[Autorite nt/system] style blaster A l'aide!

Question

Bonjour.
J'ai le problème suivant:
Au bout de quelques instants passé sur internet, j'ai le message d'erreur: [autorite/nt system] erreur dans systen32\services.exe, code erreur 204, le pc va redémmarrer.
Exactement le même symptome que blaster  ou sasser sauf que ce ne sont pas cela!
J'ai tout essayé sans succès à savoir:
Hijackthis,SmitfraudFix,Ad-aware,Spybot,Antispyware microsoft,Scan en ligne f-secure..
Je poste donc car vous êtes mon dernier espoir; si quelqu'un peu m'aider, je ne sais plus quoi faire.
(config: windows xp sp2 avec le pare feu de windows xp)

Utilisateur anonyme · Answer

Salut,

vu que tu as le pare-feu Xp fait ça pour commencer..

Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe celui ci pour plus de sécurité 

Kerio: (pare-feu, qui reste gratuit après la periode d'essai!)
Kerio
-tutorial: pour configurer et comprendre l'utilisation de Kerio
kerio.probb.fr/index.htm


Ensuite, mets un rapport hijackthis stp

redscreen · Answer

Bonjour.
Ok je vais voir pour ce pare feu.
(pour toi c'est le meilleur? aussi simple que celui de windows niveau configuration?).
j'ai remarqué que mon pare feu windows avait été désactivé et corompu il y a peu, (j'ai du le réparer avec un fichier reg et une commande "netsh firewall reset").
aujourd'hui c'est réparé et activé, mais ce vers à du passer à ce moment.
et mon but c'est surtout d'éradiquer ce virus vers, de trouver ou il se loge.

Voici le log hijackthis(qui pour moi est prpopre):

Logfile of HijackThis v1.99.1
Scan saved at 12:58:35, on 05/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE
C:\Program Files\MessengerPlus\MsgPlus.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AudioHQU] C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\ProShowGold\ScsiAccess.exe

Utilisateur anonyme · Answer

Si tu estimes que le pare-feu de Windows est un pare-feu comme tu veux ;-)


Ou est ton anti-virus ? installe en un au plus vite ainsi qu'un vrai pare-feu ..

redscreen · Answer

Ben je sais pas, j'ai jamais eu de problème avec le pare feu windows, mais pourquoi pas un autre (kerio) si il ne ralentit pas mon pc et qu'il se configure tout seul car j'y connais rien au port à bloquer etc..
pour l'anti virus, j'en ai pas, ça ralentit le pc!! je préfère scanner de temps à autre et surveiller les processus actif.
je sais c'est pas bien mais je veux pas une leçon de moral du genre viens pas te plaindre, juste qu'on m'aide à trouver ou se loge ce vers et l'éradiquer.
Merci ;-)

Utilisateur anonyme · Answer

ok, demande à quelqu'un d'autre de t'aider alors car si un anti-virus ça ralentit un Pc si tu le dit c'est que c'est vrai, désolé mais je vais pas perdre mon temps alors que tu ne souhaites pas installer un anti-virus et un vrai pare-feu.

Ton Pc est sûrement mal configuré, avec un peu plus de curiosité tu pourrais l'améliorer, mais apparement tu attends tout cuit dans le bec, dommage!

redscreen · Answer

On croit rever ici!
Je demande de l'aide et me fait agresser.
Oui un anti virus ralentit un pc et prend des ressource systeme ça c'est sur!
Ca fait 8 ans que je fonctionne comme ça, et chopé que quelque petits virus que je sias éradiquer tout seul comme un grand, si maintenant le seul qui me pose problème on veut pas m'aider, pas de soucis, je vais me démerder.
Je demande pas qu'on m'aide à configurer mon pc pour l'avenir, mais à supprimer ce vers!
Pour la curiosité j'en ai a revendre!
Donc si tu veux pas aider les gens, ne répond pas ça me sera plus utile.
Merci quand même, et comme tu dis je vais cherchez de l'aide chez quelqu'un de plus patient que toi.

redscreen · Answer

merci quand même :-( 

si quelqu'un veut bien m'aider....
vous êtes les bienvenus.

redscreen · Answer

up!
un dernier espoir avant formatage.
une ame charitable pour me venir en secour?.....

redscreen · Answer

...

