A voir également:
- Pc infecté
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
- Audacity enregistrer son pc - Guide
11 réponses
Utilisateur anonyme
30 mars 2006 à 02:18
30 mars 2006 à 02:18
Salut,
fais ceci:
télécharges hijackthis:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Installe le dans son propre dossier:
-cliques droit sur le bureau, nouveau dossier, installes-le dedans.
Lance le, cliques sur "do a system scan and save logfile"
Puis copies et colles le rapport ici.
fais ceci:
télécharges hijackthis:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Installe le dans son propre dossier:
-cliques droit sur le bureau, nouveau dossier, installes-le dedans.
Lance le, cliques sur "do a system scan and save logfile"
Puis copies et colles le rapport ici.
Logfile of HijackThis v1.99.1
Scan saved at 01:24:34, on 30/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Azureus\Azureus.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Nassimou\Bureau\Nouveau dossier\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\ddccc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [System Servlce] live.exe
O4 - HKLM\..\RunServices: [cof.updit] Seurit.exe
O4 - HKLM\..\RunServices: [System Service] b4db0yz.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download All by JetCar - C:\Program Files\JetCar\jc_all.htm
O8 - Extra context menu item: Download using JetCar - C:\Program Files\JetCar\jc_link.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} (phoneaccess Class) - http://ipdata.phoneaccess.com/dialer/1/cab/fr/phoneaccess.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ACACF2A-7AB7-40E6-A584-E1D3DC79E3C6}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\SYSTEM32\ddccc.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\rKschap.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Labs - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Scan saved at 01:24:34, on 30/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Azureus\Azureus.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Nassimou\Bureau\Nouveau dossier\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\ddccc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [System Servlce] live.exe
O4 - HKLM\..\RunServices: [cof.updit] Seurit.exe
O4 - HKLM\..\RunServices: [System Service] b4db0yz.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download All by JetCar - C:\Program Files\JetCar\jc_all.htm
O8 - Extra context menu item: Download using JetCar - C:\Program Files\JetCar\jc_link.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} (phoneaccess Class) - http://ipdata.phoneaccess.com/dialer/1/cab/fr/phoneaccess.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ACACF2A-7AB7-40E6-A584-E1D3DC79E3C6}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\SYSTEM32\ddccc.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\rKschap.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Labs - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [System Servlce] live.exe
O4 - HKLM\..\RunServices: [cof.updit] Seurit.exe
O4 - HKLM\..\RunServices: [System Service] b4db0yz.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} (phoneaccess Class) - http://ipdata.phoneaccess.com/dialer/1/cab/fr/phoneaccess.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
cliques sur demarrer, rechercher, cherches et supprimes ces fichiers:
live.exe
Seurit.exe
b4db0yz.exe
si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui ci tapotes la touche f8, à l'ecran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers, vides ta corbeille et redemarres normalement
Puis remet un rapport hijack this stp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [System Servlce] live.exe
O4 - HKLM\..\RunServices: [cof.updit] Seurit.exe
O4 - HKLM\..\RunServices: [System Service] b4db0yz.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} (phoneaccess Class) - http://ipdata.phoneaccess.com/dialer/1/cab/fr/phoneaccess.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
cliques sur demarrer, rechercher, cherches et supprimes ces fichiers:
live.exe
Seurit.exe
b4db0yz.exe
si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui ci tapotes la touche f8, à l'ecran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers, vides ta corbeille et redemarres normalement
Puis remet un rapport hijack this stp
Avant je voudrais dire un grand merci à boulepate62, t un ange
j'ai exactement fait ce que vous avez dit mais seulement je voie pas ou cliquer pour faire ceci:
cliques sur démarrer, rechercher, cherches et supprimes ces fichiers:
live.exe
Seurit.exe
b4db0yz.exe
j'ai exactement fait ce que vous avez dit mais seulement je voie pas ou cliquer pour faire ceci:
cliques sur démarrer, rechercher, cherches et supprimes ces fichiers:
live.exe
Seurit.exe
b4db0yz.exe
tu dois avoir en bas à droite de ta fenetre un bouton "demarrer" ensuite "rechercher" sur la droite .
