005 4:51:28 ..... 87 732 85,68 K
mfcny.dll Thu 7 Jul 2005 0:54:40 ..... 87 732 85,68 K
mfcpi.dll Sun 19 Jun 2005 21:49:00 ..... 87 732 85,68 K
mfcrs.dll Sun 26 Jun 2005 8:13:56 A.... 0 0,00 K
mfcuz.dll Wed 29 Jun 2005 0:19:30 ..... 87 732 85,68 K
mfcva.dll Tue 5 Jul 2005 5:24:22 ..... 87 732 85,68 K
mfcwm32.dll Thu 23 Jun 2005 2:33:54 ..... 87 732 85,68 K
mfcwz32.dll Wed 6 Jul 2005 7:09:04 ..... 87 732 85,68 K
msav.dll Mon 4 Jul 2005 11:08:46 ..... 87 732 85,68 K
msbi32.dll Sun 26 Jun 2005 8:51:00 ..... 87 732 85,68 K
msdu32.dll Wed 8 Jun 2005 23:38:26 ..... 87 732 85,68 K
msfv.dll Mon 20 Jun 2005 2:37:32 A.... 0 0,00 K
msgr32.dll Sat 11 Jun 2005 5:17:56 ..... 87 732 85,68 K
msgw.dll Sat 25 Jun 2005 16:18:32 ..... 87 732 85,68 K
msha32.dll Thu 7 Jul 2005 15:53:40 ..... 87 732 85,68 K
mshe32.dll Wed 6 Jul 2005 19:33:46 ..... 87 732 85,68 K
mshtml.dll Mon 2 May 2005 22:57:12 A.... 3 011 072 2,87 M
mshtmled.dll Mon 2 May 2005 22:57:12 A.... 448 512 438,00 K
msi.dll Wed 4 May 2005 14:45:32 A.... 2 890 240 2,75 M
msip.dll Sat 18 Jun 2005 20:39:34 ..... 87 732 85,68 K
mskh32.dll Sat 25 Jun 2005 8:33:26 ..... 87 732 85,68 K
msmz.dll Tue 5 Jul 2005 6:20:48 ..... 87 732 85,68 K
msnw.dll Tue 14 Jun 2005 6:36:30 ..... 87 732 85,68 K
msos32.dll Sat 25 Jun 2005 10:35:50 ..... 34 958 34,14 K
mspg32.dll Thu 7 Jul 2005 2:04:42 ..... 87 732 85,68 K
msrating.dll Mon 2 May 2005 22:57:12 A.... 146 432 143,00 K
msri32.dll Tue 5 Jul 2005 23:49:50 ..... 87 732 85,68 K
mstu.dll Mon 13 Jun 2005 2:07:34 ..... 87 732 85,68 K
msui.dll Sat 2 Jul 2005 17:52:32 ..... 87 732 85,68 K
mswv.dll Sun 26 Jun 2005 18:33:26 ..... 87 732 85,68 K
msxx32.dll Sun 12 Jun 2005 11:45:12 ..... 87 732 85,68 K
netlh.dll Sat 2 Jul 2005 18:49:00 ..... 87 732 85,68 K
netnm32.dll Tue 14 Jun 2005 4:30:58 ..... 87 732 85,68 K
netrk.dll Sun 10 Jul 2005 5:45:28 ..... 87 732 85,68 K
nettc.dll Sun 3 Jul 2005 10:06:28 ..... 87 732 85,68 K
netxv32.dll Fri 8 Jul 2005 19:38:20 ..... 87 732 85,68 K
ntaq32.dll Fri 24 Jun 2005 13:55:38 ..... 87 732 85,68 K
nteb.dll Tue 21 Jun 2005 16:49:26 ..... 87 732 85,68 K
ntfe.dll Thu 7 Jul 2005 8:20:24 A.... 0 0,00 K
ntff.dll Sun 19 Jun 2005 19:11:06 ..... 87 732 85,68 K