Utilisateur anonyme · Answer

Salut,

tu vois bien que personne ne te vient en aide..
Qui va vouloir t'aider si tu estimes qu'un anti-virus et un pare-feu c'est en option ? 

C'est comme si un t'avais un Pc sans electricité..

Utilisateur anonyme · Answer

une envie de poster pour te dire que personne te répondra ;-)

redscreen · Answer

ça fait super avancer les chose c'est vrai!!
je croyais que c'était un forum d'entraide........

^^Marie^^ · Answer

Salut,

ça fait super avancer les chose c'est vrai!! 
je croyais que c'était un forum d'entraide........


Boulepate a raison..... 
Nous faisons les dépannes une fois que les anti-virus et pare-feu sont installés..
C'est comme une des premières "lois" de la protection du PC..


un dernier espoir avant formatage. 
une ame charitable pour me venir en secour?.....

Pourquoi dois tu formater ???



ps : le pare-feu Windows == > c'et de la daube.....

A++

redscreen · Answer

pkoi je dois formater???
car je n'arrive pas à déterrer c foutu vers.
aucun antispyware niantivirus ni hijackthis ne me trouve ce vers.
mon pc redémare des fois après 20 minutes, des fois 2 heures des fois 8 heures!
pour info j'ai antivir d'installé comme anti virus et le pare feu windows.
pas contre installer un autre pare feu mais je n'y connais rien à la configuration.
j'ai scann en ligne sur f-secure, bitdefender, =>nada!
je vois ça plutot comme un challenge pour me desinfecter, c'est sur apres que la potection peu etre meilleure mais je pense que bcp de gens utilisent encore le pare feu windows..

redscreen · Answer

y a t'il des experts en désinfection?
si oui vous êtes vraiment les bienvenus.
car le truc avant tout c'est bien de supprimer ce vers.
merci d'avance.

Utilisateur anonyme · Answer

Tellement je suis méchant je vais te répondre ..

Le rapport que tu as soumit ne démontrer rien d'anormal.

Tu as quoi comme logiciel(s) anti-spywares, si tu en as ?

Utilisateur anonyme · Answer

Ok, donc tu peux soit installer ce logiciel: Ewido ou alors faire le scan en ligne 

Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici
Ewido:  (reste gratuit après la période d'essai)
Ewido

Ou le scan en ligne:
https://www.avg.com/en/signal/malware-and-virus-removal-tool


Ensuite:

Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour  faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

_Online Scanner
_Kaspersky Online Scanner
_My Computer

https://www.kaspersky.fr/downloads

redscreen · Answer

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	00:09:45 26/10/2006

 + Résultat de l'analyse:	

C:\Documents and Settings\Registered\Cookies\registered@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
HKU\S-1-5-21-1960408961-1715567821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} -> Trojan.Zapchast : Nettoyé.


Fin du rapport

----------------------------------------------
Pour kasperspy, je l'ai déjà fait, il ne m'a rien trouvé.

redscreen · Answer

j'oubliais oui, ewido apparement remplcé par avg anti-spyware, je n'ai pu télécherger ewido.

Utilisateur anonyme · Answer

Salut,

Ewido et AVG anti-spyware sont le même logiciel c'est de mon côté il faut que je mette à jour mes infos.

Apparement il t'as supprimè une bestiole, maintenant tu peux faire ce scan anti-virus en ligne il te supprimera ce qu'il te trouve

Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour  faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

https://www.bitdefender.com/toolbox/ 

A++

redscreen · Answer

oui il ma supprimé une bestiole, mais ça continu :,-(
l'analyse kasperspy je l'ai déjà faite et ne me trouve rien (0 virus).