Si non fais ceci:
Telecharge, installe puis mets à jour ce logiciel, une fois que c'est fait, fais un scan complet de ton systeme et colle le rapport ici avec un nouveau rapport hijackthis
Ewido:
Ewido Security Suite
Si non fais ceci:
Telecharge, installe puis mets à jour ce logiciel, une fois que c'est fait, fais un scan complet de ton systeme et colle le rapport ici avec un nouveau rapport hijackthis
Ewido:
Ewido Security Suite
désole mec j'ai pas fermé l'oeil depuis 48 heure je dit n'importe quoi ..je me rend compte de ce que j'ai posté -- cliques sur démarrer, rechercher-- pffff encore désole ...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of HijackThis v1.99.1
Scan saved at 02:27:41, on 30/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\JetCar\JetCar.exe
C:\Documents and Settings\Nassimou\Bureau\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ddccc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download All by JetCar - C:\Program Files\JetCar\jc_all.htm
O8 - Extra context menu item: Download using JetCar - C:\Program Files\JetCar\jc_link.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ACACF2A-7AB7-40E6-A584-E1D3DC79E3C6}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\SYSTEM32\ddccc.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\rKschap.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Labs - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Scan saved at 02:27:41, on 30/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\JetCar\JetCar.exe
C:\Documents and Settings\Nassimou\Bureau\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ddccc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download All by JetCar - C:\Program Files\JetCar\jc_all.htm
O8 - Extra context menu item: Download using JetCar - C:\Program Files\JetCar\jc_link.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ACACF2A-7AB7-40E6-A584-E1D3DC79E3C6}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\SYSTEM32\ddccc.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\rKschap.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Labs - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Telecharge, installe puis mets à jour ce logiciel, une fois que c'est fait, fais un scan complet de ton systeme et colle le rapport ici
Ewido:
https://www.01net.com/404/
Ensuite, tu fais ceci:
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
A+++
Ewido:
https://www.01net.com/404/
Ensuite, tu fais ceci:
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
A+++
raport de anti-malware
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 04:50:13, 30/03/2006
+ Somme de contrôle: A368C42C
+ Résultats du scan:
HKLM\SOFTWARE\Aureate -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Aureate\Advertising -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Default Server -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\1 -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\2 -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\3 -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\4 -> Adware.Aureate : Nettoyer et sauvegarder
HKU\S-1-5-21-776561741-1364589140-682003330-1003\Software\Aureate -> Adware.Aureate : Nettoyer et sauvegarder
HKU\S-1-5-21-776561741-1364589140-682003330-1003\Software\Aureate\Advertising -> Adware.Aureate : Nettoyer et sauvegarder
HKU\S-1-5-21-776561741-1364589140-682003330-1003\Software\Aureate\Advertising\Cookies -> Adware.Aureate : Nettoyer et sauvegarder
HKU\S-1-5-21-776561741-1364589140-682003330-1003\Software\Aureate\Advertising\Demographics -> Adware.Aureate : Nettoyer et sauvegarder
[1968] C:\WINDOWS\system32\szimgvw.dll -> Adware.Look2Me : Erreur durant le nettoyage
[3828] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Erreur durant le nettoyage
C:\Documents and Settings\Nassimou\Cookies\nassimou@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@hotlog[2].txt -> TrackingCookie.Hotlog : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@spylog[1].txt -> TrackingCookie.Spylog : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@yadro[2].txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\cz32.exe/rm32.dll -> Downloader.ConHook.y : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\cz32.exe/dr32.exe -> Downloader.VB.vz : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Local Settings\Temporary Internet Files\Content.IE5\CTW76LYZ\drsmartload_js[1].htm -> Downloader.IstBar.j : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Local Settings\Temporary Internet Files\Content.IE5\KZS3CPSD\AppWrap[1].exe -> Adware.AdURL : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Local Settings\Temporary Internet Files\Content.IE5\L4SAKCCV\AppWrap[1].exe -> Adware.AdURL : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Local Settings\Temporary Internet Files\Content.IE5\L4SAKCCV\AppWrap[2].exe -> Adware.Zestyfind : Nettoyer et sauvegarder
C:\Program Files\JetCar\downloaded\Limpid-FX.rar/Limpid-FX\limpid FX.exe -> Dropper.Small.gn : Nettoyer et sauvegarder
C:\WINDOWS\system32\__delete_on_reboot__guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder
::Fin du rapport
-----------------------------------
raport vbg
[03/30/2006, 4:51:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nassimou\Bureau\Nouveau dossier\VirtumundoBeGone.exe" )
[03/30/2006, 4:51:38] - Detected System Information:
[03/30/2006, 4:51:38] - Windows Version: 5.1.2600, Service Pack 1
[03/30/2006, 4:51:38] - Current Username: Nassimou (Admin)
[03/30/2006, 4:51:38] - Windows is in NORMAL mode.
[03/30/2006, 4:51:38] - Searching for Browser Helper Objects:
[03/30/2006, 4:51:38] - BHO 1: {20D57A66-F7DF-467d-907B-9B7F4A118AB7} ()
[03/30/2006, 4:51:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/30/2006, 4:51:38] - Checking for HKLM\...\Winlogon\Notify\ddccc
[03/30/2006, 4:51:38] - Found: HKLM\...\Winlogon\Notify\ddccc - This is probably Virtumundo.
[03/30/2006, 4:51:38] - Assigning {20D57A66-F7DF-467d-907B-9B7F4A118AB7} MSEvents Object
[03/30/2006, 4:51:38] - BHO list has been changed! Starting over...
[03/30/2006, 4:51:38] - BHO 1: {20D57A66-F7DF-467d-907B-9B7F4A118AB7} (MSEvents Object)
[03/30/2006, 4:51:38] - ALERT: Found MSEvents Object!
[03/30/2006, 4:51:38] - Finished Searching Browser Helper Objects
[03/30/2006, 4:51:38] - *** Detected MSEvents Object
[03/30/2006, 4:51:38] - Trying to remove MSEvents Object...
[03/30/2006, 4:51:39] - Terminating Process: IEXPLORE.EXE
[03/30/2006, 4:51:40] - Terminating Process: RUNDLL32.EXE
[03/30/2006, 4:51:40] - Disabling Automatic Shell Restart
[03/30/2006, 4:51:40] - Terminating Process: EXPLORER.EXE
[03/30/2006, 4:51:41] - Suspending the NT Session Manager System Service
[03/30/2006, 4:51:41] - Terminating Windows NT Logon/Logoff Manager
[03/30/2006, 4:51:41] - Re-enabling Automatic Shell Restart
[03/30/2006, 4:51:41] - File to disable: C:\WINDOWS\system32\ddccc.dll
[03/30/2006, 4:51:41] - Renaming C:\WINDOWS\system32\ddccc.dll -> C:\WINDOWS\system32\ddccc.dll.vir
[03/30/2006, 4:51:42] - ! File rename was unsucessful.
[03/30/2006, 4:51:42] - Attempting to Deny Access to C:\WINDOWS\system32\ddccc.dll
[03/30/2006, 4:51:42] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/30/2006, 4:51:42] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[03/30/2006, 4:51:42] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/30/2006, 4:51:42] - Removing HKLM\...\Browser Helper Objects\{20D57A66-F7DF-467d-907B-9B7F4A118AB7}
[03/30/2006, 4:51:42] - Removing HKCR\CLSID\{20D57A66-F7DF-467d-907B-9B7F4A118AB7}
[03/30/2006, 4:51:42] - Adding Kill Bit for ActiveX for GUID: {20D57A66-F7DF-467d-907B-9B7F4A118AB7}
[03/30/2006, 4:51:42] - Deleting ATLEvents/MSEvents Registry entries
[03/30/2006, 4:51:42] - Removing HKLM\...\Winlogon\Notify\ddccc
[03/30/2006, 4:51:42] - Searching for Browser Helper Objects:
[03/30/2006, 4:51:42] - BHO 1: {20D57A66-F7DF-467d-907B-9B7F4A118AB7} ()
[03/30/2006, 4:51:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/30/2006, 4:51:42] - No filename found. Continuing.
