Sujet Précédent Sujet Suivant

Virus adware Look2me + trojan Dropper

Silver Rose -  
 Utilisateur anonyme -
Logfile of HijackThis v1.99.1
Scan saved at 11:29:09, on 10/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\HijacckThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emsisoft.com/account/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IESecurity - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\IESECU~1\iesecpro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\fr\msntb.dll
O4 - HKLM\..\Run: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\Run: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\\\etb\\pokapoka79.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\BOUSSARI\Mes documents\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ServicesLog] msssmsngr6417.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\RunServices: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\RunServices: [ServicesLog] msssmsngr6417.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131024015229
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\en6ml1j11.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: SSC - Unknown owner - C:\Program Files\IE Security\ssc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 11:55:00, 10/03/2006
+ Somme de contrôle: C30BE0DB

+ Résultats du scan:

[640] C:\WINDOWS\system32\ptrfnet.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{2E51A528-ECC7-4595-8825-382D937023F6}\RP1\A0000007.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{2E51A528-ECC7-4595-8825-382D937023F6}\RP1\A0000008.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\dxcprop.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\ptrfnet.dll -> Adware.Look2Me : Nettoyer et sauvegarder

::Fin du rapport
A voir également:

40 réponses

  • 1
  • 2
Réponse 1 / 40
rosesilver
 
Voici où j’en suis. Logiciels téléchargés et installé : Hijack this et Ewido-antimalware (pour relever les logfiles) ; Ad-aware, Microsoft antispyware pour supprimer les spywares ; iesecpro (pour contrôler IE) ; cleanUp40 et Ccleaner pour supprimer tous les fichiers temporaires et Avast comme antivirus. J’ai aussi installé BitDefender pour servir de pare-feu. Il y a spybot que je n’ai pas pu téléchargé et a-squared qui ne marche pas (il faudrait une clé semble t-il). Sur le pc en question, la connexion internet ne marche et il rame...un P4 cadencé à près de 2Ghz
Voici les derniers logfiles de hijack this et Ewido en « mode sans échec » et sans restauration système. Un (ou une) ange pourrait-il les examiner et me dire quelles lignes fixer ? Merci par avance de votre extrême gentillesse.
0
aranjuez31 Messages postés 8069 Statut Contributeur 354
 
hello
"""et a-squared qui ne marche pas (il faudrait une clé semble t-il). """"

exact, c est à toi de la dder
0
Réponse 2 / 40
Utilisateur anonyme
 
salut

1/ Télécharge l2mfix.exe ici http://www.downloads.subratam.org/l2mfix.exe

Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install

2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.

3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.

@+++++++++
0
Réponse 3 / 40
aranjuez31 Messages postés 8069 Statut Contributeur 354
 
Hello
0
Silver Rose
 
Excuses-moi mais je ne comprends pas ton message.
0
aranjuez31 Messages postés 8069 Statut Contributeur 354 > Silver Rose
 
re sil
simple bjr pour suivre l avancement de ton blem
0
Réponse 4 / 40
rosesilver
 
j'ai lancé l2mfix mais je n'ai aucun rapport à poster. Il s'était ouvert une fenêtre ms-dos titrée: .../system32/cmd.exe.
J'ai continué et plus rien. Dois-je continuer avec secondbat?

merci à jess
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 40
Utilisateur anonyme
 
salut ca veut que le fichier suivant ( cmd.exe ) est endomager donc tu doit le reparer comme ceci :

si tu as windows xp pro si c'est le cas alors telecharge ceci :

http://homepage.ntlworld.com/spencer.greystrong/XPProfiles.exe

si tu as une autre version rend toi sur ce site et choisi ce qui correspond a ton system d'exploitation

http://www.tech-forums.net/computer/topic/29806.html

double clike dessus. il va te proposer de dezzipé les fichiers ici C:\Windows\System32
ensuite clike sur "unzip"

redemare ....

