Sujet Précédent Sujet Suivant

Erreur de chargement de w004ab6f.dll

raiss Messages postés 47 Statut Membre -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
lorsque je démarre mon pc, une fenêtre apparait avec:
Erreur de chargement de w004ab6f.dll le module spécifié est introuvable
merci de bien vouloir m'aider
Raiss

26 réponses

  • 1
  • 2
Réponse 1 / 26
jmp59 Messages postés 31960 Date d'inscription   Statut Contributeur Dernière intervention   5 738
 
Bonjour,

Et ça ne gêne en rien le fonctionnement de ton PC ?
Tu as chopé un virus et ta protection l'a éliminé, mais il en reste une ou des trace(s) dans le registre. Supprimes-les.
Si jamais la fenêtre subsistait, fais un hijackthis et postes -le dans le forum Virus/Sécurité.

Bye.
0
Réponse 2 / 26
raiss Messages postés 47 Statut Membre 1
 
ça ne gène en rien mon pc mais la fenêtre perciste ,j'ai supprimer les fichiers mis en quarantaine
c'est quoi un hijackthis?
et coment je fais pour le poster dans le forum Virus/Sécurité?
0
Réponse 3 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Télécharge ceci :

Lien : http://www.infos-du-net.com/telecharger/HijackThis.html

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ici

@+
0
raiss Messages postés 47 Statut Membre 1
 
Logfile of HijackThis v1.99.1
Scan saved at 21:44:47, on 10/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aarasse\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Windows Base Services] wbse32.exe
O4 - HKLM\..\Run: [w004ab6f.dll] RUNDLL32.EXE w004ab6f.dll,I2 0014452b0004ab6f
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [VT100 Emulator] C:\WINDOWS\System32\VT100.EXE
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\RunServices: [Windows Base Services] wbse32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC9E16B9-A3BD-49ED-8C94-15A37CAFB8F9}: NameServer = 86.64.145.141 84.103.237.141
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\hr4q05h5e.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QUFSQVNTRQ\command.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Online Anti Virus - Unknown owner - C:\WINDOWS\avll32.exe (file missing)
0
Réponse 4 / 26
raiss Messages postés 47 Statut Membre 1
 
Logfile of HijackThis v1.99.1
Scan saved at 21:49:35, on 10/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aarasse\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Windows Base Services] wbse32.exe
O4 - HKLM\..\Run: [w004ab6f.dll] RUNDLL32.EXE w004ab6f.dll,I2 0014452b0004ab6f
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [VT100 Emulator] C:\WINDOWS\System32\VT100.EXE
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\RunServices: [Windows Base Services] wbse32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC9E16B9-A3BD-49ED-8C94-15A37CAFB8F9}: NameServer = 86.64.145.141 84.103.237.141
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\hr4q05h5e.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QUFSQVNTRQ\command.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Online Anti Virus - Unknown owner - C:\WINDOWS\avll32.exe (file missing)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
re

une belle ptite infection ...

on va commencer par look2me :

Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe

# Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.

