Sujet Précédent Sujet Suivant

Voici mon hijackthis

Fermé
sebmorgaxe Messages postés 37 Date d'inscription mardi 20 décembre 2005 Statut Membre Dernière intervention 9 août 2006 - 12 févr. 2006 à 15:38
 Utilisateur anonyme - 13 févr. 2006 à 20:11
Salut
Voici mon hijackthis si quelqu'un voit quelque chose d'anormal
Merci
Logfile of HijackThis v1.99.1
Scan saved at 15:35:01, on 12/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\rundll32.exe
D:\FICHIERS INSTALL\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\hr6u05j9e.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YmVybmFyZA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

18 réponses

Réponse 1 / 18
Utilisateur anonyme
12 févr. 2006 à 16:32
salut

1/ Télécharge l2mfix.exe ici http://www.downloads.subratam.org/l2mfix.exe

Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install

2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.

@+++++++++
0
Réponse 2 / 18
sebmorgaxe Messages postés 37 Date d'inscription mardi 20 décembre 2005 Statut Membre Dernière intervention 9 août 2006
12 févr. 2006 à 19:31
Salut
Voici le rapport que tu as demandé

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hr6u05j9e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5A719D7A-4870-D344-B82E-07E9BB1E5685}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{0760C926-810E-467E-8A45-8F16C51B3AEC}"=""
"{E03E5FB6-9E50-4792-97CC-A80BF906986B}"=""
"{008BDDFF-E5D8-4560-A0EA-027BAD35403A}"=""
"{E78CEC34-D392-44BF-A52B-99F419433B3B}"=""
"{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}"=""
"{786C2E5B-4AC9-4E13-91C2-F11502CA76DE}"=""
"{5C548D73-9749-410B-80C7-0D820505B192}"=""
"{5FE4D4EA-171B-4B06-A8B7-CC35FB71084D}"=""
"{B1BACCBC-DC02-497B-928E-9CA158A833C1}"=""
"{30AB5956-7CC8-443A-BB66-7E43980446FE}"=""
"{68CF8529-43CD-4584-8E45-5BFB9A8A01E3}"=""
"{E97A7900-F4C1-4A92-8CB9-75ECFD58385E}"=""
"{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}"=""
"{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}"=""
"{E68E3647-5C7E-4E94-9C14-1F32923FEC77}"=""
"{4DD9996E-4DD9-47E2-9CB8-455D249D1366}"=""
"{5BC14A60-D8BC-4D83-9133-22484C46ECE8}"=""
"{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{09D90A0F-01CA-495C-A84A-973BE293DD44}"=""
"{ED71D613-694B-4A6B-9AF4-991887192B5D}"=""
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}"=""
"{1DAB15E8-9C66-4900-9B15-A00EF34093C1}"=""
"{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}"=""
"{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}"=""
"{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}"=""
"{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}"=""
"{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}"=""
"{62BD1528-1CCB-45BA-94FA-A89852021659}"=""
"{B34F5B2E-9719-42F5-BA17-7514520D5EDA}"=""
"{17A5A649-81E1-4302-B652-AED260D17487}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}\InprocServer32]
@="C:\\WINDOWS\\system32\\dnmodemx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}\InprocServer32]
@="C:\\WINDOWS\\system32\\jfmd400.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E68E3647-5C7E-4E94-9C14-1F32923FEC77}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E68E3647-5C7E-4E94-9C14-1F32923FEC77}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E68E3647-5C7E-4E94-9C14-1F32923FEC77}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E68E3647-5C7E-4E94-9C14-1F32923FEC77}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4DD9996E-4DD9-47E2-9CB8-455D249D1366}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DD9996E-4DD9-47E2-9CB8-455D249D1366}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DD9996E-4DD9-47E2-9CB8-455D249D1366}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DD9996E-4DD9-47E2-9CB8-455D249D1366}\InprocServer32]
@="C:\\WINDOWS\\system32\\RBOCURS.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5BC14A60-D8BC-4D83-9133-22484C46ECE8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC14A60-D8BC-4D83-9133-22484C46ECE8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC14A60-D8BC-4D83-9133-22484C46ECE8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC14A60-D8BC-4D83-9133-22484C46ECE8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ojjsel.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}\InprocServer32]