[03/30/2006, 4:51:42] - Finished Searching Browser Helper Objects
[03/30/2006, 4:51:42] - Finishing up...
[03/30/2006, 4:51:42] - A restart is needed.
[03/30/2006, 4:51:44] - Attempting to Restart via STOP error (Blue Screen!)
-------------------------------------
rapport HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 05:00:00, on 30/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nassimou\Bureau\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ddccc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download All by JetCar - C:\Program Files\JetCar\jc_all.htm
O8 - Extra context menu item: Download using JetCar - C:\Program Files\JetCar\jc_link.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ACACF2A-7AB7-40E6-A584-E1D3DC79E3C6}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\SYSTEM32\ddccc.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\i4240efqeh2e0.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Labs - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
aprés tout des pages s'ouvre toute seul et kaspersky m'anncone que le fichier windows\system32\ddccc.dll est infecté pais ne peut rien lui faire...
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 04:50:13, 30/03/2006
+ Somme de contrôle: A368C42C
+ Résultats du scan:
HKLM\SOFTWARE\Aureate -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Aureate\Advertising -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Default Server -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\1 -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\2 -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\3 -> Adware.Aureate : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Software\Aureate\Advertising\Servers\4 -> Adware.Aureate : Nettoyer et sauvegarder
HKU\S-1-5-21-776561741-1364589140-682003330-1003\Software\Aureate -> Adware.Aureate : Nettoyer et sauvegarder
HKU\S-1-5-21-776561741-1364589140-682003330-1003\Software\Aureate\Advertising -> Adware.Aureate : Nettoyer et sauvegarder
HKU\S-1-5-21-776561741-1364589140-682003330-1003\Software\Aureate\Advertising\Cookies -> Adware.Aureate : Nettoyer et sauvegarder
HKU\S-1-5-21-776561741-1364589140-682003330-1003\Software\Aureate\Advertising\Demographics -> Adware.Aureate : Nettoyer et sauvegarder
[1968] C:\WINDOWS\system32\szimgvw.dll -> Adware.Look2Me : Erreur durant le nettoyage
[3828] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Erreur durant le nettoyage
C:\Documents and Settings\Nassimou\Cookies\nassimou@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@hotlog[2].txt -> TrackingCookie.Hotlog : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@spylog[1].txt -> TrackingCookie.Spylog : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Cookies\nassimou@yadro[2].txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\cz32.exe/rm32.dll -> Downloader.ConHook.y : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\cz32.exe/dr32.exe -> Downloader.VB.vz : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Local Settings\Temporary Internet Files\Content.IE5\CTW76LYZ\drsmartload_js[1].htm -> Downloader.IstBar.j : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Local Settings\Temporary Internet Files\Content.IE5\KZS3CPSD\AppWrap[1].exe -> Adware.AdURL : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Local Settings\Temporary Internet Files\Content.IE5\L4SAKCCV\AppWrap[1].exe -> Adware.AdURL : Nettoyer et sauvegarder
C:\Documents and Settings\Nassimou\Local Settings\Temporary Internet Files\Content.IE5\L4SAKCCV\AppWrap[2].exe -> Adware.Zestyfind : Nettoyer et sauvegarder
C:\Program Files\JetCar\downloaded\Limpid-FX.rar/Limpid-FX\limpid FX.exe -> Dropper.Small.gn : Nettoyer et sauvegarder
C:\WINDOWS\system32\__delete_on_reboot__guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder
::Fin du rapport
-----------------------------------
raport vbg
[03/30/2006, 4:51:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nassimou\Bureau\Nouveau dossier\VirtumundoBeGone.exe" )
[03/30/2006, 4:51:38] - Detected System Information:
[03/30/2006, 4:51:38] - Windows Version: 5.1.2600, Service Pack 1
[03/30/2006, 4:51:38] - Current Username: Nassimou (Admin)
[03/30/2006, 4:51:38] - Windows is in NORMAL mode.
[03/30/2006, 4:51:38] - Searching for Browser Helper Objects:
[03/30/2006, 4:51:38] - BHO 1: {20D57A66-F7DF-467d-907B-9B7F4A118AB7} ()
[03/30/2006, 4:51:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/30/2006, 4:51:38] - Checking for HKLM\...\Winlogon\Notify\ddccc
[03/30/2006, 4:51:38] - Found: HKLM\...\Winlogon\Notify\ddccc - This is probably Virtumundo.
[03/30/2006, 4:51:38] - Assigning {20D57A66-F7DF-467d-907B-9B7F4A118AB7} MSEvents Object
[03/30/2006, 4:51:38] - BHO list has been changed! Starting over...
[03/30/2006, 4:51:38] - BHO 1: {20D57A66-F7DF-467d-907B-9B7F4A118AB7} (MSEvents Object)
[03/30/2006, 4:51:38] - ALERT: Found MSEvents Object!
[03/30/2006, 4:51:38] - Finished Searching Browser Helper Objects
[03/30/2006, 4:51:38] - *** Detected MSEvents Object
[03/30/2006, 4:51:38] - Trying to remove MSEvents Object...