++

***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
0
Réponse 6 / 26
raiss Messages postés 47 Statut Membre 1
 
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jtl6073se.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{ACC905A8-33DB-8B86-A752-E4A474DB3798}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}"=""
"{489F18FD-97F0-409F-BC9B-A5C546493C29}"=""
"{82A8B937-C06D-4029-BDEB-35AB809F2D5E}"=""
"{DDE008A7-0E5B-409E-BA87-B80B553244E7}"=""
"{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}"=""
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) Property Sheet Shell Extension"
"{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}"=""
"{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}"=""
"{0AE3B65C-AE29-474F-81EB-78DA81643FBA}"=""
"{DAD93514-8689-4781-9152-609F75683747}"=""
"{907EA352-E187-4A20-A77D-DE276D6D94AB}"=""
"{19D78526-56C2-499A-B203-A24CC42F4507}"=""
"{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}"=""
"{EE5C2627-B21E-4C05-84D6-55F449163BD3}"=""
"{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}"=""
"{39F4687A-2899-4779-BFA0-275846C07D1B}"=""
"{83A72658-A261-49C5-BFBD-E2AED688D3FF}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}"=""
"{6CFD0719-C8BB-41F7-9EA2-1253A2406168}"=""
"{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}"=""
"{DEACDED6-57C7-46AA-9953-A99385777728}"=""
"{5374F076-80F3-452F-96BA-1B48C8FCF864}"=""
"{B6118B68-8841-47EF-8ABE-3BFDC83D3190}"=""
"{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}"=""
"{68FF69CA-285F-42FD-9F2B-6727BE28BD76}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\jifr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}\InprocServer32]
@="C:\\WINDOWS\\system32\\nrtmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}\InprocServer32]
@="C:\\WINDOWS\\system32\\lladperf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}\InprocServer32]
@="C:\\WINDOWS\\system32\\ktdit142.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0AE3B65C-AE29-474F-81EB-78DA81643FBA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE3B65C-AE29-474F-81EB-78DA81643FBA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE3B65C-AE29-474F-81EB-78DA81643FBA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE3B65C-AE29-474F-81EB-78DA81643FBA}\InprocServer32]
@="C:\\WINDOWS\\system32\\ihakui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DAD93514-8689-4781-9152-609F75683747}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DAD93514-8689-4781-9152-609F75683747}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DAD93514-8689-4781-9152-609F75683747}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DAD93514-8689-4781-9152-609F75683747}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{907EA352-E187-4A20-A77D-DE276D6D94AB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{907EA352-E187-4A20-A77D-DE276D6D94AB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{907EA352-E187-4A20-A77D-DE276D6D94AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{907EA352-E187-4A20-A77D-DE276D6D94AB}\InprocServer32]
@="C:\\WINDOWS\\system32\\altxprxy.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{19D78526-56C2-499A-B203-A24CC42F4507}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{19D78526-56C2-499A-B203-A24CC42F4507}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{19D78526-56C2-499A-B203-A24CC42F4507}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{19D78526-56C2-499A-B203-A24CC42F4507}\InprocServer32]
@="C:\\WINDOWS\\system32\\kodth0.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EE5C2627-B21E-4C05-84D6-55F449163BD3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE5C2627-B21E-4C05-84D6-55F449163BD3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE5C2627-B21E-4C05-84D6-55F449163BD3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE5C2627-B21E-4C05-84D6-55F449163BD3}\InprocServer32]
@="C:\\WINDOWS\\system32\\sshedsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}\InprocServer32]
@="C:\\WINDOWS\\system32\\ucrvpa.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{39F4687A-2899-4779-BFA0-275846C07D1B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{39F4687A-2899-4779-BFA0-275846C07D1B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{39F4687A-2899-4779-BFA0-275846C07D1B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{39F4687A-2899-4779-BFA0-275846C07D1B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{83A72658-A261-49C5-BFBD-E2AED688D3FF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{83A72658-A261-49C5-BFBD-E2AED688D3FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{83A72658-A261-49C5-BFBD-E2AED688D3FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{83A72658-A261-49C5-BFBD-E2AED688D3FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}\InprocServer32]
@="C:\\WINDOWS\\system32\\rpvpsp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6CFD0719-C8BB-41F7-9EA2-1253A2406168}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CFD0719-C8BB-41F7-9EA2-1253A2406168}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CFD0719-C8BB-41F7-9EA2-1253A2406168}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CFD0719-C8BB-41F7-9EA2-1253A2406168}\InprocServer32]
@="C:\\WINDOWS\\system32\\iugutil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}\InprocServer32]
@="C:\\WINDOWS\\system32\\cqnsole.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DEACDED6-57C7-46AA-9953-A99385777728}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DEACDED6-57C7-46AA-9953-A99385777728}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DEACDED6-57C7-46AA-9953-A99385777728}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DEACDED6-57C7-46AA-9953-A99385777728}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqwdev.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5374F076-80F3-452F-96BA-1B48C8FCF864}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5374F076-80F3-452F-96BA-1B48C8FCF864}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5374F076-80F3-452F-96BA-1B48C8FCF864}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5374F076-80F3-452F-96BA-1B48C8FCF864}\InprocServer32]
@="C:\\WINDOWS\\system32\\ilssuba.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B6118B68-8841-47EF-8ABE-3BFDC83D3190}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6118B68-8841-47EF-8ABE-3BFDC83D3190}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6118B68-8841-47EF-8ABE-3BFDC83D3190}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6118B68-8841-47EF-8ABE-3BFDC83D3190}\InprocServer32]
@="C:\\WINDOWS\\system32\\kkdazel.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}\InprocServer32]
@="C:\\WINDOWS\\system32\\nfmsdba.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68FF69CA-285F-42FD-9F2B-6727BE28BD76}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FF69CA-285F-42FD-9F2B-6727BE28BD76}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FF69CA-285F-42FD-9F2B-6727BE28BD76}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FF69CA-285F-42FD-9F2B-6727BE28BD76}\InprocServer32]
@="C:\\WINDOWS\\system32\\xwlehlp.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
altxprxy.dll Fri 9 Jun 2006 21:01:56 ..S.R 233 415 227,94 K
cqnsole.dll Sat 10 Jun 2006 9:54:08 ..S.R 234 054 228,57 K
fpj803~1.dll Fri 9 Jun 2006 21:02:06 ..S.R 234 191 228,70 K
i624lg~1.dll Fri 9 Jun 2006 17:45:32 ..S.R 235 698 230,17 K
ihakui.dll Fri 9 Jun 2006 20:33:08 ..S.R 237 258 231,70 K
ilssuba.dll Sat 10 Jun 2006 20:51:52 ..S.R 234 263 228,77 K
iugutil.dll Sat 10 Jun 2006 0:49:12 ..S.R 235 728 230,20 K
jtl607~1.dll Sat 10 Jun 2006 21:33:42 ..S.R 234 252 228,76 K
jtru07~1.dll Sat 10 Jun 2006 22:19:40 ..S.R 234 263 228,77 K
kkdazel.dll Sat 10 Jun 2006 20:58:42 ..S.R 234 252 228,76 K
kodth0.dll Fri 9 Jun 2006 21:16:38 ..S.R 234 054 228,57 K
ktdit142.dll Fri 9 Jun 2006 20:27:42 ..S.R 233 884 228,40 K
lladperf.dll Fri 9 Jun 2006 20:24:38 ..S.R 236 097 230,56 K
nfmsdba.dll Sat 10 Jun 2006 21:34:40 ..S.R 234 263 228,77 K
nqwdev.dll Sat 10 Jun 2006 10:16:42 ..S.R 234 252 228,76 K
nrtmsg.dll Fri 9 Jun 2006 20:01:08 ..S.R 236 669 231,12 K
pnrfctrs.dll Fri 9 Jun 2006 20:35:46 ..S.R 234 054 228,57 K
rpvpsp.dll Fri 9 Jun 2006 23:36:08 ..S.R 234 054 228,57 K
sshedsvc.dll Fri 9 Jun 2006 21:43:22 ..S.R 234 054 228,57 K
ucrvpa.dll Fri 9 Jun 2006 21:56:22 ..S.R 234 054 228,57 K
xwlehlp.dll Sun 11 Jun 2006 9:43:04 ..S.R 234 252 228,76 K