@="C:\\WINDOWS\\system32\\scmapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{09D90A0F-01CA-495C-A84A-973BE293DD44}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09D90A0F-01CA-495C-A84A-973BE293DD44}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09D90A0F-01CA-495C-A84A-973BE293DD44}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09D90A0F-01CA-495C-A84A-973BE293DD44}\InprocServer32]
@="C:\\WINDOWS\\system32\\MNC71ENU.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ED71D613-694B-4A6B-9AF4-991887192B5D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED71D613-694B-4A6B-9AF4-991887192B5D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED71D613-694B-4A6B-9AF4-991887192B5D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED71D613-694B-4A6B-9AF4-991887192B5D}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhxbde40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}\InprocServer32]
@="C:\\WINDOWS\\system32\\iTspolcy.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1DAB15E8-9C66-4900-9B15-A00EF34093C1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DAB15E8-9C66-4900-9B15-A00EF34093C1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DAB15E8-9C66-4900-9B15-A00EF34093C1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DAB15E8-9C66-4900-9B15-A00EF34093C1}\InprocServer32]
@="C:\\WINDOWS\\system32\\hjfcisp2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\MQSTKPRP.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}\InprocServer32]
@="C:\\WINDOWS\\system32\\mfxoci.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}\InprocServer32]
@="C:\\WINDOWS\\system32\\MTSTKPRP.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\cfusapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}\InprocServer32]
@="C:\\WINDOWS\\system32\\dZdramp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{62BD1528-1CCB-45BA-94FA-A89852021659}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{62BD1528-1CCB-45BA-94FA-A89852021659}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{62BD1528-1CCB-45BA-94FA-A89852021659}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{62BD1528-1CCB-45BA-94FA-A89852021659}\InprocServer32]
@="C:\\WINDOWS\\system32\\dwsetup.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B34F5B2E-9719-42F5-BA17-7514520D5EDA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B34F5B2E-9719-42F5-BA17-7514520D5EDA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B34F5B2E-9719-42F5-BA17-7514520D5EDA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B34F5B2E-9719-42F5-BA17-7514520D5EDA}\InprocServer32]
@="C:\\WINDOWS\\system32\\MXC71CHS.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{17A5A649-81E1-4302-B652-AED260D17487}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17A5A649-81E1-4302-B652-AED260D17487}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17A5A649-81E1-4302-B652-AED260D17487}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17A5A649-81E1-4302-B652-AED260D17487}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwltus40.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
atmtd.dll Sat 4 Feb 2006 17:13:34 A.... 687 592 671,48 K
browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K
gdi32.dll Thu 29 Dec 2005 3:56:04 A.... 280 064 273,50 K
h44m0e~1.dll Sat 11 Feb 2006 16:47:22 ..S.R 234 123 228,63 K
hr6u05~1.dll Fri 10 Feb 2006 21:24:42 ..S.R 236 006 230,47 K
mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M
mwltus40.dll Sun 12 Feb 2006 15:16:58 ..... 236 006 230,47 K
s32evnt1.dll Tue 3 Jan 2006 15:31:44 A.... 91 904 89,75 K
shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M

9 items found: 9 files (2 H/S), 0 directories.
Total of file sizes: 7 295 295 bytes 6,96 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
__dele~1.tmp Sun 12 Feb 2006 15:19:06 ..... 236 006 230,47 K

1 item found: 1 file, 0 directories.
Total of file sizes: 236 006 bytes 230,47 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est F8BB-677F

R‚pertoire de C:\WINDOWS\System32

11/02/2006 16:47 234ÿ123 h44m0eh1eh4.dll
10/02/2006 21:24 236ÿ006 hr6u05j9e.dll
07/02/2006 13:55 <REP> dllcache
08/03/2005 15:30 <REP> Microsoft
2 fichier(s) 470ÿ129 octets
2 R‚p(s) 377ÿ405ÿ440 octets libres
0
Réponse 3 / 18
Utilisateur anonyme
12 févr. 2006 à 20:17
ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.