[03/30/2006, 4:51:39] - Terminating Process: IEXPLORE.EXE
[03/30/2006, 4:51:40] - Terminating Process: RUNDLL32.EXE
[03/30/2006, 4:51:40] - Disabling Automatic Shell Restart
[03/30/2006, 4:51:40] - Terminating Process: EXPLORER.EXE
[03/30/2006, 4:51:41] - Suspending the NT Session Manager System Service
[03/30/2006, 4:51:41] - Terminating Windows NT Logon/Logoff Manager
[03/30/2006, 4:51:41] - Re-enabling Automatic Shell Restart
[03/30/2006, 4:51:41] - File to disable: C:\WINDOWS\system32\ddccc.dll
[03/30/2006, 4:51:41] - Renaming C:\WINDOWS\system32\ddccc.dll -> C:\WINDOWS\system32\ddccc.dll.vir
[03/30/2006, 4:51:42] - ! File rename was unsucessful.
[03/30/2006, 4:51:42] - Attempting to Deny Access to C:\WINDOWS\system32\ddccc.dll
[03/30/2006, 4:51:42] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/30/2006, 4:51:42] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[03/30/2006, 4:51:42] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/30/2006, 4:51:42] - Removing HKLM\...\Browser Helper Objects\{20D57A66-F7DF-467d-907B-9B7F4A118AB7}
[03/30/2006, 4:51:42] - Removing HKCR\CLSID\{20D57A66-F7DF-467d-907B-9B7F4A118AB7}
[03/30/2006, 4:51:42] - Adding Kill Bit for ActiveX for GUID: {20D57A66-F7DF-467d-907B-9B7F4A118AB7}
[03/30/2006, 4:51:42] - Deleting ATLEvents/MSEvents Registry entries
[03/30/2006, 4:51:42] - Removing HKLM\...\Winlogon\Notify\ddccc
[03/30/2006, 4:51:42] - Searching for Browser Helper Objects:
[03/30/2006, 4:51:42] - BHO 1: {20D57A66-F7DF-467d-907B-9B7F4A118AB7} ()
[03/30/2006, 4:51:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/30/2006, 4:51:42] - No filename found. Continuing.
[03/30/2006, 4:51:42] - Finished Searching Browser Helper Objects
[03/30/2006, 4:51:42] - Finishing up...
[03/30/2006, 4:51:42] - A restart is needed.
[03/30/2006, 4:51:44] - Attempting to Restart via STOP error (Blue Screen!)
-------------------------------------
rapport HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 05:00:00, on 30/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nassimou\Bureau\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ddccc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download All by JetCar - C:\Program Files\JetCar\jc_all.htm
O8 - Extra context menu item: Download using JetCar - C:\Program Files\JetCar\jc_link.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ACACF2A-7AB7-40E6-A584-E1D3DC79E3C6}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\SYSTEM32\ddccc.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\i4240efqeh2e0.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Labs - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
aprés tout des pages s'ouvre toute seul et kaspersky m'anncone que le fichier windows\system32\ddccc.dll est infecté pais ne peut rien lui faire...
Ok, merci, c'est bon pour ça maintenant fais ceci:
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ddccc.dll
O20 - Winlogon Notify: ddccc - C:\WINDOWS\SYSTEM32\ddccc.dll
Télécharge l2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe
double clique sur l2mfix.exe pour lancer l'extraction.
dans le dossier l2mfix, double clique sur l2mfix.bat et choisis l'option 1 et valide avec la touche entrée
il va te generer un rapport
Copie et colle le resultat ici s'il te plait.
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ddccc.dll
O20 - Winlogon Notify: ddccc - C:\WINDOWS\SYSTEM32\ddccc.dll
Télécharge l2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe
double clique sur l2mfix.exe pour lancer l'extraction.
dans le dossier l2mfix, double clique sur l2mfix.bat et choisis l'option 1 et valide avec la touche entrée
il va te generer un rapport
Copie et colle le resultat ici s'il te plait.
L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mv26l9fs1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccc]
"Asynchronous"=dword:00000001
"DllName"="ddccc.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{B7B8FDFC-7BF4-BA6B-094E-A83F170F7539}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{ABC70703-32AF-11d4-90C4-D483A70F4825}"="CMenuExtender"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{780BCB64-0CAF-473c-A9FC-E08C03D75515}"="Matroska Shell Extension, Properties Page CLSID"
"{78DC191E-EFC1-4532-9A71-224577A86A7D}"="Matroska Shell Extension, Thumbnail Handler CLSID"
"{794D04CA-70AC-4020-80EB-FFD59DEF8027}"="Matroska Shell Extension, Tooltip Provider CLSID"
"{789111D8-68A3-46a3-9663-145A3FF4C9C9}"="Matroska Shell Extension, ContextMenu CLSID"
"{781395AF-A127-469f-A06F-59B482AF4F3F}"="Matroska Shell Extension, Column Provider CLSID"
"{31AC3708-7EC6-4AB8-B442-C80F74785CD2}"=""
"{5160C938-44A8-4F6C-AF99-EA72EF548F5E}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\rKschap.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\wM2topl.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
ddccc.dll Fri 10 Feb 2006 13:31:34 ..... 38 925 38,01 K
dtnhpast.dll Thu 30 Mar 2006 10:50:44 ..S.R 236 325 230,79 K
f4l02e~1.dll Thu 30 Mar 2006 4:52:26 ..S.R 234 272 228,78 K
fp2603~1.dll Thu 30 Mar 2006 10:50:42 ..S.R 236 948 231,39 K
fpj803~1.dll Thu 30 Mar 2006 10:52:12 ..S.R 237 138 231,58 K
gp00l3~1.dll Thu 30 Mar 2006 10:54:52 ..S.R 237 328 231,77 K
gp2ml3~1.dll Thu 30 Mar 2006 13:06:00 ..S.R 233 809 228,33 K
llghours.dll Thu 30 Mar 2006 10:52:12 ..S.R 236 325 230,79 K
lvju09~1.dll Thu 30 Mar 2006 10:53:40 ..S.R 237 244 231,68 K
mv26l9~1.dll Thu 30 Mar 2006 4:54:42 ..S.R 236 325 230,79 K
oge2disp.dll Thu 30 Mar 2006 10:53:42 ..S.R 236 325 230,79 K
sirenacm.dll Wed 25 Jan 2006 5:34:24 A.... 118 784 116,00 K
uxtheme.dll Fri 24 Mar 2006 17:08:56 A.... 204 288 199,50 K
wm2topl.dll Thu 30 Mar 2006 13:06:00 ..S.R 236 325 230,79 K
14 items found: 14 files (11 H/S), 0 directories.