Utilisateur anonyme · Answer

Salut,

Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

décompresse SmitfraudFix
Lance le fichier SmitfraudFix ou SmitfraudFix.cmd et choisis l option 1 copie le rapport ici stp


et


telecharge ça:
http://download.bleepingcomputer.com/sUBs/combofix.exe

appuyes sur "Y" pour continuer

Attends quelques minutes..un rapport va s'ouvrir enregistre son contenu, puis copie et colle le sur ici stp

redscreen · Answer

SmitFraudFix v2.40

Rapport fait à 23:12:52,75, 29/10/2006
Executé à partir de C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Registered\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\REGIST~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


****************************************************************************************************************


"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversionun]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversionun]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b1
"NoRecentDocsHistory"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]	
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-29 23:15:58.10 
C:\ComboFix.txt ... 06-10-29 23:15

redscreen · Answer

désolé le raporte combofix n'était pas complet, je le reposte:

Registered - 06-10-29 23:15:18,92    Service Pack 2
ComboFix 06.10.19 - Running from: "D:\Download"

(((((((((((((((((((((((((((((((   Files Created from 2006-09-29 to 2006-10-29  ))))))))))))))))))))))))))))))))))
 
 
2006-10-29	23:12	53,248	--a------	C:\WINDOWS\system32\Process.exe
2006-10-29	23:12	42,496	--a------	C:\WINDOWS\system32\Swreg.exe
2006-10-29	23:12	40,960	--a------	C:\WINDOWS\system32\Swsc.exe
2006-10-29	23:12	288,417	--a------	C:\WINDOWS\system32\SrchSts.exe
2006-10-25	22:22	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-23	23:10	18,200	--a------	C:\WINDOWS\system32\wups2.dll
2006-10-02	22:44	73,728	-r-------	C:\WINDOWS\system32\ForNvI2C.dll
2006-10-02	22:44	61,440	-r-------	C:\WINDOWS\system32\RemtCtrl.dll
2006-10-02	22:38	5,120	--a------	C:\WINDOWS\system32\drivers\Stdsys.SYS


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))	

[color=red][b]Rootkit driver pe386 is present. A rootkit scan is required[/b][/color]

2006-10-29 23:12	--------	d--------	C:\Program Files\SmitfraudFix
2006-10-29 14:43	--------	d--------	C:\Program Files\Edonkey
2006-10-29 12:50	--------	d--------	C:\Program Files\HijackThis
2006-10-27 10:21	--------	d--------	C:\Program Files\Mozilla Firefox
2006-10-25 22:33	--------	d--------	C:\Program Files\Avg anti-spyware
2006-10-24 00:13	--------	d--------	C:\Program Files\Diskeeper
2006-10-23 23:54	--------	d--h-----	C:\Program Files\InstallShield Installation Information
2006-10-23 23:10	--------	d--h-----	C:\Program Files\WindowsUpdate
2006-10-23 08:45	--------	d--------	C:\Program Files\Ad-aware
2006-10-18 22:41	--------	d--------	C:\Program Files\RecordNowMax
2006-10-18 01:29	--------	d--------	C:\Documents and Settings\Registered\Application Data\Adobe
2006-10-13 00:44	--------	d--------	C:\Program Files\Monkey's audio
2006-10-09 00:14	--------	d--------	C:\Program Files\Fichiers communs
2006-10-08 23:20	--------	d--------	C:\Program Files\TvTool
2006-10-03 00:38	--------	d--------	C:\Program Files\Everest
2006-09-25 23:08	--------	d--------	C:\Program Files\MediaFace
2006-09-21 01:38	56	-r-hs----	C:\WINDOWS\system32\9BFC210179.sys
2006-09-21 01:38	10332	--ahs----	C:\WINDOWS\system32\KGyGaAvL.sys
2006-09-20 21:56	--------	d--------	C:\Program Files\Exact audio copy
2006-09-19 15:41	73	--a------	C:\WINDOWS\system32\ssprs.dll
2006-09-19 15:41	205	--a------	C:\WINDOWS\system32\lsprst7.dll
2006-09-19 15:41	1025	--a------	C:\WINDOWS\system32\sysprs7.dll
2006-09-19 15:41	1025	--a------	C:\WINDOWS\system32\clauth2.dll
2006-09-19 15:41	1025	--a------	C:\WINDOWS\system32\clauth1.dll
2006-09-19 14:57	--------	d--------	C:\Program Files\Adobe
2006-09-19 14:50	--------	d--------	C:\Program Files\Fichiers communs\Adobe
2006-09-18 04:30	--------	d--------	C:\Program Files\ProShowGold
2006-09-15 16:39	--------	d--------	C:\Program Files\Vid‚o
2006-09-14 16:18	--------	d--------	C:\Documents and Settings\Registered\Application Data\Pegasys Inc
2006-09-13 17:20	--------	d--------	C:\Program Files\PicturesToExe
2006-09-13 17:05	--------	d--------	C:\Documents and Settings\Registered\Application Data\PicturesToExe
2006-09-13 15:36	--------	d--------	C:\Documents and Settings\Registered\Application Data\Netscape
2006-09-13 02:34	20480	--a------	C:\WINDOWS\system32\ptevideo.dll
2006-09-13 01:28	--------	d--------	C:\Program Files\Emule
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun]
"WINDVDPatch"="CTHELPER.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE"
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe"
"AudioHQU"="C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE"
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon"
"MessengerPlus3"="\"C:\Program Files\MessengerPlus\MsgPlus.exe\""
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversionun]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversionun]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b1
"NoRecentDocsHistory"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]	
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-29 23:15:58.10 
C:\ComboFix.txt ... 06-10-29 23:15

