FENETRES PAUPOPUP ET SEARC'H
Résolu
STBE41
Messages postés
38
Date d'inscription
Statut
Membre
Dernière intervention
-
balltrap34 Messages postés 16240 Date d'inscription Statut Contributeur sécurité Dernière intervention -
balltrap34 Messages postés 16240 Date d'inscription Statut Contributeur sécurité Dernière intervention -
BONJOUR
j'ai des fenetres type PAYPOPUP et SEARC'H qui s'ouvre en surfant sur le web.Voici mon log hijack. Merci de m'aider.
Logfile of HijackThis v1.99.1
Scan saved at 12:15:27, on 31/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\hcatztq.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MR BELLANDE\Mes documents\SB\DIVERS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {B9F36083-81D3-D75B-61DA-68DB62E3503F} - SYSTRAV.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [prcmon] EXE32EXE.exe
O4 - HKLM\..\Run: [panel_its] Dest068.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [udyvex] C:\WINDOWS\System32\hcatztq.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [killall] Bogobot.exe
O4 - HKCU\..\Run: [WTFCTF] NsCplTray.exe
O4 - HKCU\..\Run: [avpmondll] bnui.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102584932234
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.tourismeville.wanadoo.fr/AxisCamControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}: NameServer = 195.95.218.1,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\cTmocx.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOCUME~1\MRBELL~1\LOCALS~1\TEMP\_VWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
j'ai des fenetres type PAYPOPUP et SEARC'H qui s'ouvre en surfant sur le web.Voici mon log hijack. Merci de m'aider.
Logfile of HijackThis v1.99.1
Scan saved at 12:15:27, on 31/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\hcatztq.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MR BELLANDE\Mes documents\SB\DIVERS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {B9F36083-81D3-D75B-61DA-68DB62E3503F} - SYSTRAV.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [prcmon] EXE32EXE.exe
O4 - HKLM\..\Run: [panel_its] Dest068.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [udyvex] C:\WINDOWS\System32\hcatztq.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [killall] Bogobot.exe
O4 - HKCU\..\Run: [WTFCTF] NsCplTray.exe
O4 - HKCU\..\Run: [avpmondll] bnui.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102584932234
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.tourismeville.wanadoo.fr/AxisCamControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}: NameServer = 195.95.218.1,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\cTmocx.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOCUME~1\MRBELL~1\LOCALS~1\TEMP\_VWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
A voir également:
- FENETRES PAUPOPUP ET SEARC'H
- Afficher toutes les fenetres ouvertes windows - Guide
- Des fenêtres s'ouvrent toutes seules ✓ - Forum Virus
- Il semble que les fenêtres surgissantes sont bloquées, ce qui a stoppé l'exécution de ce scorm. veuillez vérifier les réglages de votre navigateur avant de recommencer. ✓ - Forum MacOS
- Afficher toutes les fenetres ouvertes windows 11 - Guide
- Comment ouvrir deux fenetres sur pc - Guide
35 réponses
Voici mon hijack:
Logfile of HijackThis v1.99.1
Scan saved at 12:18:52, on 06/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MR BELLANDE\Mes documents\SB\DIVERS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}: NameServer = 195.95.218.1,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.1 80.10.246.132
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\MRBELL~1\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:18:52, on 06/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MR BELLANDE\Mes documents\SB\DIVERS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}: NameServer = 195.95.218.1,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.1 80.10.246.132
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\MRBELL~1\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
salut
le temp de la manip desactive a2 et le the timer de spybot si il est activer
(voir demo) http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
► imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
****************************************************************
► tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore et verifie que tu as les bonnes version c est imperatif
♪ ad-aware (1)version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
♪ spybot (2)version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
et aussi ceci
♪ CleanUp40.exe(3)
voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
***
♪ a2(4)
http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
***
****************************************************************
► desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
****************************************************************
► assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
****************************************************************
► vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
♪http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
****************************************************************
► relance hijack coche ces lignes et ensuite clik sur fix
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}: NameServer = 195.95.218.1,85.255.112.7
****************************************************************
► redemarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