Total of file sizes: 2 960 361 bytes 2,82 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 84F4-A557
R‚pertoire de C:\WINDOWS\System32
30/03/2006 13:05 236ÿ325 wM2topl.dll
30/03/2006 13:05 233ÿ809 gp2ml3f11.dll
30/03/2006 10:54 237ÿ328 gp00l3dm1.dll
30/03/2006 10:53 236ÿ325 oge2disp.dll
30/03/2006 10:53 237ÿ244 lvju0919e.dll
30/03/2006 10:52 236ÿ325 llghours.dll
30/03/2006 10:52 237ÿ138 fpj8031ue.dll
30/03/2006 10:50 236ÿ325 dtnhpast.dll
30/03/2006 10:50 236ÿ948 fp2603fse.dll
30/03/2006 04:54 236ÿ325 mv26l9fs1.dll
30/03/2006 04:52 234ÿ272 f4l02e3mgh.dll
26/03/2006 13:31 <REP> dllcache
24/03/2006 15:45 <REP> Microsoft
16/03/2003 15:49 33ÿ792 win.dll
12 fichier(s) 2ÿ632ÿ156 octets
2 R‚p(s) 15ÿ866ÿ994ÿ688 octets libres
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mv26l9fs1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccc]
"Asynchronous"=dword:00000001
"DllName"="ddccc.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{B7B8FDFC-7BF4-BA6B-094E-A83F170F7539}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{ABC70703-32AF-11d4-90C4-D483A70F4825}"="CMenuExtender"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{780BCB64-0CAF-473c-A9FC-E08C03D75515}"="Matroska Shell Extension, Properties Page CLSID"
"{78DC191E-EFC1-4532-9A71-224577A86A7D}"="Matroska Shell Extension, Thumbnail Handler CLSID"
"{794D04CA-70AC-4020-80EB-FFD59DEF8027}"="Matroska Shell Extension, Tooltip Provider CLSID"
"{789111D8-68A3-46a3-9663-145A3FF4C9C9}"="Matroska Shell Extension, ContextMenu CLSID"
"{781395AF-A127-469f-A06F-59B482AF4F3F}"="Matroska Shell Extension, Column Provider CLSID"
"{31AC3708-7EC6-4AB8-B442-C80F74785CD2}"=""
"{5160C938-44A8-4F6C-AF99-EA72EF548F5E}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\rKschap.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\wM2topl.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
ddccc.dll Fri 10 Feb 2006 13:31:34 ..... 38 925 38,01 K
dtnhpast.dll Thu 30 Mar 2006 10:50:44 ..S.R 236 325 230,79 K
f4l02e~1.dll Thu 30 Mar 2006 4:52:26 ..S.R 234 272 228,78 K
fp2603~1.dll Thu 30 Mar 2006 10:50:42 ..S.R 236 948 231,39 K
fpj803~1.dll Thu 30 Mar 2006 10:52:12 ..S.R 237 138 231,58 K
gp00l3~1.dll Thu 30 Mar 2006 10:54:52 ..S.R 237 328 231,77 K
gp2ml3~1.dll Thu 30 Mar 2006 13:06:00 ..S.R 233 809 228,33 K
llghours.dll Thu 30 Mar 2006 10:52:12 ..S.R 236 325 230,79 K
lvju09~1.dll Thu 30 Mar 2006 10:53:40 ..S.R 237 244 231,68 K
mv26l9~1.dll Thu 30 Mar 2006 4:54:42 ..S.R 236 325 230,79 K
oge2disp.dll Thu 30 Mar 2006 10:53:42 ..S.R 236 325 230,79 K
sirenacm.dll Wed 25 Jan 2006 5:34:24 A.... 118 784 116,00 K
uxtheme.dll Fri 24 Mar 2006 17:08:56 A.... 204 288 199,50 K
wm2topl.dll Thu 30 Mar 2006 13:06:00 ..S.R 236 325 230,79 K
14 items found: 14 files (11 H/S), 0 directories.