Utilisateur anonyme · Answer

Salut,

clic sur démarrer, rechercher et supprime ces fichiers:

9BFC210179.sys 
ssprs.dll 
lsprst7.dll 
sysprs7.dll

**Si un fichier persiste lors de la suppression fait ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement

redscreen · Answer

voila, c'est fait.
mais ça n'a pas changé, problème toujours présent.

redscreen · Answer

pas d'autre idée?
je crois que je suis tombé sur le vers le plus resistant au monde :-(

Utilisateur anonyme · Answer

Salut,

remet un rapport hijackthis et fais ça

Télécharges Blacklight et sauvegarde le sur ton bureau.
https://www.f-secure.com/en
Double cliques sur  " blbeta.exe " et acceptes la licence; clic sur "Scan" puis "Next"

Un rapport, va se créer sur ton bureau "fslb-....."
Copies et colles le contenu de ce rapport ici.

Ne touche à rien d'autre!

redscreen · Answer

Logfile of HijackThis v1.99.1
Scan saved at 16:21:20, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE
C:\Program Files\MessengerPlus\MsgPlus.exe
C:\Program Files\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivir\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Antivir\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Antivir\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AudioHQU] C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Antivir\AntiVir PersonalEdition Classic\avgnt.exe" /min
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Antivir\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\Antivir\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

***************************************************

pour f-secure, je n'ai pas trouvé de possibilité de rapport à enregister, il ne m'a rien trouvé le seul log est celui-çi mais ne correspond à rien?:

11/06/06 16:21:49 [Info]: BlackLight Engine 1.0.47 initialized
11/06/06 16:21:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/06/06 16:21:49 [Note]: 7019 4
11/06/06 16:21:49 [Note]: 7005 0
11/06/06 16:21:51 [Note]: 7006 0
11/06/06 16:21:51 [Note]: 7011 1632
11/06/06 16:21:51 [Note]: 7026 0
11/06/06 16:21:51 [Note]: 7026 0
11/06/06 16:22:01 [Note]: FSRAW library version 1.7.1020
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:26:58 [Note]: 2000 1012
11/06/06 16:27:34 [Note]: 7007 0

Utilisateur anonyme · Answer

Salut,

est-ce toi qui a mit des restrictions sur Internet Explorer ?