@++++++++++
0
Réponse 4 / 18
sebmorgaxe Messages postés 37 Date d'inscription mardi 20 décembre 2005 Statut Membre Dernière intervention 9 août 2006
13 févr. 2006 à 15:23
Salut jess 15

Voici le rapport
L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 592 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 684 'winlogon.exe'
Killing PID 684 'winlogon.exe'
Killing PID 684 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1204 'explorer.exe'
Killing PID 1204 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1092 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\h44m0eh1eh4.dll
Successfully Deleted: C:\WINDOWS\system32\h44m0eh1eh4.dll
Deleting: C:\WINDOWS\system32\j0n2la5o1d.dll
Successfully Deleted: C:\WINDOWS\system32\j0n2la5o1d.dll
Deleting: C:\WINDOWS\system32\wusapi32.dll
Successfully Deleted: C:\WINDOWS\system32\wusapi32.dll
Deleting: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp

msg11?.dll
0 fichier(s) copi‚(s).



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\h44m0eh1eh4.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\h44m0eh1eh4.dll
C:\WINDOWS\system32\j0n2la5o1d.dll
C:\WINDOWS\system32\wusapi32.dll
C:\WINDOWS\system32\__delete_on_reboot__guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}\InprocServer32]
@="C:\\WINDOWS\\system32\\dnmodemx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}\InprocServer32]
@="C:\\WINDOWS\\system32\\jfmd400.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E68E3647-5C7E-4E94-9C14-1F32923FEC77}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E68E3647-5C7E-4E94-9C14-1F32923FEC77}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E68E3647-5C7E-4E94-9C14-1F32923FEC77}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E68E3647-5C7E-4E94-9C14-1F32923FEC77}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4DD9996E-4DD9-47E2-9CB8-455D249D1366}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DD9996E-4DD9-47E2-9CB8-455D249D1366}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DD9996E-4DD9-47E2-9CB8-455D249D1366}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DD9996E-4DD9-47E2-9CB8-455D249D1366}\InprocServer32]
@="C:\\WINDOWS\\system32\\RBOCURS.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5BC14A60-D8BC-4D83-9133-22484C46ECE8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC14A60-D8BC-4D83-9133-22484C46ECE8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC14A60-D8BC-4D83-9133-22484C46ECE8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC14A60-D8BC-4D83-9133-22484C46ECE8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ojjsel.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}\InprocServer32]
@="C:\\WINDOWS\\system32\\scmapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{09D90A0F-01CA-495C-A84A-973BE293DD44}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09D90A0F-01CA-495C-A84A-973BE293DD44}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09D90A0F-01CA-495C-A84A-973BE293DD44}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09D90A0F-01CA-495C-A84A-973BE293DD44}\InprocServer32]
@="C:\\WINDOWS\\system32\\MNC71ENU.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ED71D613-694B-4A6B-9AF4-991887192B5D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED71D613-694B-4A6B-9AF4-991887192B5D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED71D613-694B-4A6B-9AF4-991887192B5D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED71D613-694B-4A6B-9AF4-991887192B5D}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhxbde40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}\InprocServer32]
@="C:\\WINDOWS\\system32\\iTspolcy.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1DAB15E8-9C66-4900-9B15-A00EF34093C1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DAB15E8-9C66-4900-9B15-A00EF34093C1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DAB15E8-9C66-4900-9B15-A00EF34093C1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DAB15E8-9C66-4900-9B15-A00EF34093C1}\InprocServer32]