****************************************************************
► recherche et suppr ceci
C:\WINDOWS\Nail.exe
****************************************************************
►passe adaware et vire tous se qu il trouve
****************************************************************
►passe spy boot et vire tous se qu il trouvent
****************************************************************
►passe a2
****************************************************************
tu vide ta poubelle et tu redemarre en mode normal
****************************************************************
télécharge ceci Registry Search Tool
http://www.billsway.com/vbspage/
decompresse le et tape
96CAC0E6-F5E6-4984-BA10-F330B930FC56
et copie colle le resultat dans le bloc note et donne le nous
et refait un hijack
et precise ou en sont tes soucis
--
le temp de la manip desactive a2 et le the timer de spybot si il est activer
(voir demo) http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
► imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
****************************************************************
► tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore et verifie que tu as les bonnes version c est imperatif
♪ ad-aware (1)version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
♪ spybot (2)version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
et aussi ceci
♪ CleanUp40.exe(3)
voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
***
♪ a2(4)
http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
***
****************************************************************
► desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
****************************************************************
► assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
****************************************************************
► vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
♪http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
****************************************************************
► relance hijack coche ces lignes et ensuite clik sur fix
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}: NameServer = 195.95.218.1,85.255.112.7
****************************************************************
► redemarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
****************************************************************
► recherche et suppr ceci
C:\WINDOWS\Nail.exe
****************************************************************
►passe adaware et vire tous se qu il trouve
****************************************************************
►passe spy boot et vire tous se qu il trouvent
****************************************************************
►passe a2
****************************************************************
tu vide ta poubelle et tu redemarre en mode normal
****************************************************************
télécharge ceci Registry Search Tool
http://www.billsway.com/vbspage/
decompresse le et tape
96CAC0E6-F5E6-4984-BA10-F330B930FC56
et copie colle le resultat dans le bloc note et donne le nous
et refait un hijack
et precise ou en sont tes soucis
--
voici le rapport REGISTRY SEARCH TOOL:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "96CAC0E6-F5E6-4984-BA10-F330B930FC56" 07/09/2005 10:34:19
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
voici le log HIJACK:
Logfile of HijackThis v1.99.1
Scan saved at 10:38:57, on 07/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\FlexiSIGN-PRO 7.5v3\Program\App.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MR BELLANDE\Mes documents\SB\DIVERS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}: NameServer = 195.95.218.1,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.1 80.10.246.132
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\MRBELL~1\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General]
"InterfaceList"="\\DEVICE\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2]
"ServiceName"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\2]
"InterfaceName"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Interfaces\2]
"InterfaceName"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2]
"InterfaceName"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "96CAC0E6-F5E6-4984-BA10-F330B930FC56" 07/09/2005 10:34:19
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
voici le log HIJACK:
Logfile of HijackThis v1.99.1
Scan saved at 10:38:57, on 07/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\FlexiSIGN-PRO 7.5v3\Program\App.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MR BELLANDE\Mes documents\SB\DIVERS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}: NameServer = 195.95.218.1,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{211B6530-3A92-4F96-844D-D10B419BB830}: NameServer = 80.10.246.1 80.10.246.132
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\MRBELL~1\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General]
"InterfaceList"="\\DEVICE\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2]
"ServiceName"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\2]
"InterfaceName"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Interfaces\2]
"InterfaceName"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2]
"InterfaceName"="{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
tous d abord par securite vas dans la base de registre et fait clik droit sur ces clef et exporter
enregistre le sur ton bureau et donne lui le nom que tu veut suivi de .reg
fait le pour les deux clef si dessous