Toujours pas de pare-feu donc ton problème va continuer

redscreen · Answer

des restrictions sur internet explorer? non ce n'est pas moi, je ne sais même pas ce que c'est.
sinon j'ai le pare feu windows xp (je sais pas très pro pour les experts mais j'ai beaucoup d'amis qui n'ont que celui là et n'ont pas ce problème).
je ne sais pas paramétrer un autre pare feu car j'ai entendu sire que ça se paramétrait.

redscreen · Answer

j'ai essayé d'installer kerio comme tu m'as conseillé, mais ça commence bien , je ne sais plus activer ma connection internet :-( autrement dit il me bloque tout c'est vrai, tout de chez tout.
comment faire?
(internet par cable réseau).
j'ai du désinstaller et reactiver celui de windows.

^^Marie^^ · Answer

Slt

Va sur ce site pour configurer correctement Kerio

https://kerio.probb.fr/

A++

redscreen · Answer

merci pour le lien,j'ai lu un tutoriel, mais en fait j'ai rien changé et quand j'ai redemarré internet fonctionnait??
mais voila mon problème continu encore et encore je deviens fou.
voila, j'ai un antivirus un bon pare feu et j'ai fais tous les scan possible sans rien trouver.
y a t'il encore un génie de la désinfection qui pourrait me secourir?

redscreen · Answer

rapport combofix:

Registered - 06-11-13  0:15:52,37    Service Pack 2
ComboFix 06.11.9 - Running from: "D:\Download"

(((((((((((((((((((((((((((((((   Files Created from 2006-10-13 to 2006-11-13  ))))))))))))))))))))))))))))))))))
 
 
2006-11-12	22:58	90,112	--a------	C:\WINDOWS\system32\AVASTSS.scr
2006-11-12	22:58	87,424	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2006-11-12	22:58	85,952	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2006-11-12	22:58	666,240	--a------	C:\WINDOWS\system32\aswBoot.exe
2006-11-12	22:58	36,176	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2006-11-12	22:58	24,560	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2006-11-12	22:58	16,352	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2006-10-29	23:12	53,248	--a------	C:\WINDOWS\system32\Process.exe
2006-10-29	23:12	42,496	--a------	C:\WINDOWS\system32\Swreg.exe
2006-10-29	23:12	40,960	--a------	C:\WINDOWS\system32\Swsc.exe
2006-10-29	23:12	288,417	--a------	C:\WINDOWS\system32\SrchSts.exe
2006-10-25	22:22	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-23	23:10	18,200	--a------	C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))	

[color=red][b]Rootkit driver pe386 is present. A rootkit scan is required[/b][/color]