Total of file sizes: 2 960 361 bytes 2,82 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 84F4-A557
R‚pertoire de C:\WINDOWS\System32
30/03/2006 13:05 236ÿ325 wM2topl.dll
30/03/2006 13:05 233ÿ809 gp2ml3f11.dll
30/03/2006 10:54 237ÿ328 gp00l3dm1.dll
30/03/2006 10:53 236ÿ325 oge2disp.dll
30/03/2006 10:53 237ÿ244 lvju0919e.dll
30/03/2006 10:52 236ÿ325 llghours.dll
30/03/2006 10:52 237ÿ138 fpj8031ue.dll
30/03/2006 10:50 236ÿ325 dtnhpast.dll
30/03/2006 10:50 236ÿ948 fp2603fse.dll
30/03/2006 04:54 236ÿ325 mv26l9fs1.dll
30/03/2006 04:52 234ÿ272 f4l02e3mgh.dll
26/03/2006 13:31 <REP> dllcache
24/03/2006 15:45 <REP> Microsoft
16/03/2003 15:49 33ÿ792 win.dll
12 fichier(s) 2ÿ632ÿ156 octets
2 R‚p(s) 15ÿ866ÿ994ÿ688 octets libres
salut boulepate62
rapport de l2mfiw.bet
L2mfix 032106
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 560 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 664 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 344 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\clmpstui.dll
Successfully Deleted: C:\WINDOWS\system32\clmpstui.dll
Deleting: C:\WINDOWS\system32\dcmap.dll
Successfully Deleted: C:\WINDOWS\system32\dcmap.dll
Deleting: C:\WINDOWS\system32\dtnhpast.dll
Successfully Deleted: C:\WINDOWS\system32\dtnhpast.dll
Deleting: C:\WINDOWS\system32\f4l02e3mgh.dll
Successfully Deleted: C:\WINDOWS\system32\f4l02e3mgh.dll
Deleting: C:\WINDOWS\system32\f8l00i3me8.dll
Successfully Deleted: C:\WINDOWS\system32\f8l00i3me8.dll
Deleting: C:\WINDOWS\system32\fp2603fse.dll
Successfully Deleted: C:\WINDOWS\system32\fp2603fse.dll
Deleting: C:\WINDOWS\system32\fpj8031ue.dll
Successfully Deleted: C:\WINDOWS\system32\fpj8031ue.dll
Deleting: C:\WINDOWS\system32\gp00l3dm1.dll
Successfully Deleted: C:\WINDOWS\system32\gp00l3dm1.dll
Deleting: C:\WINDOWS\system32\gp2ml3f11.dll
Successfully Deleted: C:\WINDOWS\system32\gp2ml3f11.dll
Deleting: C:\WINDOWS\system32\i4jq0e15eh.dll
Successfully Deleted: C:\WINDOWS\system32\i4jq0e15eh.dll
Deleting: C:\WINDOWS\system32\jtr2079oe.dll
Successfully Deleted: C:\WINDOWS\system32\jtr2079oe.dll
Deleting: C:\WINDOWS\system32\l4j8le1u1h.dll
Successfully Deleted: C:\WINDOWS\system32\l4j8le1u1h.dll
Deleting: C:\WINDOWS\system32\llghours.dll
Successfully Deleted: C:\WINDOWS\system32\llghours.dll
Deleting: C:\WINDOWS\system32\lvju0919e.dll
Successfully Deleted: C:\WINDOWS\system32\lvju0919e.dll
Deleting: C:\WINDOWS\system32\m2lslc371f.dll
Successfully Deleted: C:\WINDOWS\system32\m2lslc371f.dll
Deleting: C:\WINDOWS\system32\mtvcrt40.dll
Successfully Deleted: C:\WINDOWS\system32\mtvcrt40.dll
Deleting: C:\WINDOWS\system32\oge2disp.dll
Successfully Deleted: C:\WINDOWS\system32\oge2disp.dll
Deleting: C:\WINDOWS\system32\p6p60g7se6.dll
Successfully Deleted: C:\WINDOWS\system32\p6p60g7se6.dll
Deleting: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
msg11?.dll
0 fichier(s) copi‚(s).
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccc]
"Asynchronous"=dword:00000001
"DllName"="ddccc.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\gp2ml3f11.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\clmpstui.dll
C:\WINDOWS\system32\dcmap.dll
C:\WINDOWS\system32\dtnhpast.dll
C:\WINDOWS\system32\f4l02e3mgh.dll
C:\WINDOWS\system32\f8l00i3me8.dll
C:\WINDOWS\system32\fp2603fse.dll
C:\WINDOWS\system32\fpj8031ue.dll
C:\WINDOWS\system32\gp00l3dm1.dll
C:\WINDOWS\system32\gp2ml3f11.dll
C:\WINDOWS\system32\i4jq0e15eh.dll
C:\WINDOWS\system32\jtr2079oe.dll
C:\WINDOWS\system32\l4j8le1u1h.dll
C:\WINDOWS\system32\llghours.dll
C:\WINDOWS\system32\lvju0919e.dll
C:\WINDOWS\system32\m2lslc371f.dll
C:\WINDOWS\system32\mtvcrt40.dll
C:\WINDOWS\system32\oge2disp.dll
C:\WINDOWS\system32\p6p60g7se6.dll
C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\rKschap.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{31AC3708-7EC6-4AB8-B442-C80F74785CD2}"=-
"{5160C938-44A8-4F6C-AF99-EA72EF548F5E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}]
[-HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/clmpstui.dll (164 bytes security) (deflated 4%)
adding: dlls/dcmap.dll (164 bytes security) (deflated 4%)
adding: dlls/dtnhpast.dll (164 bytes security) (deflated 5%)
adding: dlls/f4l02e3mgh.dll (164 bytes security) (deflated 4%)
adding: dlls/f8l00i3me8.dll (164 bytes security) (deflated 4%)
adding: dlls/fp2603fse.dll (164 bytes security) (deflated 5%)
adding: dlls/fpj8031ue.dll (164 bytes security) (deflated 5%)
adding: dlls/gp00l3dm1.dll (164 bytes security) (deflated 6%)
adding: dlls/gp2ml3f11.dll (164 bytes security) (deflated 4%)
adding: dlls/i4jq0e15eh.dll (164 bytes security) (deflated 4%)
adding: dlls/jtr2079oe.dll (164 bytes security) (deflated 4%)
adding: dlls/l4j8le1u1h.dll (164 bytes security) (deflated 5%)
adding: dlls/llghours.dll (164 bytes security) (deflated 5%)
adding: dlls/lvju0919e.dll (164 bytes security) (deflated 6%)
adding: dlls/m2lslc371f.dll (164 bytes security) (deflated 5%)
adding: dlls/mtvcrt40.dll (164 bytes security) (deflated 4%)
adding: dlls/oge2disp.dll (164 bytes security) (deflated 5%)
adding: dlls/p6p60g7se6.dll (164 bytes security) (deflated 5%)
adding: dlls/__delete_on_reboot__guard.tmp (164 bytes security) (deflated 4%)
adding: backregs/31AC3708-7EC6-4AB8-B442-C80F74785CD2.reg (212 bytes security) (deflated 69%)
adding: backregs/5160C938-44A8-4F6C-AF99-EA72EF548F5E.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
---------------------------------------------
rapport de HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 16:42:05, on 30/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Nassimou\Bureau\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download All by JetCar - C:\Program Files\JetCar\jc_all.htm
O8 - Extra context menu item: Download using JetCar - C:\Program Files\JetCar\jc_link.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ACACF2A-7AB7-40E6-A584-E1D3DC79E3C6}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccc - ddccc.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\gp2ml3f11.dll (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Labs - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