ntgf.dll Sun 3 Jul 2005 0:23:02 A.... 0 0,00 K
ntgk.dll Wed 6 Jul 2005 16:10:08 ..... 87 732 85,68 K
nthl32.dll Fri 1 Jul 2005 10:47:08 ..... 87 732 85,68 K
nthv32.dll Thu 23 Jun 2005 1:56:24 A.... 34 958 34,14 K
ntjp32.dll Thu 7 Jul 2005 1:59:42 ..... 87 732 85,68 K
ntll.dll Tue 5 Jul 2005 6:51:12 ..... 87 732 85,68 K
ntmu.dll Sat 18 Jun 2005 3:23:06 ..... 87 732 85,68 K
ntna.dll Mon 4 Jul 2005 21:29:58 ..... 87 732 85,68 K
ntnf.dll Tue 28 Jun 2005 0:14:50 ..... 87 732 85,68 K
ntnp.dll Tue 28 Jun 2005 16:59:30 ..... 87 732 85,68 K
ntok.dll Mon 20 Jun 2005 15:18:16 ..... 87 732 85,68 K
ntpk.dll Mon 20 Jun 2005 1:00:58 ..... 87 732 85,68 K
ntqf32.dll Sat 2 Jul 2005 0:36:06 ..... 87 732 85,68 K
ntri.dll Sun 12 Jun 2005 18:15:38 ..... 87 732 85,68 K
nttv32.dll Mon 4 Jul 2005 11:47:32 ..... 87 732 85,68 K
ntvv.dll Mon 20 Jun 2005 21:25:58 ..... 87 732 85,68 K
ntzc.dll Mon 13 Jun 2005 5:22:00 ..... 87 732 85,68 K
ole32.dll Thu 28 Apr 2005 21:32:30 A.... 1 284 608 1,22 M
olecli32.dll Thu 28 Apr 2005 21:32:30 A.... 75 264 73,50 K
olecnv32.dll Thu 28 Apr 2005 21:32:30 A.... 37 888 37,00 K
pngfilt.dll Mon 2 May 2005 22:57:12 A.... 39 424 38,50 K
rpcss.dll Thu 28 Apr 2005 21:32:30 A.... 395 776 386,50 K
sdkag.dll Sat 2 Jul 2005 7:21:44 ..... 87 732 85,68 K
sdkaw32.dll Sun 12 Jun 2005 23:21:24 ..... 87 732 85,68 K
sdkbv.dll Fri 17 Jun 2005 20:31:14 ..... 87 732 85,68 K
sdkcy32.dll Wed 29 Jun 2005 20:06:20 ..... 87 732 85,68 K
sdken.dll Sat 11 Jun 2005 0:59:24 ..... 87 732 85,68 K
sdkez32.dll Tue 14 Jun 2005 23:37:22 ..... 87 732 85,68 K
sdkgd32.dll Sat 25 Jun 2005 13:13:44 ..... 87 732 85,68 K
sdkko32.dll Sat 9 Jul 2005 10:19:34 ..... 87 732 85,68 K
sdkkq32.dll Sun 3 Jul 2005 16:24:04 ..... 87 732 85,68 K
sdkks32.dll Fri 8 Jul 2005 1:01:08 A.... 87 732 85,68 K
sdkny.dll Sat 11 Jun 2005 16:57:24 A.... 0 0,00 K
sdkob32.dll Fri 1 Jul 2005 11:54:20 ..... 87 732 85,68 K
sdkrw.dll Sat 25 Jun 2005 23:49:58 ..... 87 732 85,68 K
sdksh32.dll Thu 23 Jun 2005 19:50:20 ..... 87 732 85,68 K
shdocvw.dll Mon 2 May 2005 22:57:12 ..... 1 484 288 1,41 M
shlwapi.dll Mon 2 May 2005 22:57:12 A.... 474 112 463,00 K