2006-11-13 00:10	--------	d--------	C:\Program Files\HijackThis
2006-11-12 23:22	--------	d--------	C:\Program Files\Ad-aware
2006-11-12 22:58	--------	d--------	C:\Program Files\Avast
2006-11-12 22:56	--------	d--------	C:\Program Files\Sunbelt Software
2006-11-09 02:14	--------	d--------	C:\Program Files\Ccleaner
2006-11-08 10:55	14848	--a------	C:\WINDOWS\system32\BASSMOD.dll
2006-11-08 00:59	--------	d--------	C:\Program Files\Edonkey
2006-11-08 00:19	--------	d--------	C:\Documents and Settings\Registered\Application Data\Adobe
2006-11-04 00:33	--------	d--------	C:\Program Files\Mozilla Firefox
2006-11-02 00:30	--------	d--------	C:\Program Files\Monkey's audio
2006-10-29 23:12	--------	d--------	C:\Program Files\SmitfraudFix
2006-10-25 22:33	--------	d--------	C:\Program Files\Avg anti-spyware
2006-10-24 00:13	--------	d--------	C:\Program Files\Diskeeper
2006-10-23 23:54	--------	d--h-----	C:\Program Files\InstallShield Installation Information
2006-10-23 23:10	--------	d--h-----	C:\Program Files\WindowsUpdate
2006-10-18 22:41	--------	d--------	C:\Program Files\RecordNowMax
2006-10-09 00:14	--------	d--------	C:\Program Files\Fichiers communs
2006-10-08 23:20	--------	d--------	C:\Program Files\TvTool
2006-10-04 00:30	5120	--a------	C:\WINDOWS\system32\drivers\Stdsys.SYS
2006-10-03 00:38	--------	d--------	C:\Program Files\Everest
2006-09-25 23:08	--------	d--------	C:\Program Files\MediaFace
2006-09-21 01:38	10332	--ahs----	C:\WINDOWS\system32\KGyGaAvL.sys
2006-09-20 21:56	--------	d--------	C:\Program Files\Exact audio copy
2006-09-19 15:41	1025	--a------	C:\WINDOWS\system32\clauth2.dll
2006-09-19 15:41	1025	--a------	C:\WINDOWS\system32\clauth1.dll
2006-09-19 14:57	--------	d--------	C:\Program Files\Adobe
2006-09-19 14:50	--------	d--------	C:\Program Files\Fichiers communs\Adobe
2006-09-18 04:30	--------	d--------	C:\Program Files\ProShowGold
2006-09-15 16:39	--------	d--------	C:\Program Files\Vid‚o
2006-09-14 16:18	--------	d--------	C:\Documents and Settings\Registered\Application Data\Pegasys Inc
2006-09-13 17:20	--------	d--------	C:\Program Files\PicturesToExe
2006-09-13 17:05	--------	d--------	C:\Documents and Settings\Registered\Application Data\PicturesToExe
2006-09-13 15:36	--------	d--------	C:\Documents and Settings\Registered\Application Data\Netscape
2006-09-13 02:34	20480	--a------	C:\WINDOWS\system32\ptevideo.dll
2006-09-13 01:28	--------	d--------	C:\Program Files\Emule
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun]
"WINDVDPatch"="CTHELPER.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE"
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe"
"AudioHQU"="C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE"
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon"
"MessengerPlus3"="\"C:\Program Files\MessengerPlus\MsgPlus.exe\""
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg"
"avast!"="C:\PROGRA~1\Avast\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversionun]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversionun]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b1
"NoRecentDocsHistory"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]	
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-13  0:17:43.79 
C:\ComboFix.txt ... 06-11-13 00:17

redscreen · Answer

STATUS: FINISHEDComplete scanning result of "wups2.dll", received in VirusTotal at 11.13.2006, 01:35:25 (CET).

Antivirus Version Update Result 
AntiVir 7.2.0.39 11.12.2006  no virus found 
Authentium 4.93.8 11.10.2006  no virus found 
Avast 4.7.892.0 11.13.2006  no virus found 
AVG 386 11.12.2006  no virus found 
BitDefender 7.2 11.13.2006  no virus found 
CAT-QuickHeal 8.00 11.11.2006  no virus found 
ClamAV devel-20060426 11.12.2006  no virus found 
DrWeb 4.33 11.12.2006  no virus found 
eTrust-InoculateIT 23.73.52 11.11.2006  no virus found 
eTrust-Vet 30.3.3186 11.10.2006  no virus found 
Ewido 4.0 11.12.2006  no virus found 
Fortinet 2.82.0.0 11.12.2006  no virus found 
F-Prot 3.16f 11.10.2006  no virus found 
F-Prot4 4.2.1.29 11.10.2006  no virus found 
Ikarus 0.2.65.0 11.10.2006  no virus found 
Kaspersky 4.0.2.24 11.13.2006  no virus found 
McAfee 4893 11.10.2006  no virus found 
Microsoft 1.1609  11.12.2006  no virus found 
NOD32v2 1862 11.10.2006  no virus found 
Norman 5.80.02 11.10.2006  no virus found 
Panda 9.0.0.4 11.12.2006  no virus found 
Sophos 4.11.0 11.07.2006  no virus found 
TheHacker 6.0.1.117 11.12.2006  no virus found 
UNA 1.83 11.10.2006  no virus found 
VBA32 3.11.1 11.13.2006  no virus found 
VirusBuster 4.3.15:9 11.12.2006 no virus found 