rapport de l2mfiw.bet
L2mfix 032106
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 560 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 664 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 344 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\clmpstui.dll
Successfully Deleted: C:\WINDOWS\system32\clmpstui.dll
Deleting: C:\WINDOWS\system32\dcmap.dll
Successfully Deleted: C:\WINDOWS\system32\dcmap.dll
Deleting: C:\WINDOWS\system32\dtnhpast.dll
Successfully Deleted: C:\WINDOWS\system32\dtnhpast.dll
Deleting: C:\WINDOWS\system32\f4l02e3mgh.dll
Successfully Deleted: C:\WINDOWS\system32\f4l02e3mgh.dll
Deleting: C:\WINDOWS\system32\f8l00i3me8.dll
Successfully Deleted: C:\WINDOWS\system32\f8l00i3me8.dll
Deleting: C:\WINDOWS\system32\fp2603fse.dll
Successfully Deleted: C:\WINDOWS\system32\fp2603fse.dll
Deleting: C:\WINDOWS\system32\fpj8031ue.dll
Successfully Deleted: C:\WINDOWS\system32\fpj8031ue.dll
Deleting: C:\WINDOWS\system32\gp00l3dm1.dll
Successfully Deleted: C:\WINDOWS\system32\gp00l3dm1.dll
Deleting: C:\WINDOWS\system32\gp2ml3f11.dll
Successfully Deleted: C:\WINDOWS\system32\gp2ml3f11.dll
Deleting: C:\WINDOWS\system32\i4jq0e15eh.dll
Successfully Deleted: C:\WINDOWS\system32\i4jq0e15eh.dll
Deleting: C:\WINDOWS\system32\jtr2079oe.dll
Successfully Deleted: C:\WINDOWS\system32\jtr2079oe.dll
Deleting: C:\WINDOWS\system32\l4j8le1u1h.dll
Successfully Deleted: C:\WINDOWS\system32\l4j8le1u1h.dll
Deleting: C:\WINDOWS\system32\llghours.dll
Successfully Deleted: C:\WINDOWS\system32\llghours.dll
Deleting: C:\WINDOWS\system32\lvju0919e.dll
Successfully Deleted: C:\WINDOWS\system32\lvju0919e.dll
Deleting: C:\WINDOWS\system32\m2lslc371f.dll
Successfully Deleted: C:\WINDOWS\system32\m2lslc371f.dll
Deleting: C:\WINDOWS\system32\mtvcrt40.dll
Successfully Deleted: C:\WINDOWS\system32\mtvcrt40.dll
Deleting: C:\WINDOWS\system32\oge2disp.dll
Successfully Deleted: C:\WINDOWS\system32\oge2disp.dll
Deleting: C:\WINDOWS\system32\p6p60g7se6.dll
Successfully Deleted: C:\WINDOWS\system32\p6p60g7se6.dll
Deleting: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
msg11?.dll
0 fichier(s) copi‚(s).
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccc]
"Asynchronous"=dword:00000001
"DllName"="ddccc.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\gp2ml3f11.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\clmpstui.dll
C:\WINDOWS\system32\dcmap.dll
C:\WINDOWS\system32\dtnhpast.dll
C:\WINDOWS\system32\f4l02e3mgh.dll
C:\WINDOWS\system32\f8l00i3me8.dll
C:\WINDOWS\system32\fp2603fse.dll
C:\WINDOWS\system32\fpj8031ue.dll
C:\WINDOWS\system32\gp00l3dm1.dll
C:\WINDOWS\system32\gp2ml3f11.dll
C:\WINDOWS\system32\i4jq0e15eh.dll
C:\WINDOWS\system32\jtr2079oe.dll
C:\WINDOWS\system32\l4j8le1u1h.dll
C:\WINDOWS\system32\llghours.dll
C:\WINDOWS\system32\lvju0919e.dll
C:\WINDOWS\system32\m2lslc371f.dll
C:\WINDOWS\system32\mtvcrt40.dll
C:\WINDOWS\system32\oge2disp.dll
C:\WINDOWS\system32\p6p60g7se6.dll
C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\rKschap.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{31AC3708-7EC6-4AB8-B442-C80F74785CD2}"=-
"{5160C938-44A8-4F6C-AF99-EA72EF548F5E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{31AC3708-7EC6-4AB8-B442-C80F74785CD2}]
[-HKEY_CLASSES_ROOT\CLSID\{5160C938-44A8-4F6C-AF99-EA72EF548F5E}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/clmpstui.dll (164 bytes security) (deflated 4%)
adding: dlls/dcmap.dll (164 bytes security) (deflated 4%)
adding: dlls/dtnhpast.dll (164 bytes security) (deflated 5%)
adding: dlls/f4l02e3mgh.dll (164 bytes security) (deflated 4%)
adding: dlls/f8l00i3me8.dll (164 bytes security) (deflated 4%)
adding: dlls/fp2603fse.dll (164 bytes security) (deflated 5%)
adding: dlls/fpj8031ue.dll (164 bytes security) (deflated 5%)
adding: dlls/gp00l3dm1.dll (164 bytes security) (deflated 6%)
adding: dlls/gp2ml3f11.dll (164 bytes security) (deflated 4%)
adding: dlls/i4jq0e15eh.dll (164 bytes security) (deflated 4%)
adding: dlls/jtr2079oe.dll (164 bytes security) (deflated 4%)
adding: dlls/l4j8le1u1h.dll (164 bytes security) (deflated 5%)
adding: dlls/llghours.dll (164 bytes security) (deflated 5%)
adding: dlls/lvju0919e.dll (164 bytes security) (deflated 6%)
adding: dlls/m2lslc371f.dll (164 bytes security) (deflated 5%)
adding: dlls/mtvcrt40.dll (164 bytes security) (deflated 4%)
adding: dlls/oge2disp.dll (164 bytes security) (deflated 5%)
adding: dlls/p6p60g7se6.dll (164 bytes security) (deflated 5%)
adding: dlls/__delete_on_reboot__guard.tmp (164 bytes security) (deflated 4%)
adding: backregs/31AC3708-7EC6-4AB8-B442-C80F74785CD2.reg (212 bytes security) (deflated 69%)
adding: backregs/5160C938-44A8-4F6C-AF99-EA72EF548F5E.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
---------------------------------------------
rapport de HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 16:42:05, on 30/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Nassimou\Bureau\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download All by JetCar - C:\Program Files\JetCar\jc_all.htm
O8 - Extra context menu item: Download using JetCar - C:\Program Files\JetCar\jc_link.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ACACF2A-7AB7-40E6-A584-E1D3DC79E3C6}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccc - ddccc.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\gp2ml3f11.dll (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Labs - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Re :-)
Bientôt finit
1.Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O20 - Winlogon Notify: ddccc - ddccc.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\gp2ml3f11.dll (file missing)
2.Tu n'as pas l'air d'avoir de pare-feu, installes celui-la il est gratuit et te permettra de te proteger des attaques du net (hackers, virus,..)