@="C:\\WINDOWS\\system32\\hjfcisp2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\MQSTKPRP.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}\InprocServer32]
@="C:\\WINDOWS\\system32\\mfxoci.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}\InprocServer32]
@="C:\\WINDOWS\\system32\\MTSTKPRP.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\cfusapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}\InprocServer32]
@="C:\\WINDOWS\\system32\\dZdramp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{62BD1528-1CCB-45BA-94FA-A89852021659}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{62BD1528-1CCB-45BA-94FA-A89852021659}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{62BD1528-1CCB-45BA-94FA-A89852021659}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{62BD1528-1CCB-45BA-94FA-A89852021659}\InprocServer32]
@="C:\\WINDOWS\\system32\\dwsetup.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B34F5B2E-9719-42F5-BA17-7514520D5EDA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B34F5B2E-9719-42F5-BA17-7514520D5EDA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B34F5B2E-9719-42F5-BA17-7514520D5EDA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B34F5B2E-9719-42F5-BA17-7514520D5EDA}\InprocServer32]
@="C:\\WINDOWS\\system32\\MXC71CHS.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{17A5A649-81E1-4302-B652-AED260D17487}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17A5A649-81E1-4302-B652-AED260D17487}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17A5A649-81E1-4302-B652-AED260D17487}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17A5A649-81E1-4302-B652-AED260D17487}\InprocServer32]
@="C:\\WINDOWS\\system32\\wusapi32.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0760C926-810E-467E-8A45-8F16C51B3AEC}"=-
"{E03E5FB6-9E50-4792-97CC-A80BF906986B}"=-
"{008BDDFF-E5D8-4560-A0EA-027BAD35403A}"=-
"{E78CEC34-D392-44BF-A52B-99F419433B3B}"=-
"{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}"=-
"{786C2E5B-4AC9-4E13-91C2-F11502CA76DE}"=-
"{5C548D73-9749-410B-80C7-0D820505B192}"=-
"{5FE4D4EA-171B-4B06-A8B7-CC35FB71084D}"=-
"{B1BACCBC-DC02-497B-928E-9CA158A833C1}"=-
"{30AB5956-7CC8-443A-BB66-7E43980446FE}"=-
"{68CF8529-43CD-4584-8E45-5BFB9A8A01E3}"=-
"{E97A7900-F4C1-4A92-8CB9-75ECFD58385E}"=-
"{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}"=-
"{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}"=-
"{E68E3647-5C7E-4E94-9C14-1F32923FEC77}"=-
"{4DD9996E-4DD9-47E2-9CB8-455D249D1366}"=-
"{5BC14A60-D8BC-4D83-9133-22484C46ECE8}"=-
"{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}"=-
"{09D90A0F-01CA-495C-A84A-973BE293DD44}"=-
"{ED71D613-694B-4A6B-9AF4-991887192B5D}"=-
"{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}"=-
"{1DAB15E8-9C66-4900-9B15-A00EF34093C1}"=-
"{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}"=-
"{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}"=-
"{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}"=-
"{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}"=-
"{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}"=-
"{62BD1528-1CCB-45BA-94FA-A89852021659}"=-
"{B34F5B2E-9719-42F5-BA17-7514520D5EDA}"=-
"{17A5A649-81E1-4302-B652-AED260D17487}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0760C926-810E-467E-8A45-8F16C51B3AEC}]
[-HKEY_CLASSES_ROOT\CLSID\{E03E5FB6-9E50-4792-97CC-A80BF906986B}]
[-HKEY_CLASSES_ROOT\CLSID\{008BDDFF-E5D8-4560-A0EA-027BAD35403A}]
[-HKEY_CLASSES_ROOT\CLSID\{E78CEC34-D392-44BF-A52B-99F419433B3B}]
[-HKEY_CLASSES_ROOT\CLSID\{5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1}]
[-HKEY_CLASSES_ROOT\CLSID\{786C2E5B-4AC9-4E13-91C2-F11502CA76DE}]