Aditional Information 
File size: 18200 bytes 
MD5: e295242c42234de7265d853589f636c0 
SHA1: e691e17b8f452e79fac466b8c9d0b3b65d3fd3b5 
packers: embedded 

****************************************************

STATUS: FINISHEDComplete scanning result of "ptevideo.dll", received in VirusTotal at 11.13.2006, 01:38:19 (CET).

Antivirus Version Update Result 
AntiVir 7.2.0.39 11.12.2006  no virus found 
Authentium 4.93.8 11.10.2006  no virus found 
Avast 4.7.892.0 11.13.2006  no virus found 
AVG 386 11.12.2006  no virus found 
BitDefender 7.2 11.13.2006  no virus found 
CAT-QuickHeal 8.00 11.11.2006  no virus found 
ClamAV devel-20060426 11.12.2006  no virus found 
DrWeb 4.33 11.12.2006  no virus found 
eTrust-InoculateIT 23.73.52 11.11.2006  no virus found 
eTrust-Vet 30.3.3186 11.10.2006  no virus found 
Ewido 4.0 11.12.2006  no virus found 
Fortinet 2.82.0.0 11.12.2006  no virus found 
F-Prot 3.16f 11.10.2006  no virus found 
F-Prot4 4.2.1.29 11.10.2006  no virus found 
Ikarus 0.2.65.0 11.10.2006  no virus found 
Kaspersky 4.0.2.24 11.13.2006  no virus found 
McAfee 4893 11.10.2006  no virus found 
Microsoft 1.1609  11.12.2006  no virus found 
NOD32v2 1862 11.10.2006  no virus found 
Norman 5.80.02 11.10.2006  no virus found 
Panda 9.0.0.4 11.12.2006  no virus found 
Sophos 4.11.0 11.07.2006  no virus found 
TheHacker 6.0.1.117 11.12.2006  no virus found 
UNA 1.83 11.10.2006  no virus found 
VBA32 3.11.1 11.13.2006  no virus found 
VirusBuster 4.3.15:9 11.12.2006 no virus found 


Aditional Information 
File size: 20480 bytes 
MD5: fc9073437c44296308a464e67d51445f 
SHA1: 236717b3ec371d3da7581da54c7faf9e492cf121

redscreen · Answer

bonjour.
mon problème reste toujours inchangé.
mon pc redemarre sans cesse avec le message "autorite nt... erreur...dans services.exe avec le code d'erreur..." et me laisse une minute (genre blaster).
parfois au bout de 2 minutes, parfois 2 heures c'est quand il a envie.
je reposte un rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:57:14, on 13/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE
C:\Program Files\MessengerPlus\MsgPlus.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Adobe\Reader\Reader\AcroRd32.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AudioHQU] C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

redscreen · Answer

Logfile of HijackThis v1.99.1
Scan saved at 23:25:21, on 13/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE
C:\Program Files\MessengerPlus\MsgPlus.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\QuickCam\FxSvr2.exe
C:\Program Files\HijackThis\abcde.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AudioHQU] C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