21 items found: 21 files (21 H/S), 0 directories.
Total of file sizes: 4 927 061 bytes 4,70 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sun 11 Jun 2006 9:43:14 A.... 236 198 230,66 K

1 item found: 1 file, 0 directories.
Total of file sizes: 236 198 bytes 230,66 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C80F-1C0C

R‚pertoire de C:\WINDOWS\System32

11/06/2006 09:43 234ÿ252 xwlehlp.dll
10/06/2006 22:19 234ÿ263 jtru0799e.dll
10/06/2006 21:34 234ÿ263 nfmsdba.dll
10/06/2006 21:33 234ÿ252 jtl6073se.dll
10/06/2006 20:58 234ÿ252 kkdazel.dll
10/06/2006 20:51 234ÿ263 ilssuba.dll
10/06/2006 10:31 <REP> dllcache
10/06/2006 10:16 234ÿ252 nqwdev.dll
10/06/2006 09:54 234ÿ054 cqnsole.dll
10/06/2006 00:49 235ÿ728 iugutil.dll
09/06/2006 23:36 234ÿ054 rpvpsp.dll
09/06/2006 21:56 234ÿ054 ucrvpa.dll
09/06/2006 21:43 234ÿ054 sshedsvc.dll
09/06/2006 21:16 234ÿ054 kodth0.dll
09/06/2006 21:02 234ÿ191 fpj8031ue.dll
09/06/2006 21:01 233ÿ415 altxprxy.dll
09/06/2006 20:35 234ÿ054 pnrfctrs.dll
09/06/2006 20:33 237ÿ258 ihakui.dll
09/06/2006 20:27 233ÿ884 ktdit142.dll
09/06/2006 20:24 236ÿ097 lladperf.dll
09/06/2006 20:01 236ÿ669 nrtmsg.dll
09/06/2006 17:45 235ÿ698 i624lgfq162e.dll
21 fichier(s) 4ÿ927ÿ061 octets
1 R‚p(s) 33ÿ456ÿ930ÿ816 octets libres
0
Réponse 7 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.

et poste un nouveau hijackthis

@+
0
Réponse 8 / 26
raiss Messages postés 47 Statut Membre 1
 
L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (432)
Killing 'winlogon.exe'
winlogon.exe (512)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1708)
Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\mexml.dll",DllGetVersion (1496)
"C:\WINDOWS\System32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd (352)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\altxprxy.dll
Successfully Deleted: C:\WINDOWS\system32\altxprxy.dll
Deleting: C:\WINDOWS\system32\cqnsole.dll
Successfully Deleted: C:\WINDOWS\system32\cqnsole.dll
Deleting: C:\WINDOWS\system32\fpj8031ue.dll
Successfully Deleted: C:\WINDOWS\system32\fpj8031ue.dll
Deleting: C:\WINDOWS\system32\i624lgfq162e.dll
Successfully Deleted: C:\WINDOWS\system32\i624lgfq162e.dll
Deleting: C:\WINDOWS\system32\ihakui.dll
Successfully Deleted: C:\WINDOWS\system32\ihakui.dll
Deleting: C:\WINDOWS\system32\ilssuba.dll
Successfully Deleted: C:\WINDOWS\system32\ilssuba.dll
Deleting: C:\WINDOWS\system32\iugutil.dll
Successfully Deleted: C:\WINDOWS\system32\iugutil.dll
Deleting: C:\WINDOWS\system32\jtl6073se.dll
Successfully Deleted: C:\WINDOWS\system32\jtl6073se.dll
Deleting: C:\WINDOWS\system32\jtru0799e.dll
Successfully Deleted: C:\WINDOWS\system32\jtru0799e.dll
Deleting: C:\WINDOWS\system32\kkdazel.dll
Successfully Deleted: C:\WINDOWS\system32\kkdazel.dll
Deleting: C:\WINDOWS\system32\kodth0.dll
Successfully Deleted: C:\WINDOWS\system32\kodth0.dll
Deleting: C:\WINDOWS\system32\ktdit142.dll
Successfully Deleted: C:\WINDOWS\system32\ktdit142.dll
Deleting: C:\WINDOWS\system32\lladperf.dll
Successfully Deleted: C:\WINDOWS\system32\lladperf.dll
Deleting: C:\WINDOWS\system32\mexml.dll
Successfully Deleted: C:\WINDOWS\system32\mexml.dll
Deleting: C:\WINDOWS\system32\n22u0cf9ef2.dll
Successfully Deleted: C:\WINDOWS\system32\n22u0cf9ef2.dll
Deleting: C:\WINDOWS\system32\nfmsdba.dll
Successfully Deleted: C:\WINDOWS\system32\nfmsdba.dll
Deleting: C:\WINDOWS\system32\nqwdev.dll
Successfully Deleted: C:\WINDOWS\system32\nqwdev.dll
Deleting: C:\WINDOWS\system32\nrtmsg.dll
Successfully Deleted: C:\WINDOWS\system32\nrtmsg.dll
Deleting: C:\WINDOWS\system32\pnrfctrs.dll
Successfully Deleted: C:\WINDOWS\system32\pnrfctrs.dll
Deleting: C:\WINDOWS\system32\rpvpsp.dll
Successfully Deleted: C:\WINDOWS\system32\rpvpsp.dll
Deleting: C:\WINDOWS\system32\sshedsvc.dll
Successfully Deleted: C:\WINDOWS\system32\sshedsvc.dll
Deleting: C:\WINDOWS\system32\ucrvpa.dll
Successfully Deleted: C:\WINDOWS\system32\ucrvpa.dll
Deleting: C:\WINDOWS\system32\xwlehlp.dll
Successfully Deleted: C:\WINDOWS\system32\xwlehlp.dll