[-HKEY_CLASSES_ROOT\CLSID\{5C548D73-9749-410B-80C7-0D820505B192}]
[-HKEY_CLASSES_ROOT\CLSID\{5FE4D4EA-171B-4B06-A8B7-CC35FB71084D}]
[-HKEY_CLASSES_ROOT\CLSID\{B1BACCBC-DC02-497B-928E-9CA158A833C1}]
[-HKEY_CLASSES_ROOT\CLSID\{30AB5956-7CC8-443A-BB66-7E43980446FE}]
[-HKEY_CLASSES_ROOT\CLSID\{68CF8529-43CD-4584-8E45-5BFB9A8A01E3}]
[-HKEY_CLASSES_ROOT\CLSID\{E97A7900-F4C1-4A92-8CB9-75ECFD58385E}]
[-HKEY_CLASSES_ROOT\CLSID\{EF9F4CBD-5C0E-4017-9B04-19FFC97F4654}]
[-HKEY_CLASSES_ROOT\CLSID\{E1F6C7E8-0597-484A-BBC3-89119FE7EBCB}]
[-HKEY_CLASSES_ROOT\CLSID\{E68E3647-5C7E-4E94-9C14-1F32923FEC77}]
[-HKEY_CLASSES_ROOT\CLSID\{4DD9996E-4DD9-47E2-9CB8-455D249D1366}]
[-HKEY_CLASSES_ROOT\CLSID\{5BC14A60-D8BC-4D83-9133-22484C46ECE8}]
[-HKEY_CLASSES_ROOT\CLSID\{6A0AA2B1-45FB-415D-A56E-BA25154A70DB}]
[-HKEY_CLASSES_ROOT\CLSID\{09D90A0F-01CA-495C-A84A-973BE293DD44}]
[-HKEY_CLASSES_ROOT\CLSID\{ED71D613-694B-4A6B-9AF4-991887192B5D}]
[-HKEY_CLASSES_ROOT\CLSID\{31B1C8D3-9786-4804-AE51-3CF93CB2D51F}]
[-HKEY_CLASSES_ROOT\CLSID\{1DAB15E8-9C66-4900-9B15-A00EF34093C1}]
[-HKEY_CLASSES_ROOT\CLSID\{B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2}]
[-HKEY_CLASSES_ROOT\CLSID\{FDDFA9DB-1CC3-4357-A935-7A6C59741A3C}]
[-HKEY_CLASSES_ROOT\CLSID\{07ACFAB1-3919-41D1-AC78-27FAD6227ADE}]
[-HKEY_CLASSES_ROOT\CLSID\{390E1AD2-76EF-477E-A85E-D8EC22DB94FF}]
[-HKEY_CLASSES_ROOT\CLSID\{2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61}]
[-HKEY_CLASSES_ROOT\CLSID\{62BD1528-1CCB-45BA-94FA-A89852021659}]
[-HKEY_CLASSES_ROOT\CLSID\{B34F5B2E-9719-42F5-BA17-7514520D5EDA}]
[-HKEY_CLASSES_ROOT\CLSID\{17A5A649-81E1-4302-B652-AED260D17487}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/h44m0eh1eh4.dll (164 bytes security) (deflated 4%)
adding: dlls/j0n2la5o1d.dll (164 bytes security) (deflated 5%)
adding: dlls/wusapi32.dll (164 bytes security) (deflated 4%)
adding: dlls/__delete_on_reboot__guard.tmp (164 bytes security) (deflated 4%)
adding: backregs/07ACFAB1-3919-41D1-AC78-27FAD6227ADE.reg (188 bytes security) (deflated 70%)
adding: backregs/09D90A0F-01CA-495C-A84A-973BE293DD44.reg (188 bytes security) (deflated 70%)
adding: backregs/17A5A649-81E1-4302-B652-AED260D17487.reg (188 bytes security) (deflated 70%)
adding: backregs/1DAB15E8-9C66-4900-9B15-A00EF34093C1.reg (188 bytes security) (deflated 70%)
adding: backregs/2317F0E1-E75D-4EEE-AFF2-D9E2FC430E61.reg (188 bytes security) (deflated 70%)
adding: backregs/31B1C8D3-9786-4804-AE51-3CF93CB2D51F.reg (188 bytes security) (deflated 70%)
adding: backregs/390E1AD2-76EF-477E-A85E-D8EC22DB94FF.reg (188 bytes security) (deflated 70%)
adding: backregs/4DD9996E-4DD9-47E2-9CB8-455D249D1366.reg (188 bytes security) (deflated 70%)
adding: backregs/5A5A190E-4A4F-4B47-AC12-BEDA305CD0D1.reg (188 bytes security) (deflated 70%)
adding: backregs/5BC14A60-D8BC-4D83-9133-22484C46ECE8.reg (188 bytes security) (deflated 71%)
adding: backregs/62BD1528-1CCB-45BA-94FA-A89852021659.reg (188 bytes security) (deflated 70%)
adding: backregs/6A0AA2B1-45FB-415D-A56E-BA25154A70DB.reg (188 bytes security) (deflated 70%)
adding: backregs/B03A25FD-9258-4E1D-A1DF-ED001F1CB4A2.reg (188 bytes security) (deflated 70%)
adding: backregs/B34F5B2E-9719-42F5-BA17-7514520D5EDA.reg (188 bytes security) (deflated 70%)
adding: backregs/E1F6C7E8-0597-484A-BBC3-89119FE7EBCB.reg (188 bytes security) (deflated 70%)
adding: backregs/E68E3647-5C7E-4E94-9C14-1F32923FEC77.reg (188 bytes security) (deflated 70%)
adding: backregs/ED71D613-694B-4A6B-9AF4-991887192B5D.reg (188 bytes security) (deflated 70%)
adding: backregs/EF9F4CBD-5C0E-4017-9B04-19FFC97F4654.reg (188 bytes security) (deflated 70%)
adding: backregs/FDDFA9DB-1CC3-4357-A935-7A6C59741A3C.reg (188 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
Utilisateur anonyme
13 févr. 2006 à 15:32
tu as oublié le rapport hijack :)