sysab32.dll Sat 11 Jun 2005 14:10:02 ..... 87 732 85,68 K
sysck.dll Thu 30 Jun 2005 5:08:08 ..... 87 732 85,68 K
syseg32.dll Fri 8 Jul 2005 19:07:36 ..... 87 732 85,68 K
sysgc.dll Sat 18 Jun 2005 2:37:38 ..... 87 732 85,68 K
sysgv.dll Tue 28 Jun 2005 0:45:34 ..... 87 732 85,68 K
syski.dll Wed 6 Jul 2005 3:55:54 ..... 87 732 85,68 K
sysmn32.dll Wed 29 Jun 2005 14:06:46 ..... 87 732 85,68 K
sysoe32.dll Thu 30 Jun 2005 15:51:32 ..... 87 732 85,68 K
syspo.dll Wed 15 Jun 2005 18:35:48 ..... 87 732 85,68 K
syswm.dll Fri 1 Jul 2005 6:33:12 ..... 87 732 85,68 K
sysxe.dll Fri 1 Jul 2005 9:37:06 ..... 87 732 85,68 K
urlmon.dll Mon 2 May 2005 22:57:12 A.... 605 696 591,50 K
winch32.dll Thu 30 Jun 2005 7:10:02 ..... 87 732 85,68 K
winei.dll Sun 12 Jun 2005 12:37:56 ..... 87 732 85,68 K
winhb.dll Wed 29 Jun 2005 17:10:52 A.... 0 0,00 K
wininet.dll Mon 2 May 2005 22:57:12 A.... 662 016 646,50 K
winjs32.dll Tue 21 Jun 2005 13:18:10 A.... 0 0,00 K
winjx.dll Wed 15 Jun 2005 10:53:14 ..... 87 732 85,68 K
winkb32.dll Mon 13 Jun 2005 13:37:18 ..... 87 732 85,68 K
winlk32.dll Sat 9 Jul 2005 11:24:14 ..... 87 732 85,68 K
winlv.dll Wed 15 Jun 2005 22:15:02 ..... 87 732 85,68 K
winml.dll Wed 15 Jun 2005 8:20:58 ..... 87 732 85,68 K
winrk32.dll Fri 1 Jul 2005 8:22:10 ..... 87 732 85,68 K
winsn32.dll Thu 7 Jul 2005 9:11:02 A.... 0 0,00 K
winsusrm.dll Fri 8 Jul 2005 20:11:08 A.... 264 0,26 K
winth.dll Sun 12 Jun 2005 13:08:02 ..... 87 732 85,68 K
winvw.dll Thu 30 Jun 2005 21:35:44 ..... 87 732 85,68 K
winwd.dll Wed 6 Jul 2005 8:06:30 ..... 87 732 85,68 K
winwh.dll Mon 13 Jun 2005 11:51:44 A.... 0 0,00 K
winxu.dll Thu 9 Jun 2005 14:26:44 A.... 0 0,00 K
winzd32.dll Sun 19 Jun 2005 3:04:18 ..... 87 732 85,68 K
wuapi.dll Thu 26 May 2005 4:16:30 A.... 467 224 456,27 K
wuaueng.dll Thu 26 May 2005 4:16:30 A.... 1 343 768 1,28 M
wuaueng1.dll Thu 26 May 2005 4:16:32 A.... 195 352 190,77 K
wucltui.dll Thu 26 May 2005 4:16:32 A.... 128 792 125,77 K
wups.dll Thu 26 May 2005 4:16:30 A.... 41 240 40,27 K
wups2.dll Thu 26 May 2005 4:16:30 A.... 18 200 17,77 K
wuweb.dll Thu 26 May 2005 4:16:30 A.... 173 536 169,47 K
xpsp3res.dll Tue 17 May 2005 2:42:14 ..... 16 896 16,50 K