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SYSTEM
ouvre le bloc note et copie colle ceci entre les etoiles
**********
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General]
"InterfaceList"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2]
"ServiceName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\2]
"InterfaceName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Interfaces\2]
"InterfaceName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2]
"InterfaceName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
*****************************************
enregistre le sur ton bureau et nomme le www.reg
et dans la case en dessous type met sur tous fichiers
la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre
relance hijack coche et fix
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}: NameServer = 195.95.218.1,85.255.112.7
redemarre refait un hijack
et a nouveau la recherche dans le registre
télécharge ceci Registry Search Tool
http://www.billsway.com/vbspage/
decompresse le et tape
96CAC0E6-F5E6-4984-BA10-F330B930FC56
et copie colle le resultat dans le bloc note et donne le nous
enregistre le sur ton bureau et donne lui le nom que tu veut suivi de .reg
fait le pour les deux clef si dessous
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SYSTEM
ouvre le bloc note et copie colle ceci entre les etoiles
**********
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General]
"InterfaceList"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2]
"ServiceName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\2]
"InterfaceName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Interfaces\2]
"InterfaceName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Connection]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2]
"InterfaceName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Parameters\Tcpip]
*****************************************
enregistre le sur ton bureau et nomme le www.reg
et dans la case en dessous type met sur tous fichiers
la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre
relance hijack coche et fix
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}: NameServer = 195.95.218.1,85.255.112.7
redemarre refait un hijack
et a nouveau la recherche dans le registre
télécharge ceci Registry Search Tool
http://www.billsway.com/vbspage/
decompresse le et tape
96CAC0E6-F5E6-4984-BA10-F330B930FC56
et copie colle le resultat dans le bloc note et donne le nous
salut,
en l'absence de balltrap, deblocage. Pour aller dans la base de registre, tu vas dans le menu demarrer, executer, tu tapes regedit
ensuite tu navigues comme avec l'explorateur windows.
A+
(là je suis largué et ne eux t'aider, trop technique).
Jean
en l'absence de balltrap, deblocage. Pour aller dans la base de registre, tu vas dans le menu demarrer, executer, tu tapes regedit
ensuite tu navigues comme avec l'explorateur windows.
A+
(là je suis largué et ne eux t'aider, trop technique).
Jean
Voici le résultat Registry Search Tool:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "96CAC0E6-F5E6-4984-BA10-F330B930FC56" 09/09/2005 15:51:05
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "96CAC0E6-F5E6-4984-BA10-F330B930FC56" 09/09/2005 15:51:05
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
oki
fait ceci
et apres un hijack sans redemarrer et aussi a nouveau la recherche avec
http://www.billsway.com/vbspage/
decompresse le et tape
96CAC0E6-F5E6-4984-BA10-F330B930FC56
et copie colle le resultat dans le bloc note et donne le nous
ne redemarre pas
fait ceci
et apres un hijack sans redemarrer et aussi a nouveau la recherche avec
http://www.billsway.com/vbspage/
decompresse le et tape
96CAC0E6-F5E6-4984-BA10-F330B930FC56
et copie colle le resultat dans le bloc note et donne le nous
ne redemarre pas
résultat de RegSearch:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "96CAC0E6-F5E6-4984-BA10-F330B930FC56" 11/09/2005 16:28:17
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "96CAC0E6-F5E6-4984-BA10-F330B930FC56" 11/09/2005 16:28:17
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
desoler je t est mis fait ceci sans te mettre se qu il faut faire lol je recommence
ouvre le bloc note et copie colle ceci entre les etoiles
**********
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
************
enregistre le sur ton bureau et nomme le www.reg
et dans la case en dessous type met sur tous fichiers
la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre
et apres un hijack sans redemarrer et aussi a nouveau la recherche avec
http://www.billsway.com/vbspage/
decompresse le et tape
96CAC0E6-F5E6-4984-BA10-F330B930FC56
et copie colle le resultat dans le bloc note et donne le nous
ne redemarre pas
ouvre le bloc note et copie colle ceci entre les etoiles
**********
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}]
"SymbolicLink"="\\\\?\\PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{96CAC0E6-F5E6-4984-BA10-F330B930FC56}"
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01#4&3b1caf2b&0&48F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{96CAC0E6-F5E6-4984-BA10-F330B930FC56}\Control]
************
enregistre le sur ton bureau et nomme le www.reg
et dans la case en dessous type met sur tous fichiers
la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre
et apres un hijack sans redemarrer et aussi a nouveau la recherche avec
http://www.billsway.com/vbspage/
decompresse le et tape
96CAC0E6-F5E6-4984-BA10-F330B930FC56
et copie colle le resultat dans le bloc note et donne le nous
ne redemarre pas