msg11?.dll
0 fichier(s) copi‚(s).

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jtl6073se.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\altxprxy.dll
C:\WINDOWS\system32\cqnsole.dll
C:\WINDOWS\system32\fpj8031ue.dll
C:\WINDOWS\system32\i624lgfq162e.dll
C:\WINDOWS\system32\ihakui.dll
C:\WINDOWS\system32\ilssuba.dll
C:\WINDOWS\system32\iugutil.dll
C:\WINDOWS\system32\jtl6073se.dll
C:\WINDOWS\system32\jtru0799e.dll
C:\WINDOWS\system32\kkdazel.dll
C:\WINDOWS\system32\kodth0.dll
C:\WINDOWS\system32\ktdit142.dll
C:\WINDOWS\system32\lladperf.dll
C:\WINDOWS\system32\mexml.dll
C:\WINDOWS\system32\n22u0cf9ef2.dll
C:\WINDOWS\system32\nfmsdba.dll
C:\WINDOWS\system32\nqwdev.dll
C:\WINDOWS\system32\nrtmsg.dll
C:\WINDOWS\system32\pnrfctrs.dll
C:\WINDOWS\system32\rpvpsp.dll
C:\WINDOWS\system32\sshedsvc.dll
C:\WINDOWS\system32\ucrvpa.dll
C:\WINDOWS\system32\xwlehlp.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\jifr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}\InprocServer32]
@="C:\\WINDOWS\\system32\\nrtmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}\InprocServer32]
@="C:\\WINDOWS\\system32\\lladperf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}\InprocServer32]
@="C:\\WINDOWS\\system32\\ktdit142.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0AE3B65C-AE29-474F-81EB-78DA81643FBA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE3B65C-AE29-474F-81EB-78DA81643FBA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE3B65C-AE29-474F-81EB-78DA81643FBA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AE3B65C-AE29-474F-81EB-78DA81643FBA}\InprocServer32]
@="C:\\WINDOWS\\system32\\ihakui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DAD93514-8689-4781-9152-609F75683747}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DAD93514-8689-4781-9152-609F75683747}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DAD93514-8689-4781-9152-609F75683747}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DAD93514-8689-4781-9152-609F75683747}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{907EA352-E187-4A20-A77D-DE276D6D94AB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{907EA352-E187-4A20-A77D-DE276D6D94AB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{907EA352-E187-4A20-A77D-DE276D6D94AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{907EA352-E187-4A20-A77D-DE276D6D94AB}\InprocServer32]
@="C:\\WINDOWS\\system32\\altxprxy.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{19D78526-56C2-499A-B203-A24CC42F4507}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{19D78526-56C2-499A-B203-A24CC42F4507}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{19D78526-56C2-499A-B203-A24CC42F4507}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{19D78526-56C2-499A-B203-A24CC42F4507}\InprocServer32]
@="C:\\WINDOWS\\system32\\kodth0.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EE5C2627-B21E-4C05-84D6-55F449163BD3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE5C2627-B21E-4C05-84D6-55F449163BD3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE5C2627-B21E-4C05-84D6-55F449163BD3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE5C2627-B21E-4C05-84D6-55F449163BD3}\InprocServer32]
@="C:\\WINDOWS\\system32\\sshedsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}\InprocServer32]
@="C:\\WINDOWS\\system32\\ucrvpa.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{39F4687A-2899-4779-BFA0-275846C07D1B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{39F4687A-2899-4779-BFA0-275846C07D1B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{39F4687A-2899-4779-BFA0-275846C07D1B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{39F4687A-2899-4779-BFA0-275846C07D1B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{83A72658-A261-49C5-BFBD-E2AED688D3FF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{83A72658-A261-49C5-BFBD-E2AED688D3FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{83A72658-A261-49C5-BFBD-E2AED688D3FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{83A72658-A261-49C5-BFBD-E2AED688D3FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}\InprocServer32]
@="C:\\WINDOWS\\system32\\rpvpsp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6CFD0719-C8BB-41F7-9EA2-1253A2406168}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CFD0719-C8BB-41F7-9EA2-1253A2406168}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CFD0719-C8BB-41F7-9EA2-1253A2406168}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CFD0719-C8BB-41F7-9EA2-1253A2406168}\InprocServer32]