290 items found: 290 files, 0 directories.
Total of file sizes: 35 990 002 bytes 34,32 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est E05F-8FE7

R‚pertoire de C:\WINDOWS\System32

09/07/2005 15:21 <REP> dllcache
17/11/2004 13:24 10ÿ240 Thumbs.db
15/01/2004 00:11 <REP> Microsoft
1 fichier(s) 10ÿ240 octets
2 R‚p(s) 26ÿ295ÿ734ÿ272 octets libres
0
Réponse 37 / 84
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
11 juil. 2005 à 22:59
relance se prog et cette fois clik sur l option 2
ne redemarre pas et refait un hijack
surtout ne redemarre pas
0
Réponse 38 / 84
Pascal-33-37 Messages postés 112 Date d'inscription jeudi 7 juillet 2005 Statut Membre Dernière intervention 3 avril 2008
11 juil. 2005 à 23:15
Pour info, après voir cliqué sur l'option 2, j'ai tapé return (je savais ce qu'il fallait faire). Aussitot que j'ai vu qu'il commencait un reboot, j'ai annulé. Est-ce que c'est bon ?


Résultat de l'hijackthis :


-----------


Logfile of HijackThis v1.99.1
Scan saved at 23:03:41, on 11/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\systz.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bodqe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bodqe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bodqe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bodqe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bodqe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bodqe.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bodqe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.free.fr:3128;ftp=proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {9FDF75A3-3C2E-D30D-152E-4EEA1824BCA0} - C:\WINDOWS\netrq32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {FEEB74BD-0EE1-8D2A-3A47-85E6B36D5479} - C:\WINDOWS\winuu.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [javaln.exe] C:\WINDOWS\javaln.exe
O4 - HKLM\..\Run: [systz.exe] C:\WINDOWS\system32\systz.exe
O4 - HKLM\..\Run: [winri.exe] C:\WINDOWS\winri.exe
O4 - HKLM\..\Run: [ipkk.exe] C:\WINDOWS\system32\ipkk.exe
O4 - HKLM\..\Run: [winei.exe] C:\WINDOWS\system32\winei.exe
O4 - HKLM\..\Run: [second] C:\Program Files\l2mfix\second.bat
O4 - HKLM\..\RunOnce: [addtj.exe] C:\WINDOWS\addtj.exe
O4 - HKLM\..\RunOnce: [appzn.exe] C:\WINDOWS\system32\appzn.exe