lance l2m option 2 et colle le resultat ici

@++++++++
0
Réponse 6 / 40
Silver Rose
 
Voici le premier rapport de l2m. Je lance secondbat

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l8j8li1u18.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AADC2858-D0BE-550C-5EB3-7716025D3527}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{2293BEDF-CA62-45BE-BCCE-B1A0DC871CE8}"=""
"{CB499478-CDBF-4A34-B20A-29D2DB01D685}"=""
"{42B27AFA-9207-4D3C-AF9C-033D4AA1B523}"=""
"{A299678C-AA78-4810-8875-12E126C3AF64}"=""
"{B68EA6DF-F2C5-4202-8A47-25CA5B20DE80}"=""
"{78FDB30D-3A8C-48C3-9A07-57CD8689C0FA}"=""
"{4ACC2483-3F7A-48FD-82FE-7C89C489F946}"=""
"{375D4BCD-CB91-4E23-8F21-717C6640583A}"=""
"{8D19357A-1C73-4F6B-A667-4676A112E6F4}"=""
"{8D9D8524-97C0-426A-8FC5-831744444119}"=""
"{4ADE002A-0A55-4510-BD50-956A2F7BACBC}"=""
"{9588A438-9A6F-4564-97EC-54D223B28FD4}"=""
"{F37B3B1E-46FE-4050-B552-E3886E2BA7C2}"=""
"{CB178675-B816-4F56-8CE5-C395E3A7EAEC}"=""
"{C84AB827-24AA-4AB7-9B84-D3E2E4615792}"=""
"{0DD11191-4CEF-4A5F-8FD0-EEA1E645E631}"=""
"{D165E6DF-FADC-46BD-BF53-42DF8B3FEF42}"=""
"{F84BA174-2908-4058-8827-090902F137BF}"=""
"{08CCC3DC-4E04-45F2-A8D1-25C7F672C3F7}"=""
"{3AF408A0-A2AA-4254-A032-7090309A10F7}"=""
"{D94BB227-6F99-4F6B-AE76-AAA4BEF66EDF}"=""
"{2CCA20E4-5191-4009-9AB8-FEBE9FEB0D77}"=""
"{6B34DBAB-5FBA-417E-9EA8-EE45C68BA0B4}"=""
"{457899DC-2C26-47FE-AC69-00FDF3A6159A}"=""
"{778B20D8-EFF4-4D83-A656-B142FBB01D9C}"=""
"{6AC3AC9A-F8B8-4520-B030-7B24D0D02CF5}"=""
"{C1CD07D2-53BC-4F65-8822-47C688D67823}"=""
"{7B4E14AE-BD02-4CFA-88C9-35F0D5C7AEAE}"=""
"{88FC7286-2F0E-4FE3-A5F1-F4798596D856}"=""
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{86C15555-7B91-4E8C-89A8-8D9610DD4E63}"=""
"{2F451798-D325-4C63-A458-9B5A4880F428}"=""
"{EF0D4176-EEFC-4BDA-B962-557D8BFA87BF}"=""
"{802A6834-882C-4AD6-92A3-91CDE37004E7}"=""
"{58EB5E18-802C-4B21-B531-C9F363653B22}"=""
"{5E3A614C-C727-42BD-8EAC-DECA98083F5E}"=""
"{09E1A2FD-2AD8-4307-98DC-8B4F66B6D7D8}"=""
"{543811FB-DF04-47ED-8D62-37BE3A14F3FF}"=""
"{FD9C990B-5824-41FD-9C1A-5308CE5504DA}"=""
"{2A31E0BD-2511-48F3-9954-D5B1212FEA34}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2293BEDF-CA62-45BE-BCCE-B1A0DC871CE8}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{2293BEDF-CA62-45BE-BCCE-B1A0DC871CE8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2293BEDF-CA62-45BE-BCCE-B1A0DC871CE8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2293BEDF-CA62-45BE-BCCE-B1A0DC871CE8}\InprocServer32]
@="C:\\WINDOWS\\system32\\kidaze.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{42B27AFA-9207-4D3C-AF9C-033D4AA1B523}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42B27AFA-9207-4D3C-AF9C-033D4AA1B523}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42B27AFA-9207-4D3C-AF9C-033D4AA1B523}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42B27AFA-9207-4D3C-AF9C-033D4AA1B523}\InprocServer32]
@="C:\\WINDOWS\\system32\\djnhpast.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A299678C-AA78-4810-8875-12E126C3AF64}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A299678C-AA78-4810-8875-12E126C3AF64}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A299678C-AA78-4810-8875-12E126C3AF64}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A299678C-AA78-4810-8875-12E126C3AF64}\InprocServer32]
@="C:\\WINDOWS\\system32\\mb4sdmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B68EA6DF-F2C5-4202-8A47-25CA5B20DE80}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B68EA6DF-F2C5-4202-8A47-25CA5B20DE80}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B68EA6DF-F2C5-4202-8A47-25CA5B20DE80}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B68EA6DF-F2C5-4202-8A47-25CA5B20DE80}\InprocServer32]
@="C:\\WINDOWS\\system32\\lmcwmi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{78FDB30D-3A8C-48C3-9A07-57CD8689C0FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{78FDB30D-3A8C-48C3-9A07-57CD8689C0FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{78FDB30D-3A8C-48C3-9A07-57CD8689C0FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{78FDB30D-3A8C-48C3-9A07-57CD8689C0FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\oje2disp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4ACC2483-3F7A-48FD-82FE-7C89C489F946}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4ACC2483-3F7A-48FD-82FE-7C89C489F946}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4ACC2483-3F7A-48FD-82FE-7C89C489F946}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4ACC2483-3F7A-48FD-82FE-7C89C489F946}\InprocServer32]
@="C:\\WINDOWS\\system32\\mBg_hook.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{375D4BCD-CB91-4E23-8F21-717C6640583A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{375D4BCD-CB91-4E23-8F21-717C6640583A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{375D4BCD-CB91-4E23-8F21-717C6640583A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{375D4BCD-CB91-4E23-8F21-717C6640583A}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkgest.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D19357A-1C73-4F6B-A667-4676A112E6F4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D19357A-1C73-4F6B-A667-4676A112E6F4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D19357A-1C73-4F6B-A667-4676A112E6F4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D19357A-1C73-4F6B-A667-4676A112E6F4}\InprocServer32]
@="C:\\WINDOWS\\system32\\kzdkaz.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D9D8524-97C0-426A-8FC5-831744444119}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D9D8524-97C0-426A-8FC5-831744444119}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D9D8524-97C0-426A-8FC5-831744444119}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D9D8524-97C0-426A-8FC5-831744444119}\InprocServer32]