@="C:\\WINDOWS\\system32\\iugutil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}\InprocServer32]
@="C:\\WINDOWS\\system32\\cqnsole.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DEACDED6-57C7-46AA-9953-A99385777728}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DEACDED6-57C7-46AA-9953-A99385777728}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DEACDED6-57C7-46AA-9953-A99385777728}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DEACDED6-57C7-46AA-9953-A99385777728}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqwdev.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5374F076-80F3-452F-96BA-1B48C8FCF864}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5374F076-80F3-452F-96BA-1B48C8FCF864}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5374F076-80F3-452F-96BA-1B48C8FCF864}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5374F076-80F3-452F-96BA-1B48C8FCF864}\InprocServer32]
@="C:\\WINDOWS\\system32\\ilssuba.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B6118B68-8841-47EF-8ABE-3BFDC83D3190}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6118B68-8841-47EF-8ABE-3BFDC83D3190}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6118B68-8841-47EF-8ABE-3BFDC83D3190}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6118B68-8841-47EF-8ABE-3BFDC83D3190}\InprocServer32]
@="C:\\WINDOWS\\system32\\kkdazel.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}\InprocServer32]
@="C:\\WINDOWS\\system32\\nfmsdba.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68FF69CA-285F-42FD-9F2B-6727BE28BD76}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FF69CA-285F-42FD-9F2B-6727BE28BD76}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FF69CA-285F-42FD-9F2B-6727BE28BD76}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FF69CA-285F-42FD-9F2B-6727BE28BD76}\InprocServer32]
@="C:\\WINDOWS\\system32\\xwlehlp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{18B4BCC8-D4F5-4934-8675-BD9076CC9B43}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18B4BCC8-D4F5-4934-8675-BD9076CC9B43}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18B4BCC8-D4F5-4934-8675-BD9076CC9B43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18B4BCC8-D4F5-4934-8675-BD9076CC9B43}\InprocServer32]
@="C:\\WINDOWS\\system32\\mexml.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}"=-
"{489F18FD-97F0-409F-BC9B-A5C546493C29}"=-
"{82A8B937-C06D-4029-BDEB-35AB809F2D5E}"=-
"{DDE008A7-0E5B-409E-BA87-B80B553244E7}"=-
"{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}"=-
"{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}"=-
"{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}"=-
"{0AE3B65C-AE29-474F-81EB-78DA81643FBA}"=-
"{DAD93514-8689-4781-9152-609F75683747}"=-
"{907EA352-E187-4A20-A77D-DE276D6D94AB}"=-
"{19D78526-56C2-499A-B203-A24CC42F4507}"=-
"{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}"=-
"{EE5C2627-B21E-4C05-84D6-55F449163BD3}"=-
"{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}"=-
"{39F4687A-2899-4779-BFA0-275846C07D1B}"=-
"{83A72658-A261-49C5-BFBD-E2AED688D3FF}"=-
"{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}"=-
"{6CFD0719-C8BB-41F7-9EA2-1253A2406168}"=-
"{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}"=-
"{DEACDED6-57C7-46AA-9953-A99385777728}"=-
"{5374F076-80F3-452F-96BA-1B48C8FCF864}"=-
"{B6118B68-8841-47EF-8ABE-3BFDC83D3190}"=-
"{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}"=-
"{68FF69CA-285F-42FD-9F2B-6727BE28BD76}"=-
"{18B4BCC8-D4F5-4934-8675-BD9076CC9B43}"=-
[-HKEY_CLASSES_ROOT\CLSID\{70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF}]
[-HKEY_CLASSES_ROOT\CLSID\{489F18FD-97F0-409F-BC9B-A5C546493C29}]
[-HKEY_CLASSES_ROOT\CLSID\{82A8B937-C06D-4029-BDEB-35AB809F2D5E}]
[-HKEY_CLASSES_ROOT\CLSID\{DDE008A7-0E5B-409E-BA87-B80B553244E7}]
[-HKEY_CLASSES_ROOT\CLSID\{6077C6E1-4445-4E4D-8ED2-9DDE33CC023F}]
[-HKEY_CLASSES_ROOT\CLSID\{7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C}]
[-HKEY_CLASSES_ROOT\CLSID\{0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D}]
[-HKEY_CLASSES_ROOT\CLSID\{0AE3B65C-AE29-474F-81EB-78DA81643FBA}]
[-HKEY_CLASSES_ROOT\CLSID\{DAD93514-8689-4781-9152-609F75683747}]
[-HKEY_CLASSES_ROOT\CLSID\{907EA352-E187-4A20-A77D-DE276D6D94AB}]
[-HKEY_CLASSES_ROOT\CLSID\{19D78526-56C2-499A-B203-A24CC42F4507}]
[-HKEY_CLASSES_ROOT\CLSID\{F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08}]