O4 - HKLM\..\RunOnce: [winng32.exe] C:\WINDOWS\winng32.exe
O4 - HKLM\..\RunOnce: [mfcoi.exe] C:\WINDOWS\system32\mfcoi.exe
O4 - HKLM\..\RunOnce: [atlpd.exe] C:\WINDOWS\atlpd.exe
O4 - HKLM\..\RunOnce: [apioe.exe] C:\WINDOWS\system32\apioe.exe
O4 - HKLM\..\RunOnce: [addvj.exe] C:\WINDOWS\system32\addvj.exe
O4 - HKLM\..\RunOnce: [craq.exe] C:\WINDOWS\craq.exe
O4 - HKLM\..\RunOnce: [addfy32.exe] C:\WINDOWS\system32\addfy32.exe
O4 - HKLM\..\RunOnce: [javand.exe] C:\WINDOWS\javand.exe
O4 - HKLM\..\RunOnce: [javajs.exe] C:\WINDOWS\system32\javajs.exe
O4 - HKLM\..\RunOnce: [appgl32.exe] C:\WINDOWS\system32\appgl32.exe
O4 - HKLM\..\RunOnce: [addee.exe] C:\WINDOWS\system32\addee.exe
O4 - HKLM\..\RunOnce: [mspv.exe] C:\WINDOWS\mspv.exe
O4 - HKLM\..\RunOnce: [wingi32.exe] C:\WINDOWS\system32\wingi32.exe
O4 - HKLM\..\RunOnce: [crlm32.exe] C:\WINDOWS\system32\crlm32.exe
O4 - HKLM\..\RunOnce: [iebu.exe] C:\WINDOWS\system32\iebu.exe
O4 - HKLM\..\RunOnce: [appzb.exe] C:\WINDOWS\appzb.exe
O4 - HKLM\..\RunOnce: [javauk32.exe] C:\WINDOWS\javauk32.exe
O4 - HKLM\..\RunOnce: [msii.exe] C:\WINDOWS\msii.exe
O4 - HKLM\..\RunOnce: [ipok32.exe] C:\WINDOWS\ipok32.exe
O4 - HKLM\..\RunOnce: [javazd32.exe] C:\WINDOWS\javazd32.exe
O4 - HKLM\..\RunOnce: [winqe.exe] C:\WINDOWS\winqe.exe
O4 - HKLM\..\RunOnce: [sysfx32.exe] C:\WINDOWS\sysfx32.exe
O4 - HKLM\..\RunOnce: [d3vd.exe] C:\WINDOWS\d3vd.exe
O4 - HKLM\..\RunOnce: [crmj.exe] C:\WINDOWS\crmj.exe
O4 - HKLM\..\RunOnce: [netrd32.exe] C:\WINDOWS\system32\netrd32.exe
O4 - HKLM\..\RunOnce: [msun32.exe] C:\WINDOWS\msun32.exe
O4 - HKLM\..\RunOnce: [winlu.exe] C:\WINDOWS\winlu.exe
O4 - HKLM\..\RunOnce: [apidr32.exe] C:\WINDOWS\system32\apidr32.exe
O4 - HKLM\..\RunOnce: [crto.exe] C:\WINDOWS\crto.exe
O4 - HKLM\..\RunOnce: [apiyi32.exe] C:\WINDOWS\system32\apiyi32.exe
O4 - HKLM\..\RunOnce: [winde32.exe] C:\WINDOWS\system32\winde32.exe
O4 - HKLM\..\RunOnce: [netvr.exe] C:\WINDOWS\netvr.exe
O4 - HKLM\..\RunOnce: [winbl32.exe] C:\WINDOWS\winbl32.exe
O4 - HKLM\..\RunOnce: [winhy32.exe] C:\WINDOWS\system32\winhy32.exe
O4 - HKLM\..\RunOnce: [apisp.exe] C:\WINDOWS\apisp.exe
O4 - HKLM\..\RunOnce: [msbv32.exe] C:\WINDOWS\msbv32.exe
O4 - HKLM\..\RunOnce: [apptr.exe] C:\WINDOWS\apptr.exe