Kerio:
Pare-feu Kerio
-tutoriel: pour configurer et comprendre Kerio
https://kerio.probb.fr/
3.Finis par faire ce scan anti-virus en ligne et colles le rapport ici une fois qu'il à finit et je pense que ça sera bon.
https://www.bitdefender.com/toolbox/
A++
Bientôt finit
1.Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O20 - Winlogon Notify: ddccc - ddccc.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\gp2ml3f11.dll (file missing)
2.Tu n'as pas l'air d'avoir de pare-feu, installes celui-la il est gratuit et te permettra de te proteger des attaques du net (hackers, virus,..)
Kerio:
Pare-feu Kerio
-tutoriel: pour configurer et comprendre Kerio
https://kerio.probb.fr/
3.Finis par faire ce scan anti-virus en ligne et colles le rapport ici une fois qu'il à finit et je pense que ça sera bon.
https://www.bitdefender.com/toolbox/
A++
voici le rapport de scan online
Statistics
Time
02:43:18
Files
409792
Folders
6746
Boot Sectors
4
Archives
6044
Packed Files
18258
Results
Identified Viruses
21
Infected Files
124
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
124
Engines Info
Virus Definitions
354986
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Statistics
Time
02:43:18
Files
409792
Folders
6746
Boot Sectors
4
Archives
6044
Packed Files
18258
Results
Identified Viruses
21
Infected Files
124
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
124
Engines Info
Virus Definitions
354986
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Oula...
fais ceci pour créer un nouveau point de restauration propre:
Cliques sur demarrer, cliques droit sur poste de travail, propriétés, onglet "restauration du systeme"
-coches la case, puis cliques sur "appliquer"
-decoches la case et cliques sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:
Cliques sur demarrer, tout les programmes, accessoires, outils systemes, restauration du systeme, choisis "creer un point de restauration" nommes le " ccm" par exemple, cliques sur "creer" puis "ok".
Puis fais ce nettoyage:
¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs
CCleaner:
Ccleaner
¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"
Puis mets à jour ton windows! très important
cliques sur demarrer, tous les programmes, windows update(tout en haut) puis telecharges toutes les mises à jour que tu as, tu peux faire ça pleins de fois car ton pc est loin d'être à jour!
A++
fais ceci pour créer un nouveau point de restauration propre:
Cliques sur demarrer, cliques droit sur poste de travail, propriétés, onglet "restauration du systeme"
-coches la case, puis cliques sur "appliquer"
-decoches la case et cliques sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:
Cliques sur demarrer, tout les programmes, accessoires, outils systemes, restauration du systeme, choisis "creer un point de restauration" nommes le " ccm" par exemple, cliques sur "creer" puis "ok".
Puis fais ce nettoyage:
¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs
CCleaner:
Ccleaner
¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"
Puis mets à jour ton windows! très important
cliques sur demarrer, tous les programmes, windows update(tout en haut) puis telecharges toutes les mises à jour que tu as, tu peux faire ça pleins de fois car ton pc est loin d'être à jour!
A++
merci beaucoup chef vous êtes un seigneur....mais juste une dernière question!! sur le bureau quand je clique (droit) sur POSTE DE TRAVAIL dans l'onglet général le cpu n'est pas affiché ..ya seulement ram 512 ??alors qu'il devrais s'affichait et la ram et le processeur.... merci
remerci.....mais un p'tit probléme avec le logiciel SKYPE ..une fois le firewall lancé ce logiciel ne marche plus ...pour qu'il marche " SKYPE" faut que je ferme KERIO ..
regardes ici:
tutoriel: pour configurer et comprendre Kerio
https://kerio.probb.fr/
il faut que tu lui autorise à acceder au net "connexion entrante" et "sortante"
Quand tu ouvres Kerio, vas devant la ligne avec Skype puis tu met des croix verte partout et tu cliques sur "appliquer"
tutoriel: pour configurer et comprendre Kerio
https://kerio.probb.fr/
il faut que tu lui autorise à acceder au net "connexion entrante" et "sortante"
Quand tu ouvres Kerio, vas devant la ligne avec Skype puis tu met des croix verte partout et tu cliques sur "appliquer"