******************************************************

"Silent Runners.vbs", revision 49, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"LVCOMSX" = "C:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"ezShieldProtector for Px" = "C:\WINDOWS\system32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]
"AudioHQU" = "C:\Program Files\Creative\SbLive\AudioHQ\AHQTBU.EXE" ["Creative Technology Ltd."]
"Easy-PrintToolBox" = "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus\MsgPlus.exe"" ["Patchou"]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string]
"avast!" = "C:\PROGRA~1\Avast\ashDisp.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\Alcohol\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
\InProcServer32\(Default) = "C:\Program Files\Winace\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
\InProcServer32\(Default) = "C:\Program Files\Winace\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\Winace\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
\InProcServer32\(Default) = "C:\Program Files\Winace\arcext.dll" ["e-merge GmbH"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Office\Office10\msohev.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Mes photos Logitech"
-> {HKLM...CLSID} = "Mes photos Logitech"
\InProcServer32\(Default) = "C:\Program Files\Logitech\QuickCam\Namespc2.dll" ["Logitech Inc."]
"{46E22146-59C0-4136-9233-52E412E2B428}" = "EzCddax extension"
-> {HKLM...CLSID} = "EzCddax Class"
\InProcServer32\(Default) = "C:\Program Files\Easy cd extractor\ezcddax8.dll" [null data]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {HKLM...CLSID} = "Message View"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Avg anti-spyware\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]| [file not found]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Reader\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast\ashShell.dll" ["ALWIL Software"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Avg anti-spyware\context.dll" ["Anti-Malware Development a.s."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\Winace\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Avg anti-spyware\context.dll" ["Anti-Malware Development a.s."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\Winace\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast\ashShell.dll" ["ALWIL Software"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 1 line

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Avast\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Avast\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Avast\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Avast\ashWebSv.exe" /service" ["ALWIL Software"]
Diskeeper, Diskeeper, "C:\Program Files\Diskeeper\DkService.exe" ["Executive Software International, Inc."]
Sunbelt Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i550\Driver = "CNMLM49.DLL" ["CANON INC."]
Canon BJ Language Monitor iP5200\Driver = "CNMLM79.DLL" ["CANON INC."]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 54 seconds, including 12 seconds for message boxes)

Utilisateur anonyme · Answer

Salut,

clique sur démarrer, exécuter: tape: regedit 

Suit ce chemin:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

Sur la droite cherche cette clef: 
BootExecute

Clique droit dessus puis modifier:
- à: donnèes de la valeur tu entre exactement ceci:

autocheck autochk *

Puis "ok"

Redémarre ton PC puis dis moi quoi ;-)

redscreen · Answer

c'est fait, mais c'était déjà ce qui était écris dans donnée de la valeur.
=>pas de changement, toujours même problème.

redscreen · Answer

oui, faut que je fouille, je fais ça dès que j'ai le temps.
mais ça s'apparante plutot à un virus cette merde.
pense tu que ça puisse être lié à windows? (car je ne connais pas de processus qui redemarre comme ça avec ce message d'erreur).
j'ai déja consulté d'autres post avec le même soucis, mais cela s'arrange avec une analyse et un bon nettoyage, chose qui ne marche pas avec moi.
bien caché oui c'est clair, à tel point que c'est introuvable, et que je vais devoir formater, grrr.
merci quand même pour ton aide.

ps:connait tu un lien pour apprendre à utiliser combofiw et silent runner comme tu m'a indiqué carje ne connaissais pas ces logiciels et je ne sais comment interpreter les résultats.
merci.

Utilisateur anonyme · Answer

Salut,

pas besoin de formater répare juste Windows il se peut qu'il merdouille vu le rapport silentrunners

Pour ce que tu demandes regarde sur ce forum, j'ai pas trouver les infos mais elles y sont déjà vu, mais c'est le fouilli :-/
http://entraide.aceboard.fr/

redscreen · Answer

merci pour ton lien je vais y faire un tour, et surtout pour toute ton aide.
mais miracle, hier soir j'ai su me débrouiller tout seul et trouver la solution.
je poste le lien avec les explications si jamais quelqu"un à un jour le même problème.

http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/services-sujet_16080_1.htm

c'était du à un rootkit (pe386).
(entre parenthèse, non détécté avec l'anti rootkit f-secure).
une éspèce de saloperie invisible, mort à ceux qui les créent!!
(repéré avec diaghelp et supprimé avec un script dans avanger + l'ads spy de hijackthis).

[Autorite nt/system] style blaster A l'aide!

43 réponses

Votre réponse

Discussions similaires

Newsletters