O4 - HKLM\..\RunOnce: [d3oo.exe] C:\WINDOWS\d3oo.exe
O4 - HKLM\..\RunOnce: [atlzw32.exe] C:\WINDOWS\atlzw32.exe
O4 - HKLM\..\RunOnce: [iemy32.exe] C:\WINDOWS\system32\iemy32.exe
O4 - HKLM\..\RunOnce: [sdkag.exe] C:\WINDOWS\system32\sdkag.exe
O4 - HKLM\..\RunOnce: [mfcfa32.exe] C:\WINDOWS\mfcfa32.exe
O4 - HKLM\..\RunOnce: [iepi32.exe] C:\WINDOWS\system32\iepi32.exe
O4 - HKLM\..\RunOnce: [atlie.exe] C:\WINDOWS\atlie.exe
O4 - HKLM\..\RunOnce: [msnj.exe] C:\WINDOWS\system32\msnj.exe
O4 - HKLM\..\RunOnce: [ipsd32.exe] C:\WINDOWS\system32\ipsd32.exe
O4 - HKLM\..\RunOnce: [apirw.exe] C:\WINDOWS\system32\apirw.exe
O4 - HKLM\..\RunOnce: [winey.exe] C:\WINDOWS\winey.exe
O4 - HKLM\..\RunOnce: [sdkks32.exe] C:\WINDOWS\system32\sdkks32.exe
O4 - HKLM\..\RunOnce: [iero.exe] C:\WINDOWS\system32\iero.exe
O4 - HKLM\..\RunOnce: [ntwi.exe] C:\WINDOWS\system32\ntwi.exe
O4 - HKLM\..\RunOnce: [msbk.exe] C:\WINDOWS\msbk.exe
O4 - HKLM\..\RunOnce: [addwo.exe] C:\WINDOWS\addwo.exe
O4 - HKLM\..\RunOnce: [crkq32.exe] C:\WINDOWS\system32\crkq32.exe
O4 - HKLM\..\RunOnce: [sdkfr.exe] C:\WINDOWS\system32\sdkfr.exe
O4 - HKLM\..\RunOnce: [mfclu32.exe] C:\WINDOWS\system32\mfclu32.exe
O4 - HKLM\..\RunOnce: [winjh32.exe] C:\WINDOWS\system32\winjh32.exe
O4 - HKLM\..\RunOnce: [d3iu32.exe] C:\WINDOWS\d3iu32.exe
O4 - HKLM\..\RunOnce: [d3de32.exe] C:\WINDOWS\system32\d3de32.exe
O4 - HKLM\..\RunOnce: [ipqg32.exe] C:\WINDOWS\system32\ipqg32.exe
O4 - HKLM\..\RunOnce: [javagn.exe] C:\WINDOWS\javagn.exe
O4 - HKLM\..\RunOnce: [apimh32.exe] C:\WINDOWS\apimh32.exe
O4 - HKLM\..\RunOnce: [netfa.exe] C:\WINDOWS\system32\netfa.exe
O4 - HKLM\..\RunOnce: [crbe.exe] C:\WINDOWS\system32\crbe.exe
O4 - HKLM\..\RunOnce: [ietx32.exe] C:\WINDOWS\system32\ietx32.exe
O4 - HKLM\..\RunOnce: [appkn.exe] C:\WINDOWS\system32\appkn.exe
O4 - HKLM\..\RunOnce: [netoj32.exe] C:\WINDOWS\system32\netoj32.exe
O4 - HKLM\..\RunOnce: [atlxr.exe] C:\WINDOWS\system32\atlxr.exe
O4 - HKLM\..\RunOnce: [mfcdg32.exe] C:\WINDOWS\system32\mfcdg32.exe
O4 - HKLM\..\RunOnce: [atlrd32.exe] C:\WINDOWS\atlrd32.exe
O4 - HKLM\..\RunOnce: [iewh32.exe] C:\WINDOWS\system32\iewh32.exe
O4 - HKLM\..\RunOnce: [mfcrt32.exe] C:\WINDOWS\mfcrt32.exe
O4 - HKLM\..\RunOnce: [appjr32.exe] C:\WINDOWS\appjr32.exe