[-HKEY_CLASSES_ROOT\CLSID\{EE5C2627-B21E-4C05-84D6-55F449163BD3}]
[-HKEY_CLASSES_ROOT\CLSID\{EBA9F820-32E7-4D4E-8666-76CA1F367A6B}]
[-HKEY_CLASSES_ROOT\CLSID\{39F4687A-2899-4779-BFA0-275846C07D1B}]
[-HKEY_CLASSES_ROOT\CLSID\{83A72658-A261-49C5-BFBD-E2AED688D3FF}]
[-HKEY_CLASSES_ROOT\CLSID\{28D048DB-DA43-4F5D-AAF3-888EC14E8DD6}]
[-HKEY_CLASSES_ROOT\CLSID\{6CFD0719-C8BB-41F7-9EA2-1253A2406168}]
[-HKEY_CLASSES_ROOT\CLSID\{6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24}]
[-HKEY_CLASSES_ROOT\CLSID\{DEACDED6-57C7-46AA-9953-A99385777728}]
[-HKEY_CLASSES_ROOT\CLSID\{5374F076-80F3-452F-96BA-1B48C8FCF864}]
[-HKEY_CLASSES_ROOT\CLSID\{B6118B68-8841-47EF-8ABE-3BFDC83D3190}]
[-HKEY_CLASSES_ROOT\CLSID\{F1A2DE40-87B0-4A80-BEEE-77EFA5F40225}]
[-HKEY_CLASSES_ROOT\CLSID\{68FF69CA-285F-42FD-9F2B-6727BE28BD76}]
[-HKEY_CLASSES_ROOT\CLSID\{18B4BCC8-D4F5-4934-8675-BD9076CC9B43}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/altxprxy.dll (164 bytes security) (deflated 4%)
adding: dlls/cqnsole.dll (164 bytes security) (deflated 4%)
adding: dlls/fpj8031ue.dll (164 bytes security) (deflated 5%)
adding: dlls/i624lgfq162e.dll (164 bytes security) (deflated 5%)
adding: dlls/ihakui.dll (164 bytes security) (deflated 6%)
adding: dlls/ilssuba.dll (164 bytes security) (deflated 4%)
adding: dlls/iugutil.dll (164 bytes security) (deflated 5%)
adding: dlls/jtl6073se.dll (164 bytes security) (deflated 4%)
adding: dlls/jtru0799e.dll (164 bytes security) (deflated 4%)
adding: dlls/kkdazel.dll (164 bytes security) (deflated 4%)
adding: dlls/kodth0.dll (164 bytes security) (deflated 4%)
adding: dlls/ktdit142.dll (164 bytes security) (deflated 4%)
adding: dlls/lladperf.dll (164 bytes security) (deflated 5%)
adding: dlls/mexml.dll (164 bytes security) (deflated 4%)
adding: dlls/n22u0cf9ef2.dll (164 bytes security) (deflated 4%)
adding: dlls/nfmsdba.dll (164 bytes security) (deflated 4%)
adding: dlls/nqwdev.dll (164 bytes security) (deflated 4%)
adding: dlls/nrtmsg.dll (164 bytes security) (deflated 5%)
adding: dlls/pnrfctrs.dll (164 bytes security) (deflated 4%)
adding: dlls/rpvpsp.dll (164 bytes security) (deflated 4%)
adding: dlls/sshedsvc.dll (164 bytes security) (deflated 4%)
adding: dlls/ucrvpa.dll (164 bytes security) (deflated 4%)
adding: dlls/xwlehlp.dll (164 bytes security) (deflated 4%)
adding: backregs/0AE1DCEA-7922-4BAA-9AAB-333E9AF32A5D.reg (212 bytes security) (deflated 70%)
adding: backregs/0AE3B65C-AE29-474F-81EB-78DA81643FBA.reg (212 bytes security) (deflated 70%)
adding: backregs/18B4BCC8-D4F5-4934-8675-BD9076CC9B43.reg (212 bytes security) (deflated 70%)
adding: backregs/19D78526-56C2-499A-B203-A24CC42F4507.reg (212 bytes security) (deflated 70%)
adding: backregs/28D048DB-DA43-4F5D-AAF3-888EC14E8DD6.reg (212 bytes security) (deflated 71%)
adding: backregs/39F4687A-2899-4779-BFA0-275846C07D1B.reg (212 bytes security) (deflated 70%)
adding: backregs/5374F076-80F3-452F-96BA-1B48C8FCF864.reg (212 bytes security) (deflated 69%)
adding: backregs/6077C6E1-4445-4E4D-8ED2-9DDE33CC023F.reg (212 bytes security) (deflated 70%)
adding: backregs/68FF69CA-285F-42FD-9F2B-6727BE28BD76.reg (212 bytes security) (deflated 70%)
adding: backregs/6A1E8F5E-DBD1-4A35-8413-B9594BFB6D24.reg (212 bytes security) (deflated 70%)
adding: backregs/6CFD0719-C8BB-41F7-9EA2-1253A2406168.reg (212 bytes security) (deflated 70%)
adding: backregs/70B15EAB-B80B-4D4F-ACCA-80F5DDA3B8FF.reg (212 bytes security) (deflated 69%)
adding: backregs/7E3B3B32-DDF9-4D38-9BCC-EC6CF0D2C13C.reg (212 bytes security) (deflated 70%)
adding: backregs/83A72658-A261-49C5-BFBD-E2AED688D3FF.reg (212 bytes security) (deflated 70%)
adding: backregs/907EA352-E187-4A20-A77D-DE276D6D94AB.reg (212 bytes security) (deflated 70%)
adding: backregs/B6118B68-8841-47EF-8ABE-3BFDC83D3190.reg (212 bytes security) (deflated 70%)
adding: backregs/DAD93514-8689-4781-9152-609F75683747.reg (212 bytes security) (deflated 70%)
adding: backregs/DEACDED6-57C7-46AA-9953-A99385777728.reg (212 bytes security) (deflated 70%)
adding: backregs/EBA9F820-32E7-4D4E-8666-76CA1F367A6B.reg (212 bytes security) (deflated 70%)
adding: backregs/EE5C2627-B21E-4C05-84D6-55F449163BD3.reg (212 bytes security) (deflated 70%)
adding: backregs/F1A2DE40-87B0-4A80-BEEE-77EFA5F40225.reg (212 bytes security) (deflated 70%)
adding: backregs/F91A22C9-C8D3-4ACD-AE3B-9DAD18916A08.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 63%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)
0
Réponse 9 / 26
raiss Messages postés 47 Statut Membre 1
 