@="C:\\WINDOWS\\system32\\nuwdev.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4ADE002A-0A55-4510-BD50-956A2F7BACBC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4ADE002A-0A55-4510-BD50-956A2F7BACBC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4ADE002A-0A55-4510-BD50-956A2F7BACBC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4ADE002A-0A55-4510-BD50-956A2F7BACBC}\InprocServer32]
@="C:\\WINDOWS\\system32\\ktdcz1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9588A438-9A6F-4564-97EC-54D223B28FD4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9588A438-9A6F-4564-97EC-54D223B28FD4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9588A438-9A6F-4564-97EC-54D223B28FD4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9588A438-9A6F-4564-97EC-54D223B28FD4}\InprocServer32]
@="C:\\WINDOWS\\system32\\bnowser.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F37B3B1E-46FE-4050-B552-E3886E2BA7C2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F37B3B1E-46FE-4050-B552-E3886E2BA7C2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F37B3B1E-46FE-4050-B552-E3886E2BA7C2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F37B3B1E-46FE-4050-B552-E3886E2BA7C2}\InprocServer32]
@="C:\\WINDOWS\\system32\\dKdim700.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CB178675-B816-4F56-8CE5-C395E3A7EAEC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB178675-B816-4F56-8CE5-C395E3A7EAEC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB178675-B816-4F56-8CE5-C395E3A7EAEC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB178675-B816-4F56-8CE5-C395E3A7EAEC}\InprocServer32]
@="C:\\WINDOWS\\system32\\ivsmsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C84AB827-24AA-4AB7-9B84-D3E2E4615792}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C84AB827-24AA-4AB7-9B84-D3E2E4615792}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C84AB827-24AA-4AB7-9B84-D3E2E4615792}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C84AB827-24AA-4AB7-9B84-D3E2E4615792}\InprocServer32]
@="C:\\WINDOWS\\system32\\serio600.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0DD11191-4CEF-4A5F-8FD0-EEA1E645E631}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0DD11191-4CEF-4A5F-8FD0-EEA1E645E631}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0DD11191-4CEF-4A5F-8FD0-EEA1E645E631}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0DD11191-4CEF-4A5F-8FD0-EEA1E645E631}\InprocServer32]
@="C:\\WINDOWS\\system32\\svrrnfr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D165E6DF-FADC-46BD-BF53-42DF8B3FEF42}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D165E6DF-FADC-46BD-BF53-42DF8B3FEF42}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D165E6DF-FADC-46BD-BF53-42DF8B3FEF42}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D165E6DF-FADC-46BD-BF53-42DF8B3FEF42}\InprocServer32]
@="C:\\WINDOWS\\system32\\rMcpldlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F84BA174-2908-4058-8827-090902F137BF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F84BA174-2908-4058-8827-090902F137BF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F84BA174-2908-4058-8827-090902F137BF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F84BA174-2908-4058-8827-090902F137BF}\InprocServer32]
@="C:\\WINDOWS\\system32\\agptif.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{08CCC3DC-4E04-45F2-A8D1-25C7F672C3F7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08CCC3DC-4E04-45F2-A8D1-25C7F672C3F7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08CCC3DC-4E04-45F2-A8D1-25C7F672C3F7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08CCC3DC-4E04-45F2-A8D1-25C7F672C3F7}\InprocServer32]
@="C:\\WINDOWS\\system32\\upimdmat.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3AF408A0-A2AA-4254-A032-7090309A10F7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3AF408A0-A2AA-4254-A032-7090309A10F7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3AF408A0-A2AA-4254-A032-7090309A10F7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3AF408A0-A2AA-4254-A032-7090309A10F7}\InprocServer32]
@="C:\\WINDOWS\\system32\\dacprop2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D94BB227-6F99-4F6B-AE76-AAA4BEF66EDF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D94BB227-6F99-4F6B-AE76-AAA4BEF66EDF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D94BB227-6F99-4F6B-AE76-AAA4BEF66EDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D94BB227-6F99-4F6B-AE76-AAA4BEF66EDF}\InprocServer32]
@="C:\\WINDOWS\\system32\\wmauserv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2CCA20E4-5191-4009-9AB8-FEBE9FEB0D77}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2CCA20E4-5191-4009-9AB8-FEBE9FEB0D77}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2CCA20E4-5191-4009-9AB8-FEBE9FEB0D77}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2CCA20E4-5191-4009-9AB8-FEBE9FEB0D77}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwdxmlc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6B34DBAB-5FBA-417E-9EA8-EE45C68BA0B4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B34DBAB-5FBA-417E-9EA8-EE45C68BA0B4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B34DBAB-5FBA-417E-9EA8-EE45C68BA0B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B34DBAB-5FBA-417E-9EA8-EE45C68BA0B4}\InprocServer32]
@="C:\\WINDOWS\\system32\\cenfmsp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{457899DC-2C26-47FE-AC69-00FDF3A6159A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{457899DC-2C26-47FE-AC69-00FDF3A6159A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{457899DC-2C26-47FE-AC69-00FDF3A6159A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{457899DC-2C26-47FE-AC69-00FDF3A6159A}\InprocServer32]
@="C:\\WINDOWS\\system32\\dvvacm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{778B20D8-EFF4-4D83-A656-B142FBB01D9C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{778B20D8-EFF4-4D83-A656-B142FBB01D9C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{778B20D8-EFF4-4D83-A656-B142FBB01D9C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{778B20D8-EFF4-4D83-A656-B142FBB01D9C}\InprocServer32]