O4 - HKLM\..\RunOnce: [iezh.exe] C:\WINDOWS\system32\iezh.exe
O4 - HKLM\..\RunOnce: [ntyw32.exe] C:\WINDOWS\system32\ntyw32.exe
O4 - HKLM\..\RunOnce: [appsn.exe] C:\WINDOWS\appsn.exe
O4 - HKLM\..\RunOnce: [appio32.exe] C:\WINDOWS\appio32.exe
O4 - HKLM\..\RunOnce: [atlie32.exe] C:\WINDOWS\atlie32.exe
O4 - HKLM\..\RunOnce: [ipsw32.exe] C:\WINDOWS\system32\ipsw32.exe
O4 - HKLM\..\RunOnce: [winae.exe] C:\WINDOWS\winae.exe
O4 - HKLM\..\RunOnce: [d3wi.exe] C:\WINDOWS\system32\d3wi.exe
O4 - HKLM\..\RunOnce: [applg32.exe] C:\WINDOWS\applg32.exe
O4 - HKLM\..\RunOnce: [netjn.exe] C:\WINDOWS\netjn.exe
O4 - HKLM\..\RunOnce: [javafr32.exe] C:\WINDOWS\system32\javafr32.exe
O4 - HKLM\..\RunOnce: [ipps.exe] C:\WINDOWS\ipps.exe
O4 - HKLM\..\RunOnce: [ntco32.exe] C:\WINDOWS\system32\ntco32.exe
O4 - HKLM\..\RunOnce: [iprl32.exe] C:\WINDOWS\iprl32.exe
O4 - HKLM\..\RunOnce: [sysmu.exe] C:\WINDOWS\sysmu.exe
O4 - HKLM\..\RunOnce: [mfcsy.exe] C:\WINDOWS\mfcsy.exe
O4 - HKLM\..\RunOnce: [d3bc.exe] C:\WINDOWS\system32\d3bc.exe
O4 - HKLM\..\RunOnce: [javawn.exe] C:\WINDOWS\system32\javawn.exe
O4 - HKLM\..\RunOnce: [javaue32.exe] C:\WINDOWS\javaue32.exe
O4 - HKLM\..\RunOnce: [mskn32.exe] C:\WINDOWS\mskn32.exe
O4 - HKLM\..\RunOnce: [winlc32.exe] C:\WINDOWS\winlc32.exe
O4 - HKLM\..\RunOnce: [atlck.exe] C:\WINDOWS\atlck.exe
O4 - HKLM\..\RunOnce: [ntgo32.exe] C:\WINDOWS\system32\ntgo32.exe
O4 - HKLM\..\RunOnce: [apipo.exe] C:\WINDOWS\apipo.exe
O4 - HKLM\..\RunOnce: [netvl32.exe] C:\WINDOWS\system32\netvl32.exe
O4 - HKLM\..\RunOnce: [apiji32.exe] C:\WINDOWS\apiji32.exe
O4 - HKLM\..\RunOnce: [winoe32.exe] C:\WINDOWS\winoe32.exe
O4 - HKLM\..\RunOnce: [netrq32.exe] C:\WINDOWS\netrq32.exe
O4 - HKLM\..\RunOnce: [addxs.exe] C:\WINDOWS\addxs.exe
O4 - HKLM\..\RunOnce: [javamy32.exe] C:\WINDOWS\javamy32.exe
O4 - HKLM\..\RunOnce: [addrd32.exe] C:\WINDOWS\addrd32.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.mairie-saintnazaire.fr/wfplayer/tdserver.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addtj.exe" /s (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 39 / 84
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
11 juil. 2005 à 23:26
lol c est vrai il faut qu il reboot recommence l option 2 et laisse le reboot met moi sont rapport et un nouvel hijack