Logfile of HijackThis v1.99.1
Scan saved at 23:10:43, on 11/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Aarasse\Bureau\Nouveau dossier\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Windows Base Services] wbse32.exe
O4 - HKLM\..\Run: [w004ab6f.dll] RUNDLL32.EXE w004ab6f.dll,I2 0014452b0004ab6f
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [VT100 Emulator] C:\WINDOWS\System32\VT100.EXE
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\RunServices: [Windows Base Services] wbse32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC9E16B9-A3BD-49ED-8C94-15A37CAFB8F9}: NameServer = 86.64.145.143 84.103.237.143
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\jtl6073se.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QUFSQVNTRQ\command.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Online Anti Virus - Unknown owner - C:\WINDOWS\avll32.exe (file missing)
0
Réponse 10 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
tu sais parler ?

:)
0
Réponse 11 / 26
raiss Messages postés 47 Statut Membre 1
 
je te fais confiance,je fais ce que tu me demandes de faire, car je n'y connais pas grand chose ni à quoi sert un< l2mfix.bat>ou encore un <HijackThis>
0
Réponse 12 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
hum, hum ...

ce n'était pas à ce niveau là ...

avoir 4 rapports muets à la suite : c'est pas tip-top :)

un pti salut, Lu ... ou encore un merci, @+ ... c'est nettement mieux, ça à l'air d'aller mieux , c'est pire qu'avant ! ce ne serait pas superflu ... :)

Description du logiciel HijackThis :

Avez-vous déjà été victime d'une attaque sur le navigateur Internet Explorer ? Mais si, allons, il n'y a aucune honte à l'avouer, le simple fait de l'utiliser vous met déjà en danger de mort cérébrale. Généralement, ce type d'attaque est caractérisé par l'apparition soudaine de barres de recherche, du changement de la page d'accueil ainsi que par une chute aggravée des performances de votre machine. HiJackThis va vous aider à localiser ces programmes malicieux, et ainsi vous permettre de les supprimer. De plus, il va vous faciliter la résolution du problème en forçant la page d'accueil de votre navigateur Internet Explorer, souvent squattée par les programmes espions, et permettre une sauvegarde des paramètres dans le but d'une restauration ultérieure.


quand à l'utilisation de ce fix l2mfix.exe, je l'avais preciser au poste 6, mais ce n'est peut être pas explicite, c'est pour neutraliser l'infection look2me, assez coriace et visible dans ton rapport hijackthis

voila !

je te donnerai demain la marche à suivre, tu es encore pas mal infecté ... et installe un parfeu si tu n'en as pas !
++
0
raiss Messages postés 47 Statut Membre 1
 
ce n'est pas juste un petit merci ,mais plutôt , une grande reconnaissance pour tous ces conseilles
Je pensais qu'un antivirus tel que Kaspersky suffisait et aussi Adaware SE
concernant le parfeu tu en connais un qui soit efficace?
Merci d'avance!!!!
0
Réponse 13 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
bonsoir

pour le parfeu : tu peux faire ton choisis ici :

securite proteger un ordinateur contre les malwares d internet

1)Affiche les dossiers système et fichiers cachés :
Ouvrir le poste de travail
- Outils --> Options des dossiers
- Affichage --> zone Paramètres avancés
- Cocher : Afficher le contenu des dossiers système
- Cocher : Afficher les fichiers et dossiers cachés
- Décocher : Masquer les extensions des fichiers dont le type est connu
- Décocher : Masquer les fichiers protégés du système d'exploitation (recommandé)
répondre Oui au message
Clique sur "Appliquer à tous les dossiers"
Clique sur OK