@="C:\\WINDOWS\\system32\\myiole32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6AC3AC9A-F8B8-4520-B030-7B24D0D02CF5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6AC3AC9A-F8B8-4520-B030-7B24D0D02CF5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6AC3AC9A-F8B8-4520-B030-7B24D0D02CF5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6AC3AC9A-F8B8-4520-B030-7B24D0D02CF5}\InprocServer32]
@="C:\\WINDOWS\\system32\\lvhsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C1CD07D2-53BC-4F65-8822-47C688D67823}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1CD07D2-53BC-4F65-8822-47C688D67823}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1CD07D2-53BC-4F65-8822-47C688D67823}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1CD07D2-53BC-4F65-8822-47C688D67823}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqvdmd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7B4E14AE-BD02-4CFA-88C9-35F0D5C7AEAE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B4E14AE-BD02-4CFA-88C9-35F0D5C7AEAE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B4E14AE-BD02-4CFA-88C9-35F0D5C7AEAE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B4E14AE-BD02-4CFA-88C9-35F0D5C7AEAE}\InprocServer32]
@="C:\\WINDOWS\\system32\\iaakui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{88FC7286-2F0E-4FE3-A5F1-F4798596D856}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88FC7286-2F0E-4FE3-A5F1-F4798596D856}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88FC7286-2F0E-4FE3-A5F1-F4798596D856}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88FC7286-2F0E-4FE3-A5F1-F4798596D856}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{86C15555-7B91-4E8C-89A8-8D9610DD4E63}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86C15555-7B91-4E8C-89A8-8D9610DD4E63}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86C15555-7B91-4E8C-89A8-8D9610DD4E63}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86C15555-7B91-4E8C-89A8-8D9610DD4E63}\InprocServer32]
@="C:\\WINDOWS\\system32\\lDngwrbk.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2F451798-D325-4C63-A458-9B5A4880F428}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F451798-D325-4C63-A458-9B5A4880F428}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F451798-D325-4C63-A458-9B5A4880F428}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F451798-D325-4C63-A458-9B5A4880F428}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EF0D4176-EEFC-4BDA-B962-557D8BFA87BF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF0D4176-EEFC-4BDA-B962-557D8BFA87BF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF0D4176-EEFC-4BDA-B962-557D8BFA87BF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF0D4176-EEFC-4BDA-B962-557D8BFA87BF}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhr2cenu.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{802A6834-882C-4AD6-92A3-91CDE37004E7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{802A6834-882C-4AD6-92A3-91CDE37004E7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{802A6834-882C-4AD6-92A3-91CDE37004E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{802A6834-882C-4AD6-92A3-91CDE37004E7}\InprocServer32]
@="C:\\WINDOWS\\system32\\mmvfw32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{58EB5E18-802C-4B21-B531-C9F363653B22}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{58EB5E18-802C-4B21-B531-C9F363653B22}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{58EB5E18-802C-4B21-B531-C9F363653B22}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{58EB5E18-802C-4B21-B531-C9F363653B22}\InprocServer32]
@="C:\\WINDOWS\\system32\\MJC42FRA.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5E3A614C-C727-42BD-8EAC-DECA98083F5E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E3A614C-C727-42BD-8EAC-DECA98083F5E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E3A614C-C727-42BD-8EAC-DECA98083F5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E3A614C-C727-42BD-8EAC-DECA98083F5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\dxcprop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{09E1A2FD-2AD8-4307-98DC-8B4F66B6D7D8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09E1A2FD-2AD8-4307-98DC-8B4F66B6D7D8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09E1A2FD-2AD8-4307-98DC-8B4F66B6D7D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09E1A2FD-2AD8-4307-98DC-8B4F66B6D7D8}\InprocServer32]
@="C:\\WINDOWS\\system32\\mrc42u.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{543811FB-DF04-47ED-8D62-37BE3A14F3FF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{543811FB-DF04-47ED-8D62-37BE3A14F3FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{543811FB-DF04-47ED-8D62-37BE3A14F3FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{543811FB-DF04-47ED-8D62-37BE3A14F3FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\ptrfnet.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FD9C990B-5824-41FD-9C1A-5308CE5504DA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FD9C990B-5824-41FD-9C1A-5308CE5504DA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FD9C990B-5824-41FD-9C1A-5308CE5504DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FD9C990B-5824-41FD-9C1A-5308CE5504DA}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkprop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2A31E0BD-2511-48F3-9954-D5B1212FEA34}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A31E0BD-2511-48F3-9954-D5B1212FEA34}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A31E0BD-2511-48F3-9954-D5B1212FEA34}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A31E0BD-2511-48F3-9954-D5B1212FEA34}\InprocServer32]
@="C:\\WINDOWS\\system32\\dunetlib.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
l8j8li~1.dll Fri 10 Mar 2006 13:04:52 ..S.R 235 456 229,94 K
mv26l9~1.dll Fri 10 Mar 2006 13:05:02 ..S.R 235 419 229,90 K
__dele~1.dll Fri 10 Mar 2006 22:11:38 A.... 235 456 229,94 K