et telecharge ceci et utilise le avant de faire se que j est mis au dessus
http://pageperso.aol.fr/Balltrap34/SpHjfix.exe
0
Réponse 40 / 84
Pascal-33-37 Messages postés 112 Date d'inscription jeudi 7 juillet 2005 Statut Membre Dernière intervention 3 avril 2008
11 juil. 2005 à 23:50
Résultat de L2mfix :

Fichier log.txt :

------------------------------

L2Mfix 1.03

Running From:
C:\Program Files\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting up for Reboot


Starting Reboot!

C:\Program Files\l2mfix
System Rebooted!

Running From:
C:\Program Files\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1468 'explorer.exe'
Killing PID 1468 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (188 bytes security) (deflated 2%)
adding: echo.reg (188 bytes security) (deflated 5%)
adding: direct.txt (188 bytes security) (stored 0%)
adding: lo2.txt (188 bytes security) (deflated 70%)
adding: readme.txt (188 bytes security) (deflated 49%)
adding: test.txt (188 bytes security) (stored 0%)
adding: test2.txt (188 bytes security) (stored 0%)
adding: test3.txt (188 bytes security) (stored 0%)
adding: test5.txt (188 bytes security) (stored 0%)
adding: backregs/shell.reg (188 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


---------------------------

Résultat de Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 23:40:47, on 11/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\javaln.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\elmyq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\elmyq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\elmyq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\elmyq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\elmyq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\elmyq.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\elmyq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.free.fr:3128;ftp=proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {F97F2532-4324-0DA9-21C3-64C1650A6515} - C:\WINDOWS\system32\atlrc.dll
O2 - BHO: Class - {FEEB74BD-0EE1-8D2A-3A47-85E6B36D5479} - C:\WINDOWS\winuu.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [javaln.exe] C:\WINDOWS\javaln.exe
O4 - HKLM\..\Run: [systz.exe] C:\WINDOWS\system32\systz.exe
O4 - HKLM\..\Run: [winri.exe] C:\WINDOWS\winri.exe
O4 - HKLM\..\Run: [ipkk.exe] C:\WINDOWS\system32\ipkk.exe
O4 - HKLM\..\Run: [winei.exe] C:\WINDOWS\system32\winei.exe
O4 - HKLM\..\RunOnce: [addtj.exe] C:\WINDOWS\addtj.exe
O4 - HKLM\..\RunOnce: [appzn.exe] C:\WINDOWS\system32\appzn.exe
O4 - HKLM\..\RunOnce: [winng32.exe] C:\WINDOWS\winng32.exe
O4 - HKLM\..\RunOnce: [mfcoi.exe] C:\WINDOWS\system32\mfcoi.exe
O4 - HKLM\..\RunOnce: [atlpd.exe] C:\WINDOWS\atlpd.exe
O4 - HKLM\..\RunOnce: [apioe.exe] C:\WINDOWS\system32\apioe.exe
O4 - HKLM\..\RunOnce: [addvj.exe] C:\WINDOWS\system32\addvj.exe
O4 - HKLM\..\RunOnce: [craq.exe] C:\WINDOWS\craq.exe
O4 - HKLM\..\RunOnce: [addfy32.exe] C:\WINDOWS\system32\addfy32.exe
O4 - HKLM\..\RunOnce: [javand.exe] C:\WINDOWS\javand.exe
O4 - HKLM\..\RunOnce: [javajs.exe] C:\WINDOWS\system32\javajs.exe
O4 - HKLM\..\RunOnce: [appgl32.exe] C:\WINDOWS\system32\appgl32.exe
O4 - HKLM\..\RunOnce: [mspv.exe] C:\WINDOWS\mspv.exe
O4 - HKLM\..\RunOnce: [crlm32.exe] C:\WINDOWS\system32\crlm32.exe
O4 - HKLM\..\RunOnce: [iebu.exe] C:\WINDOWS\system32\iebu.exe
O4 - HKLM\..\RunOnce: [appzb.exe] C:\WINDOWS\appzb.exe
O4 - HKLM\..\RunOnce: [javauk32.exe] C:\WINDOWS\javauk32.exe
O4 - HKLM\..\RunOnce: [msii.exe] C:\WINDOWS\msii.exe
O4 - HKLM\..\RunOnce: [javazd32.exe] C:\WINDOWS\javazd32.exe
O4 - HKLM\..\RunOnce: [sysfx32.exe] C:\WINDOWS\sysfx32.exe
O4 - HKLM\..\RunOnce: [d3vd.exe] C:\WINDOWS\d3vd.exe
O4 - HKLM\..\RunOnce: [netrd32.exe] C:\WINDOWS\system32\netrd32.exe
O4 - HKLM\..\RunOnce: [msun32.exe] C:\WINDOWS\msun32.exe
O4 - HKLM\..\RunOnce: [apidr32.exe] C:\WINDOWS\system32\apidr32.exe
O4 - HKLM\..\RunOnce: [crto.exe] C:\WINDOWS\crto.exe
O4 - HKLM\..\RunOnce: [apiyi32.exe] C:\WINDOWS\system32\apiyi32.exe
O4 - HKLM\..\RunOnce: [netvr.exe] C:\WINDOWS\netvr.exe
O4 - HKLM\..\RunOnce: [winbl32.exe] C:\WINDOWS\winbl32.exe
O4 - HKLM\..\RunOnce: [winhy32.exe] C:\WINDOWS\system32\winhy32.exe
O4 - HKLM\..\RunOnce: [netxs32.exe] C:\WINDOWS\system32\netxs32.exe
O4 - HKLM\..\RunOnce: [addep.exe] C:\WINDOWS\addep.exe
O4 - HKLM\..\RunOnce: [netzv.exe] C:\WINDOWS\system32\netzv.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.mairie-saintnazaire.fr/wfplayer/tdserver.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addtj.exe" /s (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

------------------

Hé ben... entre lire ça et le botin !!! ;-)
0

Discussions similaires

comment donner les droits sur fichier partage
ch'ti du 57 -
fil1958 -

2 réponses