@++++++++
0
Réponse 6 / 18
sebmorgaxe Messages postés 37 Date d'inscription mardi 20 décembre 2005 Statut Membre Dernière intervention 9 août 2006
13 févr. 2006 à 15:43
excuse
Logfile of HijackThis v1.99.1
Scan saved at 15:42:18, on 13/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\FICHIERS INSTALL\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\h44m0eh1eh4.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YmVybmFyZA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 7 / 18
Utilisateur anonyme
13 févr. 2006 à 15:50
ton log est propre just cette ligne a fixé

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\h44m0eh1eh4.dll (file missing)

t'en ai ou avec tes problemes?

@++++++++
0
Réponse 8 / 18
sebmorgaxe Messages postés 37 Date d'inscription mardi 20 décembre 2005 Statut Membre Dernière intervention 9 août 2006
13 févr. 2006 à 15:57
re
apparamment tout va tres bien
faut il que je retire la ligne 20
Bernard
0
Réponse 9 / 18
Utilisateur anonyme
13 févr. 2006 à 16:00
lance hijack / coche cette ligne puis clike sur fix checked

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\h44m0eh1eh4.dll (file missing)

je te conseilles d'installer un parefeu pour bloquer les attaques
(kerio)
http://www.clubic.com/telecharger-fiche11071-kerio-personal-firewall.html

(tutorial kerio) :
http://www.pcentraide.com/index.php?showtopic=110

@+++++++++++
0
Réponse 10 / 18
Utilisateur anonyme
13 févr. 2006 à 16:01
Salut,

fixe ceci
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YmVybmFyZA\command.exe (file missing)

supprime
C:\WINDOWS\YmVybmFyZA

¤Arrête ce service :

Clique sur Démarrer->exécuter->tape: services.msc

Double-clique: Service: Command Service

Règle-le sur "Arrêté" et "Désactivé".