3 items found: 3 files (2 H/S), 0 directories.
Total of file sizes: 706 331 bytes 689,77 K
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Fri 10 Mar 2006 22:11:46 A.... 235 579 230,05 K

1 item found: 1 file, 0 directories.
Total of file sizes: 235 579 bytes 230,05 K

**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C7D-315D

R‚pertoire de C:\WINDOWS\System32

10/03/2006 13:05 235ÿ419 mv26l9fs1.dll
10/03/2006 13:04 235ÿ456 l8j8li1u18.dll
04/11/2005 13:02 <REP> dllcache
18/10/2005 14:03 <REP> Microsoft
2 fichier(s) 470ÿ875 octets
2 R‚p(s) 71ÿ082ÿ250ÿ240 octets libres

merci beaucoup
0
Réponse 7 / 40
Silver Rose
 
le lancement de secondbat dit:

"Second.bat is not intended to be run on its own"

Que dois-je faire?

merci à tous!
0
Réponse 8 / 40
Utilisateur anonyme
 
salut

ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.

@++++++++
0
Réponse 9 / 40
Silver Rose
 
voici le nouveau rapport après redémarrage:

L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/08CCC3DC-4E04-45F2-A8D1-25C7F672C3F7.reg (188 bytes security) (deflated 70%)
adding: backregs/09E1A2FD-2AD8-4307-98DC-8B4F66B6D7D8.reg (188 bytes security) (deflated 70%)
adding: backregs/0DD11191-4CEF-4A5F-8FD0-EEA1E645E631.reg (188 bytes security) (deflated 70%)
adding: backregs/2293BEDF-CA62-45BE-BCCE-B1A0DC871CE8.reg (188 bytes security) (deflated 69%)
adding: backregs/2A31E0BD-2511-48F3-9954-D5B1212FEA34.reg (188 bytes security) (deflated 70%)
adding: backregs/2CCA20E4-5191-4009-9AB8-FEBE9FEB0D77.reg (188 bytes security) (deflated 70%)
adding: backregs/2F451798-D325-4C63-A458-9B5A4880F428.reg (188 bytes security) (deflated 70%)
adding: backregs/375D4BCD-CB91-4E23-8F21-717C6640583A.reg (188 bytes security) (deflated 70%)
adding: backregs/3AF408A0-A2AA-4254-A032-7090309A10F7.reg (188 bytes security) (deflated 70%)
adding: backregs/42B27AFA-9207-4D3C-AF9C-033D4AA1B523.reg (188 bytes security) (deflated 70%)
adding: backregs/457899DC-2C26-47FE-AC69-00FDF3A6159A.reg (188 bytes security) (deflated 70%)
adding: backregs/4ACC2483-3F7A-48FD-82FE-7C89C489F946.reg (188 bytes security) (deflated 70%)
adding: backregs/4ADE002A-0A55-4510-BD50-956A2F7BACBC.reg (188 bytes security) (deflated 70%)
adding: backregs/543811FB-DF04-47ED-8D62-37BE3A14F3FF.reg (188 bytes security) (deflated 70%)
adding: backregs/58EB5E18-802C-4B21-B531-C9F363653B22.reg (188 bytes security) (deflated 70%)
adding: backregs/5E3A614C-C727-42BD-8EAC-DECA98083F5E.reg (188 bytes security) (deflated 70%)
adding: backregs/6AC3AC9A-F8B8-4520-B030-7B24D0D02CF5.reg (188 bytes security) (deflated 70%)
adding: backregs/6B34DBAB-5FBA-417E-9EA8-EE45C68BA0B4.reg (188 bytes security) (deflated 70%)
adding: backregs/778B20D8-EFF4-4D83-A656-B142FBB01D9C.reg (188 bytes security) (deflated 70%)
adding: backregs/78FDB30D-3A8C-48C3-9A07-57CD8689C0FA.reg (188 bytes security) (deflated 70%)
adding: backregs/7B4E14AE-BD02-4CFA-88C9-35F0D5C7AEAE.reg (188 bytes security) (deflated 70%)
adding: backregs/802A6834-882C-4AD6-92A3-91CDE37004E7.reg (188 bytes security) (deflated 70%)
adding: backregs/86C15555-7B91-4E8C-89A8-8D9610DD4E63.reg (188 bytes security) (deflated 70%)
adding: backregs/88FC7286-2F0E-4FE3-A5F1-F4798596D856.reg (188 bytes security) (deflated 70%)
adding: backregs/8D19357A-1C73-4F6B-A667-4676A112E6F4.reg (188 bytes security) (deflated 70%)
adding: backregs/8D9D8524-97C0-426A-8FC5-831744444119.reg (188 bytes security) (deflated 70%)
adding: backregs/9588A438-9A6F-4564-97EC-54D223B28FD4.reg (188 bytes security) (deflated 70%)
adding: backregs/A299678C-AA78-4810-8875-12E126C3AF64.reg (188 bytes security) (deflated 70%)
adding: backregs/B68EA6DF-F2C5-4202-8A47-25CA5B20DE80.reg (188 bytes security) (deflated 70%)
adding: backregs/C1CD07D2-53BC-4F65-8822-47C688D67823.reg (188 bytes security) (deflated 70%)
adding: backregs/C84AB827-24AA-4AB7-9B84-D3E2E4615792.reg (188 bytes security) (deflated 70%)
adding: backregs/CB178675-B816-4F56-8CE5-C395E3A7EAEC.reg (188 bytes security) (deflated 70%)
adding: backregs/D165E6DF-FADC-46BD-BF53-42DF8B3FEF42.reg (188 bytes security) (deflated 70%)
adding: backregs/D94BB227-6F99-4F6B-AE76-AAA4BEF66EDF.reg (188 bytes security) (deflated 70%)
adding: backregs/EF0D4176-EEFC-4BDA-B962-557D8BFA87BF.reg (188 bytes security) (deflated 70%)
adding: backregs/F37B3B1E-46FE-4050-B552-E3886E2BA7C2.reg (188 bytes security) (deflated 70%)
adding: backregs/F84BA174-2908-4058-8827-090902F137BF.reg (188 bytes security) (deflated 70%)
adding: backregs/FD9C990B-5824-41FD-9C1A-5308CE5504DA.reg (188 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

merci...
0
Réponse 10 / 40
Utilisateur anonyme
 
met un hijack pour voir si le spy est partie

t'en ai ou avec tes probleme??

@+++++++++
0
Réponse 11 / 40
rosesilver
 
eh bien, chaque fois que je lance la machine en mode normal, il y a ewido qui trouve tjrs une infection du genre Adware.Look2Me dans le dossier system32 avec des fichiers qui changent tout le temps. Cette fois, c'est le fichier mzimsg.dll.
Voici le dernier log de hijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:46:34, on 11/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\HijacckThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emsisoft.com/account/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IESecurity - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\IESECU~1\iesecpro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\fr\msntb.dll
O4 - HKLM\..\Run: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\Run: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\\\etb\\pokapoka79.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\BOUSSARI\Mes documents\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ServicesLog] msssmsngr6417.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\RunServices: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\RunServices: [ServicesLog] msssmsngr6417.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131024015229
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\fpjm0311e.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: SSC - Unknown owner - C:\Program Files\IE Security\ssc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Quelles lignes faudrait-il fixer? Merci.
0
Réponse 12 / 40
Silver Rose
 
Et puis il y a BitDefender qui chaque trouve un même virus: Adware.Dinky.A.Trajan. Il ne faitn que bloquer le spyware pour qu'il n'infecte pas mon PC. Il ne l'élimine pas. Et l'objet pourrait se trouver dans le dossier windows\temp\tmp3

merci de vos éventuelles remarques.
0
Réponse 13 / 40
Utilisateur anonyme
 
salut refait l2mfix choisi l'option 2 et colle le rapport ici suivi d'un hijack

@+++++++++
0
Réponse 14 / 40
Silver Rose
 
Voici les logs de l2mix et hijack:

L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/08CCC3DC-4E04-45F2-A8D1-25C7F672C3F7.reg (188 bytes security) (deflated 70%)
updating: backregs/09E1A2FD-2AD8-4307-98DC-8B4F66B6D7D8.reg (188 bytes security) (deflated 70%)
updating: backregs/0DD11191-4CEF-4A5F-8FD0-EEA1E645E631.reg (188 bytes security) (deflated 70%)
updating: backregs/2293BEDF-CA62-45BE-BCCE-B1A0DC871CE8.reg (188 bytes security) (deflated 69%)
updating: backregs/2A31E0BD-2511-48F3-9954-D5B1212FEA34.reg (188 bytes security) (deflated 70%)
updating: backregs/2CCA20E4-5191-4009-9AB8-FEBE9FEB0D77.reg (188 bytes security) (deflated 70%)
updating: backregs/2F451798-D325-4C63-A458-9B5A4880F428.reg (188 bytes security) (deflated 70%)
updating: backregs/375D4BCD-CB91-4E23-8F21-717C6640583A.reg (188 bytes security) (deflated 70%)
updating: backregs/3AF408A0-A2AA-4254-A032-7090309A10F7.reg (188 bytes security) (deflated 70%)
updating: backregs/42B27AFA-9207-4D3C-AF9C-033D4AA1B523.reg (188 bytes security) (deflated 70%)
updating: backregs/457899DC-2C26-47FE-AC69-00FDF3A6159A.reg (188 bytes security) (deflated 70%)
updating: backregs/4ACC2483-3F7A-48FD-82FE-7C89C489F946.reg (188 bytes security) (deflated 70%)
updating: backregs/4ADE002A-0A55-4510-BD50-956A2F7BACBC.reg (188 bytes security) (deflated 70%)
updating: backregs/543811FB-DF04-47ED-8D62-37BE3A14F3FF.reg (188 bytes security) (deflated 70%)
updating: backregs/58EB5E18-802C-4B21-B531-C9F363653B22.reg (188 bytes security) (deflated 70%)
updating: backregs/5E3A614C-C727-42BD-8EAC-DECA98083F5E.reg (188 bytes security) (deflated 70%)
updating: backregs/6AC3AC9A-F8B8-4520-B030-7B24D0D02CF5.reg (188 bytes security) (deflated 70%)
updating: backregs/6B34DBAB-5FBA-417E-9EA8-EE45C68BA0B4.reg (188 bytes security) (deflated 70%)
updating: backregs/778B20D8-EFF4-4D83-A656-B142FBB01D9C.reg (188 bytes security) (deflated 70%)
updating: backregs/78FDB30D-3A8C-48C3-9A07-57CD8689C0FA.reg (188 bytes security) (deflated 70%)
updating: backregs/7B4E14AE-BD02-4CFA-88C9-35F0D5C7AEAE.reg (188 bytes security) (deflated 70%)
updating: backregs/802A6834-882C-4AD6-92A3-91CDE37004E7.reg (188 bytes security) (deflated 70%)
updating: backregs/86C15555-7B91-4E8C-89A8-8D9610DD4E63.reg (188 bytes security) (deflated 70%)
updating: backregs/88FC7286-2F0E-4FE3-A5F1-F4798596D856.reg (188 bytes security) (deflated 70%)
updating: backregs/8D19357A-1C73-4F6B-A667-4676A112E6F4.reg (188 bytes security) (deflated 70%)
updating: backregs/8D9D8524-97C0-426A-8FC5-831744444119.reg (188 bytes security) (deflated 70%)
updating: backregs/9588A438-9A6F-4564-97EC-54D223B28FD4.reg (188 bytes security) (deflated 70%)
updating: backregs/A299678C-AA78-4810-8875-12E126C3AF64.reg (188 bytes security) (deflated 70%)
updating: backregs/B68EA6DF-F2C5-4202-8A47-25CA5B20DE80.reg (188 bytes security) (deflated 70%)
updating: backregs/C1CD07D2-53BC-4F65-8822-47C688D67823.reg (188 bytes security) (deflated 70%)
updating: backregs/C84AB827-24AA-4AB7-9B84-D3E2E4615792.reg (188 bytes security) (deflated 70%)
updating: backregs/CB178675-B816-4F56-8CE5-C395E3A7EAEC.reg (188 bytes security) (deflated 70%)
updating: backregs/D165E6DF-FADC-46BD-BF53-42DF8B3FEF42.reg (188 bytes security) (deflated 70%)
updating: backregs/D94BB227-6F99-4F6B-AE76-AAA4BEF66EDF.reg (188 bytes security) (deflated 70%)
updating: backregs/EF0D4176-EEFC-4BDA-B962-557D8BFA87BF.reg (188 bytes security) (deflated 70%)
updating: backregs/F37B3B1E-46FE-4050-B552-E3886E2BA7C2.reg (188 bytes security) (deflated 70%)
updating: backregs/F84BA174-2908-4058-8827-090902F137BF.reg (188 bytes security) (deflated 70%)
updating: backregs/FD9C990B-5824-41FD-9C1A-5308CE5504DA.reg (188 bytes security) (deflated 70%)
updating: backregs/notibac.reg (164 bytes security) (deflated 87%)
updating: backregs/shell.reg (164 bytes security) (deflated 73%)
adding: backregs/2B7DCC71-1E57-4EA6-954F-91563FF66F51.reg (188 bytes security) (deflated 70%)
adding: backregs/2E5EEEDD-2E3C-4BC0-92FE-662C11F88032.reg (188 bytes security) (deflated 70%)
adding: backregs/7C1ABD2B-E3D4-44B1-8F1B-FEC585833BD2.reg (188 bytes security) (deflated 70%)
adding: backregs/96F28BAB-4A2E-4B21-A301-27E94FE99BB3.reg (188 bytes security) (deflated 70%)
adding: backregs/9D2076AF-3CE1-48B6-9C15-BB8D0D375D2F.reg (188 bytes security) (deflated 70%)
adding: backregs/A999C7BD-7E15-4E5F-B079-A39EE1EB499D.reg (188 bytes security) (deflated 70%)
adding: backregs/D065D711-635D-485B-98F3-63BF6B08D6B7.reg (188 bytes security) (deflated 70%)
adding: backregs/DD61954A-C0DA-4403-9DBF-06FFB2315C9E.reg (188 bytes security) (deflated 70%)

Logfile of HijackThis v1.99.1
Scan saved at 12:50:53, on 11/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\IE Security\ssc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijacckThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IESecurity - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\IESECU~1\iesecpro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\fr\msntb.dll
O4 - HKLM\..\Run: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\Run: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\\\etb\\pokapoka79.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\BOUSSARI\Mes documents\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ServicesLog] msssmsngr6417.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\RunServices: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\RunServices: [ServicesLog] msssmsngr6417.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131024015229
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\m0ls0a37ed.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: SSC - Unknown owner - C:\Program Files\IE Security\ssc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

merci
0
Réponse 15 / 40
Silver Rose
 
Voici les logs de l2mix et hijack:

L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/08CCC3DC-4E04-45F2-A8D1-25C7F672C3F7.reg (188 bytes security) (deflated 70%)
updating: backregs/09E1A2FD-2AD8-4307-98DC-8B4F66B6D7D8.reg (188 bytes security) (deflated 70%)
updating: backregs/0DD11191-4CEF-4A5F-8FD0-EEA1E645E631.reg (188 bytes security) (deflated 70%)
updating: backregs/2293BEDF-CA62-45BE-BCCE-B1A0DC871CE8.reg (188 bytes security) (deflated 69%)
updating: backregs/2A31E0BD-2511-48F3-9954-D5B1212FEA34.reg (188 bytes security) (deflated 70%)
updating: backregs/2CCA20E4-5191-4009-9AB8-FEBE9FEB0D77.reg (188 bytes security) (deflated 70%)
updating: backregs/2F451798-D325-4C63-A458-9B5A4880F428.reg (188 bytes security) (deflated 70%)
updating: backregs/375D4BCD-CB91-4E23-8F21-717C6640583A.reg (188 bytes security) (deflated 70%)
updating: backregs/3AF408A0-A2AA-4254-A032-7090309A10F7.reg (188 bytes security) (deflated 70%)
updating: backregs/42B27AFA-9207-4D3C-AF9C-033D4AA1B523.reg (188 bytes security) (deflated 70%)
updating: backregs/457899DC-2C26-47FE-AC69-00FDF3A6159A.reg (188 bytes security) (deflated 70%)
updating: backregs/4ACC2483-3F7A-48FD-82FE-7C89C489F946.reg (188 bytes security) (deflated 70%)
updating: backregs/4ADE002A-0A55-4510-BD50-956A2F7BACBC.reg (188 bytes security) (deflated 70%)
updating: backregs/543811FB-DF04-47ED-8D62-37BE3A14F3FF.reg (188 bytes security) (deflated 70%)
updating: backregs/58EB5E18-802C-4B21-B531-C9F363653B22.reg (188 bytes security) (deflated 70%)
updating: backregs/5E3A614C-C727-42BD-8EAC-DECA98083F5E.reg (188 bytes security) (deflated 70%)
updating: backregs/6AC3AC9A-F8B8-4520-B030-7B24D0D02CF5.reg (188 bytes security) (deflated 70%)
updating: backregs/6B34DBAB-5FBA-417E-9EA8-EE45C68BA0B4.reg (188 bytes security) (deflated 70%)
updating: backregs/778B20D8-EFF4-4D83-A656-B142FBB01D9C.reg (188 bytes security) (deflated 70%)
updating: backregs/78FDB30D-3A8C-48C3-9A07-57CD8689C0FA.reg (188 bytes security) (deflated 70%)
updating: backregs/7B4E14AE-BD02-4CFA-88C9-35F0D5C7AEAE.reg (188 bytes security) (deflated 70%)
updating: backregs/802A6834-882C-4AD6-92A3-91CDE37004E7.reg (188 bytes security) (deflated 70%)
updating: backregs/86C15555-7B91-4E8C-89A8-8D9610DD4E63.reg (188 bytes security) (deflated 70%)
updating: backregs/88FC7286-2F0E-4FE3-A5F1-F4798596D856.reg (188 bytes security) (deflated 70%)
updating: backregs/8D19357A-1C73-4F6B-A667-4676A112E6F4.reg (188 bytes security) (deflated 70%)
updating: backregs/8D9D8524-97C0-426A-8FC5-831744444119.reg (188 bytes security) (deflated 70%)
updating: backregs/9588A438-9A6F-4564-97EC-54D223B28FD4.reg (188 bytes security) (deflated 70%)
updating: backregs/A299678C-AA78-4810-8875-12E126C3AF64.reg (188 bytes security) (deflated 70%)
updating: backregs/B68EA6DF-F2C5-4202-8A47-25CA5B20DE80.reg (188 bytes security) (deflated 70%)
updating: backregs/C1CD07D2-53BC-4F65-8822-47C688D67823.reg (188 bytes security) (deflated 70%)
updating: backregs/C84AB827-24AA-4AB7-9B84-D3E2E4615792.reg (188 bytes security) (deflated 70%)
updating: backregs/CB178675-B816-4F56-8CE5-C395E3A7EAEC.reg (188 bytes security) (deflated 70%)
updating: backregs/D165E6DF-FADC-46BD-BF53-42DF8B3FEF42.reg (188 bytes security) (deflated 70%)
updating: backregs/D94BB227-6F99-4F6B-AE76-AAA4BEF66EDF.reg (188 bytes security) (deflated 70%)
updating: backregs/EF0D4176-EEFC-4BDA-B962-557D8BFA87BF.reg (188 bytes security) (deflated 70%)
updating: backregs/F37B3B1E-46FE-4050-B552-E3886E2BA7C2.reg (188 bytes security) (deflated 70%)
updating: backregs/F84BA174-2908-4058-8827-090902F137BF.reg (188 bytes security) (deflated 70%)
updating: backregs/FD9C990B-5824-41FD-9C1A-5308CE5504DA.reg (188 bytes security) (deflated 70%)
updating: backregs/notibac.reg (164 bytes security) (deflated 87%)
updating: backregs/shell.reg (164 bytes security) (deflated 73%)
adding: backregs/2B7DCC71-1E57-4EA6-954F-91563FF66F51.reg (188 bytes security) (deflated 70%)
adding: backregs/2E5EEEDD-2E3C-4BC0-92FE-662C11F88032.reg (188 bytes security) (deflated 70%)
adding: backregs/7C1ABD2B-E3D4-44B1-8F1B-FEC585833BD2.reg (188 bytes security) (deflated 70%)
adding: backregs/96F28BAB-4A2E-4B21-A301-27E94FE99BB3.reg (188 bytes security) (deflated 70%)
adding: backregs/9D2076AF-3CE1-48B6-9C15-BB8D0D375D2F.reg (188 bytes security) (deflated 70%)
adding: backregs/A999C7BD-7E15-4E5F-B079-A39EE1EB499D.reg (188 bytes security) (deflated 70%)
adding: backregs/D065D711-635D-485B-98F3-63BF6B08D6B7.reg (188 bytes security) (deflated 70%)
adding: backregs/DD61954A-C0DA-4403-9DBF-06FFB2315C9E.reg (188 bytes security) (deflated 70%)