2) Désactiver la Restauration du système

* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

3) Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

O4 - HKLM\..\Run: [Windows Base Services] wbse32.exe
O4 - HKLM\..\Run: [w004ab6f.dll] RUNDLL32.EXE w004ab6f.dll,I2 0014452b0004ab6f
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\RunServices: [Windows Base Services] wbse32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\jtl6073se.dll (file missing)

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QUFSQVNTRQ\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Online Anti Virus - Unknown owner - C:\WINDOWS\avll32.exe (file missing)

cherche et supprime les fichiers en gras :

wbse32.exe
C:\WINDOWS\System32\firewall.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Program Files\SpySpotter3\Defender.exe
C:\WINDOWS\QUFSQVNTRQ\command.exe
C:\WINDOWS\avll32.exe
C:\Program Files\Network Monitor\netmon.exe

ensuite :

*Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

et enfin, fais le 1/ et 2/ de ce lien stp :

virus methode preliminaire de desinfection version fr

++

***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
0
raiss Messages postés 47 Statut Membre 1
 
salut c'est encore moi; j'ai fais tout ce que tu m'as dit mais là j'ai un autre gros problème, depuis que j'ai installé <bitdefender_prof_v9.exe>, je n'arrive plus à ouvrir mes disques durs et mon ordinnateur rame, je t'envoie un <HijackThis>
je te remiercie d'avance:

Logfile of HijackThis v1.99.1
Scan saved at 15:39:00, on 13/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aarasse\Bureau\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apbif.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC9E16B9-A3BD-49ED-8C94-15A37CAFB8F9}: NameServer = 84.103.237.140 86.64.145.140
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QUFSQVNTRQ\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
Réponse 14 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

tu as installé l'antivirus ???

si c'est la pagaille c'est normal, il faut absolument avoir un seul antivirus et un seul parfeu ! donc déinstalle BitDefender

ce que je t'avais demandé precedment c'était de faire le scan en ligne de
BitDefender

++

***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
0
Réponse 15 / 26
raiss Messages postés 47 Statut Membre 1
 
salut c'est encore mister pagaille
je n'arrive plus à désinstaller BitDefender d'ailleur, je ne retrouve pas dans ajout/et supperssion de programme même le setup je n'arrive plus à le supprimer, j'ai bien essayé le mode sans échec mais aucun résultat, je te refait un <HijackThis>, si ça peut t'aider:

Logfile of HijackThis v1.99.1
Scan saved at 20:08:45, on 13/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aarasse\Bureau\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apbif.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC9E16B9-A3BD-49ED-8C94-15A37CAFB8F9}: NameServer = 84.103.237.146 86.64.145.146
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QUFSQVNTRQ\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
Réponse 16 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
lol !

par contre, moi je le vois bien ...

fixe ces lignes :

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QUFSQVNTRQ\command.exe (file missing)

avec ce ficher à supprimer ( encore ! )

C:\WINDOWS\QUFSQVNTRQ\command.exe

pour le déinstaller : essaye avec ccleaner, il a une option pour ça

sinon, regarde dans program files, et vire le dossier

++

***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
0
raiss Messages postés 47 Statut Membre 1
 
je n'arrive plus à accedé à mon disque dur, il me met c:\n'est pas accessible <accès refusé>
tu vois la pagaille?
0
Réponse 17 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
oups ! c'est vrai ...

as tu essayé une restau système ???

++
0
raiss Messages postés 47 Statut Membre 1
 
je suis désolé, mais le restau système ne fonctionne plus même en mode sans échec
c'est quoi cette pagaille?
0
Réponse 18 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ouaip ! c'est un peu délicat, essaye de déinstaller Kaspersky

et verifie bien si tu as accé au DD en mode sans echec

tiens nous au courant, @+
0
Réponse 19 / 26
raiss Messages postés 47 Statut Membre 1
 
j'ai formaté mon disque dur, mais le problème c'est que vu j'ai particinné mon disque dur C et D, j'ai formaté le C pour réinstaler Windows mais je n'arrive plus à ouvrir le D là où il y avait mes fichiers perso.
C'est Grave Docteur?

Logfile of HijackThis v1.99.1
Scan saved at 18:47:26, on 14/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Aarasse\Bureau\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apbif.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [internet service] svho0st98.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\RunServices: [internet service] svho0st98.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D92670CE-F56D-453C-9889-6FC5B3230122}: NameServer = 84.103.237.146 86.64.145.146
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Windows Sub-System Security Center (WSSCServ) - Unknown owner - C:\WINDOWS\system32\wsscserv.exe (file missing)
0
Réponse 20 / 26
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
re

ok, à ce niveau là, je m'y connais pas trop :

un poste qui parle de ça :

probleme de reconnaissance de disque dur

sinon, ton log est ok, mise à part ces deux là : à fixer !

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

++
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
0

Discussions similaires

Erreur de lecture sur iptv smarters
Bogs -
bazfile -

1 réponse
Comment supprimer un contact
Lilou -
Lilou -

2 réponses
Erreur 3005 sur France TV
Cambodgil -
JeanPierre -

6 réponses
Instagram "Désolé, une erreur s'est produite"
bananamilk -
cedric.masdeb -

60 réponses
Erreur de lecture des tv film et series sur mon appli iptv smarters pro
Constantenzostanley -
glandu -

1 réponse