Redémarre ton PC et remet un HijackThis

a+
0
Réponse 11 / 18
sebmorgaxe Messages postés 37 Date d'inscription mardi 20 décembre 2005 Statut Membre Dernière intervention 9 août 2006
13 févr. 2006 à 16:18
Salut Regis
voici monhijackthis

Logfile of HijackThis v1.99.1
Scan saved at 16:16:14, on 13/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
D:\FICHIERS INSTALL\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YmVybmFyZA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 12 / 18
Utilisateur anonyme
13 févr. 2006 à 16:27
Salut

tu avais fait comme je t avais demandé?
Si oui , peux tu recommencer?
Et si tu as un peu de temps, lance un scan d ewido et copie/colle le rapport

A+
0
Réponse 13 / 18
sebmorgaxe Messages postés 37 Date d'inscription mardi 20 décembre 2005 Statut Membre Dernière intervention 9 août 2006
13 févr. 2006 à 16:46
re

Jai recommencé comme tu m'as dit j'avais oublié de désactiver en 1ere page
je crois que maintenant ca va
voici en attendant le rapport d ewido le hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 16:41:23, on 13/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
D:\FICHIERS INSTALL\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 14 / 18
Utilisateur anonyme
13 févr. 2006 à 16:49
Voila :-)

Apres avoir fait le scan d ewido.Tu postes le rapport.
Puis, tu redemarres ton pc, tu remet un Hijack this, et tu precises tes soucis a jess.

Voila ;-)
0
Réponse 15 / 18
sebmorgaxe Messages postés 37 Date d'inscription mardi 20 décembre 2005 Statut Membre Dernière intervention 9 août 2006
13 févr. 2006 à 17:15
voici le rapport d ewido
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 17:13:33, 13/02/2006
+ Somme de contrôle: A265D454

+ Résultats du scan:

C:\WINDOWS\Temp\Cookies\bernard@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Cookies\bernard@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Cookies\bernard@ehg-ads.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Cookies\bernard@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Cookies\bernard@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Cookies\bernard@paypopup[1].txt -> TrackingCookie.Paypopup : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Cookies\bernard@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Cookies\bernard@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\bernard\Cookies\bernard@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\bernard\Cookies\bernard@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\bernard\Cookies\bernard@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder


::Fin du rapport
0
Réponse 16 / 18
Utilisateur anonyme
13 févr. 2006 à 17:19
ok c'est bon installe un parefeu comme je te l'ai suggéré :)

@+++++++++++
0
Réponse 17 / 18
sebmorgaxe Messages postés 37 Date d'inscription mardi 20 décembre 2005 Statut Membre Dernière intervention 9 août 2006
13 févr. 2006 à 17:25
oki
voici comme demandé le hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 17:23:36, on 13/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\FICHIERS INSTALL\HijackThis.exe
D:\FICHIERS INSTALL\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 18 / 18
Utilisateur anonyme
13 févr. 2006 à 20:11
Salut

apparemment norton a un pare feu integre
Norton AntiVirus Firewall

Tu confirmes?

a+
0

Discussions similaires

Analyse des logs hijackthis
philnoug -
nayas13 -

35 réponses
Hijackthis pour Android mobile
Sartuplady -
le druide -

3 réponses
interprêté mon hijackthis svp
kevmurray -
plopus -

11 réponses
HIJACKTHIS tutorial
CHUNKY -
Fox-Winsax -

3 réponses
Analyse rapport Hijackthis
Utilisateur anonyme -
Malekal_morte- -

20 réponses