Logfile of HijackThis v1.99.1
Scan saved at 12:50:53, on 11/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\IE Security\ssc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijacckThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IESecurity - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\IESECU~1\iesecpro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\fr\msntb.dll
O4 - HKLM\..\Run: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\Run: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\\\etb\\pokapoka79.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\BOUSSARI\Mes documents\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ServicesLog] msssmsngr6417.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\RunServices: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\RunServices: [ServicesLog] msssmsngr6417.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131024015229
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\m0ls0a37ed.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: SSC - Unknown owner - C:\Program Files\IE Security\ssc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

merci
0
Réponse 16 / 40
Utilisateur anonyme
 
salut imprime ceci a faire dans l'ordre

coche ces lignes dans hijackthis puis clike sur "fix checked :

O4 - HKLM\..\Run: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\Run: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\\\etb\\pokapoka79.exe
O4 - HKLM\..\Run: [ServicesLog] msssmsngr6417.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys1.exe
O4 - HKLM\..\RunServices: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\RunServices: [ServicesLog] msssmsngr6417.exe

1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)

2.ensuite va dans demarrer/rechercher et tape un par un :

vejcqzvmhawhdq.exe
rxsprip.exe
isass.exe ( ne pas confondre avec Lsass.exe qui est un fichier system)
pz2.exe
pokapoka79.exe
msssmsngr6417.exe
keyboard1.exe
mousepad1.exe
gimmysmileys1.exe
rxsprip.exe

suprime les et vide la corebeille

redemare en mode normal telecharge et execute edwido

Edwido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

Clique sur scanner puis sur scan complet du système. puis colle le resultat ici suivi d'un scan hijack

@++++++++++
0
Réponse 17 / 40
Silver Rose
 
De tous les fichiers à supprimer manuellement, il n'y a que 2 que j'ai réussi à supprimer. Il y a isass.exe qui semble tjrs s'éxécuter et que je n'arrive pas à supprimer (je le vois qd je fais ctrl+alt+suppr, sous processus).

voici les résultats de ewido et hijack:

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 14:54:24, 11/03/2006
+ Somme de contrôle: CC85A04D

+ Résultats du scan:

[620] C:\WINDOWS\system32\uctheme.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\dnlo0133e.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\dy32gt.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\f6l02g3mg6.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\mv26l9fs1.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\neobjapi.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\uctheme.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\VJAME.DLL -> Adware.Look2Me : Nettoyer et sauvegarder

::Fin du rapport

-----------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 14:55:18, on 11/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
------------------------------------------------------------

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\HijacckThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emsisoft.com/account/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IESecurity - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\IESECU~1\iesecpro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\fr\msntb.dll
O4 - HKLM\..\Run: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\Run: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\BOUSSARI\Mes documents\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [ServicesLog] msssmsngr6417.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131024015229
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\hrro0593e.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: SSC - Unknown owner - C:\Program Files\IE Security\ssc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

que dois-je ensuite faire? Merci par avance.
0
Réponse 18 / 40
Utilisateur anonyme
 
salut tu as bien été dans le mode sans echec ???

fix ceci avec hijack :

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [apqvzocx] C:\WINDOWS\System32\vejcqzvmhawhdq.exe
O4 - HKLM\..\Run: [nzkt] C:\WINDOWS\System32\rxsprip.exe
O4 - HKLM\..\RunServices: [ServicesLog] msssmsngr6417.exe

1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 ou F5 desque l'ordi s'allume) ensuite dans le menu qui s'ouvre le mode sans echec

2.ensuite va dans demarrer/rechercher et tape un par un :

vejcqzvmhawhdq.exe
rxsprip.exe
isass.exe ( ne pas confondre avec Lsass.exe qui est un fichier system)
pz2.exe
pokapoka79.exe
msssmsngr6417.exe
keyboard1.exe
mousepad1.exe
gimmysmileys1.exe
rxsprip.exe

suprime les et vide la corebeille 

isass.exe qui semble tjrs s'éxécuter et que je n'arrive pas à supprimer (je le vois qd je fais ctrl+alt+suppr, sous processus).


Ne pas confondre Lsass et Issas . si tu vois Lsass dans le gestionaire de tache c'est normal c'est un fichier important au bon fonctionement de l'ordi

@+++++++
0
Réponse 19 / 40
Silver Rose
 
c'est parfait, jai tout supprimé; Et vidé la corbeille. Je ne trouve aucun fichier à supprimer. Et j'ai fait tout cela en "mode sans échec".

Quand j'ai rédémarré en "mode normal", plus rien excepté le pc qui rame. Il n'est pas nécéssaire de dégramenter BitDefender et Ewido ne signale plus rien.

Que dois-je faire?

Merci vraiment que nous en soyons arrivés là. C'est une grande avancée. Je vais essayé de me connecter à internet avec le pc pour voir ce que àa donne.

Un grand merci à Jess!
0
Réponse 20 / 40
Utilisateur anonyme
 
de rien :) mais c'est pas encore fini il reste le spy l2me a erradiqué . remet un hijack pour voir si tout est ok

@+++++++++
0
muripol Messages postés 96 Statut Membre 6
 
hello jess

si pokapoka rétif,
il existe un bat qui le vire ainsi que d'autres fichiers qui ne sont pas visibles avec Hijack.
Dans quelques rares cas, le dossier ETB n'est visible que sous dos.
http://users.telenet.be/bluepatchy/miekiemoes/tools/LQfix.zip
(dézipper et lancer lqfix.bat en mode sans échec si possible)

cordialement
0
Utilisateur anonyme > muripol Messages postés 96 Statut Membre
  
hello jess 

si pokapoka rétif, 
il existe un bat qui le vire ainsi que d'autres fichiers qui ne sont pas visibles avec Hijack. 
Dans quelques rares cas, le dossier ETB n'est visible que sous dos. 
http://users.telenet.be/bluepatchy/miekiemoes/tools/LQfix.zip 
(dézipper et lancer lqfix.bat en mode sans échec si possible) 

cordialement


mercii muripol pour l'info

@++++++
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses