Infecté par tojan ZLOB FC et autres trojans
Résolu
zoefelix
-
green day Messages postés 26374 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
green day Messages postés 26374 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour,
Mon Pc fais n'importe quoi, il ouvre des fenetres pas sympas, kaspersky trial devient fou, et j'ai l impression que j'ai d plus en plus de Trojan.
Pouvez-vous m'aider à analyser ce rapport SMitfraud???merci merci
SmitFraudFix v2.142
Rapport fait à 21:21:43,64, 18/02/2007
Executé à partir de C:\Documents and Settings\audrey becourt\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 forum.arovax.com
127.0.0.1 bleepingcomputer.com
127.0.0.1 www.bleepingcomputer.com
127.0.0.1 download.bleepingcomputer.com
127.0.0.1 boskak.za.net
127.0.0.1 bullguard.com
127.0.0.1 www.bullguard.com
127.0.0.1 castlecops.com
127.0.0.1 www.castlecops.com
127.0.0.1 compu-docs.com
127.0.0.1 www.compu-docs.com
127.0.0.1 forums.us.dell.com
127.0.0.1 depannetonpc.net
127.0.0.1 www.depannetonpc.net
127.0.0.1 forums.digitaltrends.com
127.0.0.1 ewido.net
127.0.0.1 www.ewido.net
127.0.0.1 greyknight17.com
127.0.0.1 www.greyknight17.com
127.0.0.1 forum.idg.pl
127.0.0.1 infos-du-net.com
127.0.0.1 www.infos-du-net.com
127.0.0.1 innovative-sol.com
127.0.0.1 www.innovative-sol.com
127.0.0.1 help.lockergnome.com
127.0.0.1 mytechsupport.ca
127.0.0.1 www.mytechsupport.ca
127.0.0.1 fileinfo.prevx.com
127.0.0.1 siri.urz.free.fr
127.0.0.1 forums.spybot.info
127.0.0.1 cleanup.stevengould.org
127.0.0.1 stevengould.org
127.0.0.1 www.stevengould.org
127.0.0.1 research.sunbelt-software.com
127.0.0.1 spywareinfo.dk
127.0.0.1 www.spywareinfo.dk
127.0.0.1 superantispyware.com
127.0.0.1 www.superantispyware.com
127.0.0.1 forums.techguy.org
127.0.0.1 www.techsupportforum.com
127.0.0.1 forums.tomcoyote.org
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ctpmon.exe PRESENT !
C:\WINDOWS\system32\RegistryCleanerSetup.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\audrey becourt
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\audrey becourt\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AUDREY~2\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\win_n21.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Mon Pc fais n'importe quoi, il ouvre des fenetres pas sympas, kaspersky trial devient fou, et j'ai l impression que j'ai d plus en plus de Trojan.
Pouvez-vous m'aider à analyser ce rapport SMitfraud???merci merci
SmitFraudFix v2.142
Rapport fait à 21:21:43,64, 18/02/2007
Executé à partir de C:\Documents and Settings\audrey becourt\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 forum.arovax.com
127.0.0.1 bleepingcomputer.com
127.0.0.1 www.bleepingcomputer.com
127.0.0.1 download.bleepingcomputer.com
127.0.0.1 boskak.za.net
127.0.0.1 bullguard.com
127.0.0.1 www.bullguard.com
127.0.0.1 castlecops.com
127.0.0.1 www.castlecops.com
127.0.0.1 compu-docs.com
127.0.0.1 www.compu-docs.com
127.0.0.1 forums.us.dell.com
127.0.0.1 depannetonpc.net
127.0.0.1 www.depannetonpc.net
127.0.0.1 forums.digitaltrends.com
127.0.0.1 ewido.net
127.0.0.1 www.ewido.net
127.0.0.1 greyknight17.com
127.0.0.1 www.greyknight17.com
127.0.0.1 forum.idg.pl
127.0.0.1 infos-du-net.com
127.0.0.1 www.infos-du-net.com
127.0.0.1 innovative-sol.com
127.0.0.1 www.innovative-sol.com
127.0.0.1 help.lockergnome.com
127.0.0.1 mytechsupport.ca
127.0.0.1 www.mytechsupport.ca
127.0.0.1 fileinfo.prevx.com
127.0.0.1 siri.urz.free.fr
127.0.0.1 forums.spybot.info
127.0.0.1 cleanup.stevengould.org
127.0.0.1 stevengould.org
127.0.0.1 www.stevengould.org
127.0.0.1 research.sunbelt-software.com
127.0.0.1 spywareinfo.dk
127.0.0.1 www.spywareinfo.dk
127.0.0.1 superantispyware.com
127.0.0.1 www.superantispyware.com
127.0.0.1 forums.techguy.org
127.0.0.1 www.techsupportforum.com
127.0.0.1 forums.tomcoyote.org
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ctpmon.exe PRESENT !
C:\WINDOWS\system32\RegistryCleanerSetup.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\audrey becourt
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\audrey becourt\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AUDREY~2\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\win_n21.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
A voir également:
- Infecté par tojan ZLOB FC et autres trojans
- Fc statut.pw ✓ - Forum Téléchargement
- Trojan sms-par google ✓ - Forum Virus
- 50 nuances de grey - Forum Cinéma / Télé
- Fc portable - Forum Virus
- Scan fc now - Guide
28 réponses
Salut ;-)
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
ensuite :
Télécharge ceci sur ton bureau :
Lien : hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
@+
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
ensuite :
Télécharge ceci sur ton bureau :
Lien : hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
@+
Enfin !!ce n'était pas simple, bref...
Voici donc les deux rapports:
SmitFraudFix v2.142
Rapport fait à 22:01:35,26, 18/02/2007
Executé à partir de C:\Documents and Settings\audrey becourt\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\ctpmon.exe supprimé
C:\WINDOWS\system32\RegistryCleanerSetup.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et le second:
Logfile of HijackThis v1.99.1
Scan saved at 22:08:48, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
C:\WINDOWS\system32\WgaTray.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\rksvfsnh.dll",setvm
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: rpcc - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
que dois-je faire maintanant? merci merci
Voici donc les deux rapports:
SmitFraudFix v2.142
Rapport fait à 22:01:35,26, 18/02/2007
Executé à partir de C:\Documents and Settings\audrey becourt\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\ctpmon.exe supprimé
C:\WINDOWS\system32\RegistryCleanerSetup.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et le second:
Logfile of HijackThis v1.99.1
Scan saved at 22:08:48, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
C:\WINDOWS\system32\WgaTray.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\rksvfsnh.dll",setvm
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: rpcc - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
que dois-je faire maintanant? merci merci
re
ok, suite :
Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :
http://www.atribune.org/ccount/click.php?id=4
*Double-clique VundoFix.exe afin de le lancer.
* Cochez Run VundoFix as a task.
* l'outil va se fermer et s'ouvrir à nouveau : cliquez Ok
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* le PC va s'éteindre ("shutdown") : clique OK
* Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
@+
ok, suite :
Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :
http://www.atribune.org/ccount/click.php?id=4
*Double-clique VundoFix.exe afin de le lancer.
* Cochez Run VundoFix as a task.
* l'outil va se fermer et s'ouvrir à nouveau : cliquez Ok
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* le PC va s'éteindre ("shutdown") : clique OK
* Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re:
voici le premier rapport Vundo:
C:\Documents and settings\audrey becourt\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\audrey becourt\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\bkdtvink.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfhkj.tmp
C:\WINDOWS\system32\dgeaswnc.dll
C:\WINDOWS\system32\gftjapvt.exe
C:\WINDOWS\system32\hnsfvskr.ini
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\knivtdkb.ini
C:\WINDOWS\system32\rksvfsnh.dll
C:\WINDOWS\system32\vemdeuhn.dll
C:\WINDOWS\system32\yfqcfddw.exe
et le deuxieme Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 22:51:06, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: rpcc - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
merci A toute
voici le premier rapport Vundo:
C:\Documents and settings\audrey becourt\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\audrey becourt\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\bkdtvink.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfhkj.tmp
C:\WINDOWS\system32\dgeaswnc.dll
C:\WINDOWS\system32\gftjapvt.exe
C:\WINDOWS\system32\hnsfvskr.ini
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\knivtdkb.ini
C:\WINDOWS\system32\rksvfsnh.dll
C:\WINDOWS\system32\vemdeuhn.dll
C:\WINDOWS\system32\yfqcfddw.exe
et le deuxieme Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 22:51:06, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: rpcc - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
merci A toute
re
relance le fix et choisis l'option : remove Vundo
ensuite redemarre le PC s'il ne te le demande pas, et poste un nouveau hijack stp
++
relance le fix et choisis l'option : remove Vundo
ensuite redemarre le PC s'il ne te le demande pas, et poste un nouveau hijack stp
++
re
voici le nouveau hijack, tout va bien?
Logfile of HijackThis v1.99.1
Scan saved at 23:11:44, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: rpcc - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
A toute
voici le nouveau hijack, tout va bien?
Logfile of HijackThis v1.99.1
Scan saved at 23:11:44, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: rpcc - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
A toute
bien, y avait-il un rapport, si oui, poste le stp !
ensuite :
télécharge l2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe
Double-cliquer sur l2mfix.exe pour lancer l'extraction
Dans le dossier l2mfix, double clic sur l2mfix.bat, appuyer sur n'importe quelle touche puis choisir l'option #1 (et pas autre chose) et valider avec la touche entre.
Le bloc note va s'ouvrir avec le rsultat du scan.copie/colles le rapport ici
++
ensuite :
télécharge l2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe
Double-cliquer sur l2mfix.exe pour lancer l'extraction
Dans le dossier l2mfix, double clic sur l2mfix.bat, appuyer sur n'importe quelle touche puis choisir l'option #1 (et pas autre chose) et valider avec la touche entre.
Le bloc note va s'ouvrir avec le rsultat du scan.copie/colles le rapport ici
++
non quand j'ai fais remove vundo je n'ai pas scanné, il n'y avait donc pas rapport
je fais la suite
à tout
je fais la suite
à tout
re
voici le rapport de l2m:
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\klogon.dll"
"Logon"="WLEventStop"
"Startup"="WLEventStart"
"Lock"="WLEventStart"
"Unlock"="WLEventStop"
"Logoff"="WLEventStart"
@=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlmkl]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,b8,e8,81,0a,a6,bc,20,46,a2,bf,24,a7,73,45,a5,fb,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,84,3a,17,bb,92,7b,c4,25,\
f6,85,80,b7,1e,40,41,43,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,4d,\
16,f2,35,eb,4c,64,a6,76,a6,9a,1f,0a,41,0c,66,08,06,00,00,a4,b8,13,73,d6,20,\
9a,bc,81,0b,b8,24,25,eb,a6,91,ad,01,86,6a,7e,87,50,77,b6,a0,87,ba,cc,aa,63,\
f8,1e,06,29,b9,85,e6,16,5b,89,52,d3,d2,c3,74,d8,bc,7a,42,eb,6a,87,dc,68,9b,\
08,4b,5c,ae,ca,ec,f0,b0,65,00,90,d6,92,a4,06,ab,e7,18,22,2a,d4,54,29,f8,38,\
f2,de,bf,74,89,35,44,fe,6f,7e,d3,dc,57,d4,b7,5c,07,4d,e4,89,1c,56,3a,7a,90,\
3c,9f,6b,39,54,a4,c4,a1,00,25,fa,2f,7b,97,6d,07,5b,6b,d1,3d,2c,8b,e4,66,ce,\
b5,7d,9a,54,dc,dd,0f,a1,dd,7e,8b,ba,6c,3b,69,ca,f1,c6,bc,fc,60,15,8a,78,5c,\
3a,2b,2f,a5,e0,a8,8e,5d,96,a7,35,df,ab,04,77,58,d2,cc,da,5c,f3,94,be,57,e6,\
d8,f7,2c,a2,87,52,bf,72,05,a1,f6,e0,f1,38,5f,d4,25,da,9a,47,63,5c,8f,bc,49,\
37,b8,cc,eb,f6,59,91,20,30,64,c4,fc,80,ee,0f,15,9e,0c,95,12,67,e1,a6,50,05,\
dd,c3,87,a7,6f,2a,ad,20,53,c6,41,79,5c,f4,ad,94,e9,8d,9e,20,fb,1b,b6,11,26,\
4b,9f,d0,ba,77,71,12,7f,fe,1c,e0,70,97,e5,c5,d6,3c,02,7c,58,64,e4,f5,c0,11,\
8f,79,1f,ab,e3,ab,a5,5e,29,85,0f,a5,d2,7f,ac,ef,0e,11,45,a2,32,08,83,08,89,\
07,58,59,e1,01,b5,e3,cb,d6,54,2f,5d,98,bd,bb,72,55,f1,9c,fb,54,16,b6,3c,94,\
2a,d4,de,dd,52,27,b4,19,96,dd,eb,92,fc,92,e2,5d,00,df,83,7a,a0,39,d7,c2,8d,\
c2,86,25,14,29,2e,70,31,6f,a2,8c,12,2e,b2,26,fd,c1,e3,e3,eb,26,1f,d2,6d,88,\
f4,a7,bd,86,67,ab,67,fe,4c,5e,53,b1,2b,b2,6e,67,12,ea,40,9f,cc,c7,d6,93,a3,\
a0,25,83,f1,78,da,b3,06,c4,05,0d,3b,fe,2a,56,17,2e,86,fd,87,40,80,03,fd,72,\
48,f5,e9,63,03,09,ca,48,f9,92,9d,70,af,3c,d2,4e,2e,e5,d4,52,a9,1d,ff,49,83,\
bc,b0,82,00,6a,67,22,e6,f7,f3,41,a2,62,e0,1d,32,7a,17,e8,ba,10,b0,8a,7a,9f,\
15,44,48,72,8d,67,80,ae,48,d1,ee,92,3f,86,c5,15,bc,fb,52,34,19,b5,91,55,ba,\
8b,e6,22,3f,fa,4e,53,a5,6f,5c,48,e2,c5,a0,d7,32,c0,50,3e,d6,21,34,cc,1f,32,\
b5,98,08,3a,99,4a,18,7c,62,09,86,07,46,a5,59,cd,d9,b4,38,d3,a6,6d,bc,86,c8,\
61,53,49,5d,11,66,1c,c6,64,e9,96,08,b2,97,a9,5a,ea,cd,9d,e1,45,09,3c,a8,df,\
26,21,d8,8a,e6,21,fe,1d,93,17,1e,3f,d2,3a,e9,7c,74,d6,27,62,07,7a,5e,fc,55,\
ad,8f,43,d1,dc,29,40,13,01,5f,be,d2,17,3c,66,e7,2c,74,1b,c0,d8,4b,a5,aa,e1,\
67,91,f4,f9,e8,6c,cc,fd,cc,61,c9,07,9d,78,61,76,2e,3b,84,76,1e,a9,b2,2d,87,\
c8,dc,b6,a6,a7,8d,ed,a6,82,22,30,06,a0,15,87,c3,2e,f1,26,a3,f1,75,b8,64,31,\
71,d7,3e,8c,2c,56,02,28,0f,f9,3e,30,7b,5b,c9,1f,eb,0b,ca,91,6c,a7,31,43,72,\
78,87,9a,14,1f,74,a7,c4,f1,e3,1a,4c,09,30,ec,f5,60,d4,79,7c,50,0a,75,3d,76,\
ce,6e,2a,7d,ae,5d,38,de,8f,d8,13,36,9f,2f,29,aa,c7,bb,14,41,17,60,a7,43,cd,\
a9,52,1d,27,f5,06,2b,1f,66,ab,8e,9a,54,e0,72,65,11,f4,a3,1c,60,15,dc,03,80,\
ba,68,a9,83,58,3a,de,11,54,63,71,2f,f0,9e,19,f7,42,33,b7,e0,fd,2a,b6,c8,11,\
f7,8c,29,15,33,11,b3,9d,c1,fc,4d,88,68,48,8c,27,29,64,51,35,6b,2f,47,f3,20,\
23,2e,e5,79,97,d0,ad,f6,69,53,c4,31,ee,c1,cc,91,09,1a,cd,42,d5,ac,ff,87,2d,\
79,eb,2a,ce,b5,de,42,0d,11,cc,0c,ca,f0,ba,b2,0b,d0,f9,5e,ec,1e,44,3b,23,c7,\
ef,73,49,0c,1e,71,a9,f0,3a,55,63,42,b0,b3,2a,ca,45,8d,fb,87,54,ab,54,d5,5d,\
e7,37,e1,de,40,8a,dd,10,bc,c3,60,9a,1a,e7,90,21,af,29,03,c1,9f,bc,82,a5,6f,\
80,8e,5c,ad,41,e7,f0,7f,40,d6,aa,1b,5e,2d,63,e0,92,e8,d7,05,cb,6c,2a,af,fb,\
78,f7,c7,19,ed,ce,55,e9,5a,cb,f0,cc,c0,38,8d,bd,25,cf,d4,ec,2b,a4,86,8f,e5,\
83,53,f7,4a,85,ee,8f,5d,64,6f,a1,b4,2a,5b,40,2b,e8,32,8f,23,44,e4,21,e9,92,\
42,9a,7c,26,c6,5d,f3,8e,99,b7,19,28,2a,c2,d5,ea,a9,c2,2c,c0,e0,f1,ed,63,84,\
39,2f,73,05,14,a2,87,d3,ab,1d,6b,30,8e,3c,12,73,e6,0d,29,a8,fd,e0,f6,36,13,\
ab,82,93,31,27,f8,d7,38,e5,85,f0,e2,19,e3,3b,fa,44,09,b9,65,8d,3c,1c,26,d6,\
5f,4d,52,da,2c,bd,9c,d8,d3,1c,6d,1e,b3,3c,2f,4a,b2,14,b8,df,66,bb,2c,3c,e2,\
73,9e,94,ab,80,6b,89,69,d2,e9,b3,6e,dc,fd,df,68,e2,3a,65,75,f8,2c,c6,9f,c1,\
0b,22,da,8d,bb,8d,62,51,1f,59,37,ed,a8,34,52,b2,79,2c,eb,1d,65,68,7a,1f,fb,\
5f,10,8a,95,1a,13,13,30,e1,3a,5e,7c,a1,1b,48,41,69,fd,2f,e8,ed,ef,c4,67,a5,\
5d,f0,31,2c,9f,8f,eb,9c,01,23,e3,6a,ba,59,6c,03,78,07,81,80,a6,f9,c4,41,f0,\
7e,eb,b5,1b,af,cb,b1,c0,b5,a2,9c,89,91,a8,dd,fb,83,b3,44,d0,90,56,4d,5e,87,\
36,20,23,1c,57,c9,8d,1f,7f,a4,b9,aa,b0,ad,11,42,a7,4a,7e,8d,4b,f5,bd,99,74,\
b0,1e,8a,e9,d5,12,23,9d,f5,a0,3b,68,2b,09,e6,20,cd,f1,1c,96,c2,49,68,dd,14,\
4b,eb,43,df,56,7d,10,9b,8a,7f,b7,1e,e9,70,b6,e2,81,cb,1c,8f,d8,b8,3e,24,11,\
33,65,be,26,d4,30,cf,6b,bc,82,3e,92,a7,9f,9d,d4,3f,a8,a8,b8,97,1a,ec,0c,84,\
f2,ab,6b,17,54,a0,dc,b7,11,34,10,32,31,9a,cc,1a,dc,af,d5,8c,8e,bb,49,62,e3,\
65,08,9d,26,5c,cc,ad,e1,22,84,89,74,af,90,2c,63,33,71,dc,4e,59,80,93,1f,85,\
bc,a5,8f,64,98,b9,a6,59,e5,24,d7,f2,20,bf,2a,02,f9,86,77,94,aa,84,96,bd,f9,\
2b,43,fb,e9,89,ce,91,09,5e,25,06,9c,b4,57,42,70,f9,cc,34,1f,f5,73,21,74,2a,\
44,2f,e2,82,c2,9a,35,bd,00,a0,89,6d,52,5d,ed,c5,c8,04,81,a9,72,0d,5f,3e,79,\
8e,d4,bc,85,31,32,d8,45,7a,2a,90,c8,64,d3,23,34,a9,5e,be,43,8d,49,3b,60,11,\
51,34,b5,35,69,b9,8a,80,27,4c,29,bd,ca,9b,ea,dd,72,da,3b,cd,9e,19,6a,5e,ae,\
24,27,9c,d2,4c,f9,40,20,a4,1c,49,43,5a,a5,42,a3,69,ee,78,f5,de,bc,2c,27,b2,\
54,69,d0,51,bb,05,24,b1,eb,67,21,b8,e0,14,00,00,00,17,11,d9,fa,a5,43,f9,49,\
21,4a,4e,08,87,3e,9b,89,07,5b,45,bf
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32]
"Asynchronous"=dword:00000001
"DllName"="winjyp32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{E91B2703-013E-4A99-AD33-2B6FB00AA356}"="RecordNow! ContextMenuExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{2F860D81-AF3C-11D4-BDB3-00E0987D8540}"="UltimateZip Shell Extension"
"{2F860D82-AF3C-11D4-BDB3-00E0987D8540}"="UltimateZip Drag Drop Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}"="Web Anti-Virus statistics"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
advpack.dll Mon 8 Jan 2007 19:00:48 A.... 124 928 122,00 K
corpol.dll Mon 8 Jan 2007 19:01:14 A.... 17 408 17,00 K
extmgr.dll Fri 12 Jan 2007 9:27:42 A.... 132 608 129,50 K
gpjgcxj.dll Sun 18 Feb 2007 14:17:18 A.... 93 696 91,50 K
ieakeng.dll Mon 8 Jan 2007 19:02:02 A.... 153 088 149,50 K
ieaksie.dll Mon 8 Jan 2007 19:02:02 A.... 230 400 225,00 K
ieakui.dll Mon 8 Jan 2007 19:02:02 A.... 161 792 158,00 K
ieapfltr.dll Mon 8 Jan 2007 19:02:02 ..... 383 488 374,50 K
iedkcs32.dll Mon 8 Jan 2007 19:02:02 A.... 384 000 375,00 K
ieframe.dll Fri 12 Jan 2007 9:27:42 A.... 6 054 400 5,77 M
iernonce.dll Mon 8 Jan 2007 19:02:04 A.... 44 544 43,50 K
iertutil.dll Mon 8 Jan 2007 19:02:04 A.... 266 752 260,50 K
jsproxy.dll Fri 12 Jan 2007 9:27:42 A.... 27 136 26,50 K
klogon.dll Mon 29 Jan 2007 23:04:00 A.... 200 768 196,06 K
lvsgamoc.dll Sun 18 Feb 2007 20:30:20 A.... 76 412 74,62 K
msfeeds.dll Fri 12 Jan 2007 9:27:42 ..... 458 752 448,00 K
msfeed~1.dll Fri 12 Jan 2007 9:27:42 ..... 51 712 50,50 K
msftedit.dll Mon 27 Nov 2006 15:55:30 A.... 539 136 526,50 K
mshtml.dll Fri 12 Jan 2007 9:27:42 A.... 3 580 416 3,41 M
mshtmled.dll Fri 12 Jan 2007 9:27:42 A.... 477 696 466,50 K
msrating.dll Mon 8 Jan 2007 19:03:02 A.... 193 024 188,50 K
mstime.dll Fri 12 Jan 2007 9:27:42 A.... 670 720 655,00 K
nnnkljh.dll Sun 18 Feb 2007 14:17:20 ..SH. 26 637 26,01 K
occache.dll Mon 8 Jan 2007 19:04:08 A.... 102 400 100,00 K
oudoewdm.dll Sun 18 Feb 2007 21:19:00 A.... 44 177 43,14 K
pncrt.dll Sun 28 Jan 2007 22:01:18 A.... 278 528 272,00 K
riched20.dll Mon 27 Nov 2006 15:55:32 A.... 433 152 423,00 K
shell32.dll Tue 19 Dec 2006 22:49:48 A.... 8 509 952 8,11 M
shsvcs.dll Tue 19 Dec 2006 22:49:48 A.... 135 168 132,00 K
spyzygg.dll Fri 16 Feb 2007 13:59:52 A.... 94 208 92,00 K
url.dll Mon 8 Jan 2007 19:04:54 A.... 105 984 103,50 K
urlmon.dll Fri 12 Jan 2007 9:27:42 A.... 1 149 952 1,09 M
webcheck.dll Fri 12 Jan 2007 9:27:42 A.... 232 960 227,50 K
whoefsje.dll Sun 18 Feb 2007 21:12:18 A.... 76 412 74,62 K
wiaservc.dll Tue 19 Dec 2006 19:17:50 A.... 334 336 326,50 K
wininet.dll Fri 12 Jan 2007 9:27:42 A.... 822 784 803,50 K
36 items found: 36 files (1 H/S), 0 directories.
Total of file sizes: 26 669 526 bytes 25,43 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
mcrh.tmp Sun 18 Feb 2007 9:37:46 A.... 143 0,14 K
1 item found: 1 file, 0 directories.
Total of file sizes: 143 bytes 0,14 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est A0D3-E85D
R‚pertoire de C:\WINDOWS\System32
18/02/2007 14:17 26ÿ637 nnnkljh.dll
18/02/2007 14:15 <REP> dllcache
15/12/2005 21:50 <REP> Microsoft
05/08/2004 12:00 88ÿ484 taskmgrz.exe~
2 fichier(s) 115ÿ121 octets
2 R‚p(s) 18ÿ097ÿ627ÿ136 octets libres
A toute
voici le rapport de l2m:
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\klogon.dll"
"Logon"="WLEventStop"
"Startup"="WLEventStart"
"Lock"="WLEventStart"
"Unlock"="WLEventStop"
"Logoff"="WLEventStart"
@=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlmkl]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,b8,e8,81,0a,a6,bc,20,46,a2,bf,24,a7,73,45,a5,fb,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,84,3a,17,bb,92,7b,c4,25,\
f6,85,80,b7,1e,40,41,43,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,4d,\
16,f2,35,eb,4c,64,a6,76,a6,9a,1f,0a,41,0c,66,08,06,00,00,a4,b8,13,73,d6,20,\
9a,bc,81,0b,b8,24,25,eb,a6,91,ad,01,86,6a,7e,87,50,77,b6,a0,87,ba,cc,aa,63,\
f8,1e,06,29,b9,85,e6,16,5b,89,52,d3,d2,c3,74,d8,bc,7a,42,eb,6a,87,dc,68,9b,\
08,4b,5c,ae,ca,ec,f0,b0,65,00,90,d6,92,a4,06,ab,e7,18,22,2a,d4,54,29,f8,38,\
f2,de,bf,74,89,35,44,fe,6f,7e,d3,dc,57,d4,b7,5c,07,4d,e4,89,1c,56,3a,7a,90,\
3c,9f,6b,39,54,a4,c4,a1,00,25,fa,2f,7b,97,6d,07,5b,6b,d1,3d,2c,8b,e4,66,ce,\
b5,7d,9a,54,dc,dd,0f,a1,dd,7e,8b,ba,6c,3b,69,ca,f1,c6,bc,fc,60,15,8a,78,5c,\
3a,2b,2f,a5,e0,a8,8e,5d,96,a7,35,df,ab,04,77,58,d2,cc,da,5c,f3,94,be,57,e6,\
d8,f7,2c,a2,87,52,bf,72,05,a1,f6,e0,f1,38,5f,d4,25,da,9a,47,63,5c,8f,bc,49,\
37,b8,cc,eb,f6,59,91,20,30,64,c4,fc,80,ee,0f,15,9e,0c,95,12,67,e1,a6,50,05,\
dd,c3,87,a7,6f,2a,ad,20,53,c6,41,79,5c,f4,ad,94,e9,8d,9e,20,fb,1b,b6,11,26,\
4b,9f,d0,ba,77,71,12,7f,fe,1c,e0,70,97,e5,c5,d6,3c,02,7c,58,64,e4,f5,c0,11,\
8f,79,1f,ab,e3,ab,a5,5e,29,85,0f,a5,d2,7f,ac,ef,0e,11,45,a2,32,08,83,08,89,\
07,58,59,e1,01,b5,e3,cb,d6,54,2f,5d,98,bd,bb,72,55,f1,9c,fb,54,16,b6,3c,94,\
2a,d4,de,dd,52,27,b4,19,96,dd,eb,92,fc,92,e2,5d,00,df,83,7a,a0,39,d7,c2,8d,\
c2,86,25,14,29,2e,70,31,6f,a2,8c,12,2e,b2,26,fd,c1,e3,e3,eb,26,1f,d2,6d,88,\
f4,a7,bd,86,67,ab,67,fe,4c,5e,53,b1,2b,b2,6e,67,12,ea,40,9f,cc,c7,d6,93,a3,\
a0,25,83,f1,78,da,b3,06,c4,05,0d,3b,fe,2a,56,17,2e,86,fd,87,40,80,03,fd,72,\
48,f5,e9,63,03,09,ca,48,f9,92,9d,70,af,3c,d2,4e,2e,e5,d4,52,a9,1d,ff,49,83,\
bc,b0,82,00,6a,67,22,e6,f7,f3,41,a2,62,e0,1d,32,7a,17,e8,ba,10,b0,8a,7a,9f,\
15,44,48,72,8d,67,80,ae,48,d1,ee,92,3f,86,c5,15,bc,fb,52,34,19,b5,91,55,ba,\
8b,e6,22,3f,fa,4e,53,a5,6f,5c,48,e2,c5,a0,d7,32,c0,50,3e,d6,21,34,cc,1f,32,\
b5,98,08,3a,99,4a,18,7c,62,09,86,07,46,a5,59,cd,d9,b4,38,d3,a6,6d,bc,86,c8,\
61,53,49,5d,11,66,1c,c6,64,e9,96,08,b2,97,a9,5a,ea,cd,9d,e1,45,09,3c,a8,df,\
26,21,d8,8a,e6,21,fe,1d,93,17,1e,3f,d2,3a,e9,7c,74,d6,27,62,07,7a,5e,fc,55,\
ad,8f,43,d1,dc,29,40,13,01,5f,be,d2,17,3c,66,e7,2c,74,1b,c0,d8,4b,a5,aa,e1,\
67,91,f4,f9,e8,6c,cc,fd,cc,61,c9,07,9d,78,61,76,2e,3b,84,76,1e,a9,b2,2d,87,\
c8,dc,b6,a6,a7,8d,ed,a6,82,22,30,06,a0,15,87,c3,2e,f1,26,a3,f1,75,b8,64,31,\
71,d7,3e,8c,2c,56,02,28,0f,f9,3e,30,7b,5b,c9,1f,eb,0b,ca,91,6c,a7,31,43,72,\
78,87,9a,14,1f,74,a7,c4,f1,e3,1a,4c,09,30,ec,f5,60,d4,79,7c,50,0a,75,3d,76,\
ce,6e,2a,7d,ae,5d,38,de,8f,d8,13,36,9f,2f,29,aa,c7,bb,14,41,17,60,a7,43,cd,\
a9,52,1d,27,f5,06,2b,1f,66,ab,8e,9a,54,e0,72,65,11,f4,a3,1c,60,15,dc,03,80,\
ba,68,a9,83,58,3a,de,11,54,63,71,2f,f0,9e,19,f7,42,33,b7,e0,fd,2a,b6,c8,11,\
f7,8c,29,15,33,11,b3,9d,c1,fc,4d,88,68,48,8c,27,29,64,51,35,6b,2f,47,f3,20,\
23,2e,e5,79,97,d0,ad,f6,69,53,c4,31,ee,c1,cc,91,09,1a,cd,42,d5,ac,ff,87,2d,\
79,eb,2a,ce,b5,de,42,0d,11,cc,0c,ca,f0,ba,b2,0b,d0,f9,5e,ec,1e,44,3b,23,c7,\
ef,73,49,0c,1e,71,a9,f0,3a,55,63,42,b0,b3,2a,ca,45,8d,fb,87,54,ab,54,d5,5d,\
e7,37,e1,de,40,8a,dd,10,bc,c3,60,9a,1a,e7,90,21,af,29,03,c1,9f,bc,82,a5,6f,\
80,8e,5c,ad,41,e7,f0,7f,40,d6,aa,1b,5e,2d,63,e0,92,e8,d7,05,cb,6c,2a,af,fb,\
78,f7,c7,19,ed,ce,55,e9,5a,cb,f0,cc,c0,38,8d,bd,25,cf,d4,ec,2b,a4,86,8f,e5,\
83,53,f7,4a,85,ee,8f,5d,64,6f,a1,b4,2a,5b,40,2b,e8,32,8f,23,44,e4,21,e9,92,\
42,9a,7c,26,c6,5d,f3,8e,99,b7,19,28,2a,c2,d5,ea,a9,c2,2c,c0,e0,f1,ed,63,84,\
39,2f,73,05,14,a2,87,d3,ab,1d,6b,30,8e,3c,12,73,e6,0d,29,a8,fd,e0,f6,36,13,\
ab,82,93,31,27,f8,d7,38,e5,85,f0,e2,19,e3,3b,fa,44,09,b9,65,8d,3c,1c,26,d6,\
5f,4d,52,da,2c,bd,9c,d8,d3,1c,6d,1e,b3,3c,2f,4a,b2,14,b8,df,66,bb,2c,3c,e2,\
73,9e,94,ab,80,6b,89,69,d2,e9,b3,6e,dc,fd,df,68,e2,3a,65,75,f8,2c,c6,9f,c1,\
0b,22,da,8d,bb,8d,62,51,1f,59,37,ed,a8,34,52,b2,79,2c,eb,1d,65,68,7a,1f,fb,\
5f,10,8a,95,1a,13,13,30,e1,3a,5e,7c,a1,1b,48,41,69,fd,2f,e8,ed,ef,c4,67,a5,\
5d,f0,31,2c,9f,8f,eb,9c,01,23,e3,6a,ba,59,6c,03,78,07,81,80,a6,f9,c4,41,f0,\
7e,eb,b5,1b,af,cb,b1,c0,b5,a2,9c,89,91,a8,dd,fb,83,b3,44,d0,90,56,4d,5e,87,\
36,20,23,1c,57,c9,8d,1f,7f,a4,b9,aa,b0,ad,11,42,a7,4a,7e,8d,4b,f5,bd,99,74,\
b0,1e,8a,e9,d5,12,23,9d,f5,a0,3b,68,2b,09,e6,20,cd,f1,1c,96,c2,49,68,dd,14,\
4b,eb,43,df,56,7d,10,9b,8a,7f,b7,1e,e9,70,b6,e2,81,cb,1c,8f,d8,b8,3e,24,11,\
33,65,be,26,d4,30,cf,6b,bc,82,3e,92,a7,9f,9d,d4,3f,a8,a8,b8,97,1a,ec,0c,84,\
f2,ab,6b,17,54,a0,dc,b7,11,34,10,32,31,9a,cc,1a,dc,af,d5,8c,8e,bb,49,62,e3,\
65,08,9d,26,5c,cc,ad,e1,22,84,89,74,af,90,2c,63,33,71,dc,4e,59,80,93,1f,85,\
bc,a5,8f,64,98,b9,a6,59,e5,24,d7,f2,20,bf,2a,02,f9,86,77,94,aa,84,96,bd,f9,\
2b,43,fb,e9,89,ce,91,09,5e,25,06,9c,b4,57,42,70,f9,cc,34,1f,f5,73,21,74,2a,\
44,2f,e2,82,c2,9a,35,bd,00,a0,89,6d,52,5d,ed,c5,c8,04,81,a9,72,0d,5f,3e,79,\
8e,d4,bc,85,31,32,d8,45,7a,2a,90,c8,64,d3,23,34,a9,5e,be,43,8d,49,3b,60,11,\
51,34,b5,35,69,b9,8a,80,27,4c,29,bd,ca,9b,ea,dd,72,da,3b,cd,9e,19,6a,5e,ae,\
24,27,9c,d2,4c,f9,40,20,a4,1c,49,43,5a,a5,42,a3,69,ee,78,f5,de,bc,2c,27,b2,\
54,69,d0,51,bb,05,24,b1,eb,67,21,b8,e0,14,00,00,00,17,11,d9,fa,a5,43,f9,49,\
21,4a,4e,08,87,3e,9b,89,07,5b,45,bf
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32]
"Asynchronous"=dword:00000001
"DllName"="winjyp32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{E91B2703-013E-4A99-AD33-2B6FB00AA356}"="RecordNow! ContextMenuExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{2F860D81-AF3C-11D4-BDB3-00E0987D8540}"="UltimateZip Shell Extension"
"{2F860D82-AF3C-11D4-BDB3-00E0987D8540}"="UltimateZip Drag Drop Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}"="Web Anti-Virus statistics"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
advpack.dll Mon 8 Jan 2007 19:00:48 A.... 124 928 122,00 K
corpol.dll Mon 8 Jan 2007 19:01:14 A.... 17 408 17,00 K
extmgr.dll Fri 12 Jan 2007 9:27:42 A.... 132 608 129,50 K
gpjgcxj.dll Sun 18 Feb 2007 14:17:18 A.... 93 696 91,50 K
ieakeng.dll Mon 8 Jan 2007 19:02:02 A.... 153 088 149,50 K
ieaksie.dll Mon 8 Jan 2007 19:02:02 A.... 230 400 225,00 K
ieakui.dll Mon 8 Jan 2007 19:02:02 A.... 161 792 158,00 K
ieapfltr.dll Mon 8 Jan 2007 19:02:02 ..... 383 488 374,50 K
iedkcs32.dll Mon 8 Jan 2007 19:02:02 A.... 384 000 375,00 K
ieframe.dll Fri 12 Jan 2007 9:27:42 A.... 6 054 400 5,77 M
iernonce.dll Mon 8 Jan 2007 19:02:04 A.... 44 544 43,50 K
iertutil.dll Mon 8 Jan 2007 19:02:04 A.... 266 752 260,50 K
jsproxy.dll Fri 12 Jan 2007 9:27:42 A.... 27 136 26,50 K
klogon.dll Mon 29 Jan 2007 23:04:00 A.... 200 768 196,06 K
lvsgamoc.dll Sun 18 Feb 2007 20:30:20 A.... 76 412 74,62 K
msfeeds.dll Fri 12 Jan 2007 9:27:42 ..... 458 752 448,00 K
msfeed~1.dll Fri 12 Jan 2007 9:27:42 ..... 51 712 50,50 K
msftedit.dll Mon 27 Nov 2006 15:55:30 A.... 539 136 526,50 K
mshtml.dll Fri 12 Jan 2007 9:27:42 A.... 3 580 416 3,41 M
mshtmled.dll Fri 12 Jan 2007 9:27:42 A.... 477 696 466,50 K
msrating.dll Mon 8 Jan 2007 19:03:02 A.... 193 024 188,50 K
mstime.dll Fri 12 Jan 2007 9:27:42 A.... 670 720 655,00 K
nnnkljh.dll Sun 18 Feb 2007 14:17:20 ..SH. 26 637 26,01 K
occache.dll Mon 8 Jan 2007 19:04:08 A.... 102 400 100,00 K
oudoewdm.dll Sun 18 Feb 2007 21:19:00 A.... 44 177 43,14 K
pncrt.dll Sun 28 Jan 2007 22:01:18 A.... 278 528 272,00 K
riched20.dll Mon 27 Nov 2006 15:55:32 A.... 433 152 423,00 K
shell32.dll Tue 19 Dec 2006 22:49:48 A.... 8 509 952 8,11 M
shsvcs.dll Tue 19 Dec 2006 22:49:48 A.... 135 168 132,00 K
spyzygg.dll Fri 16 Feb 2007 13:59:52 A.... 94 208 92,00 K
url.dll Mon 8 Jan 2007 19:04:54 A.... 105 984 103,50 K
urlmon.dll Fri 12 Jan 2007 9:27:42 A.... 1 149 952 1,09 M
webcheck.dll Fri 12 Jan 2007 9:27:42 A.... 232 960 227,50 K
whoefsje.dll Sun 18 Feb 2007 21:12:18 A.... 76 412 74,62 K
wiaservc.dll Tue 19 Dec 2006 19:17:50 A.... 334 336 326,50 K
wininet.dll Fri 12 Jan 2007 9:27:42 A.... 822 784 803,50 K
36 items found: 36 files (1 H/S), 0 directories.
Total of file sizes: 26 669 526 bytes 25,43 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
mcrh.tmp Sun 18 Feb 2007 9:37:46 A.... 143 0,14 K
1 item found: 1 file, 0 directories.
Total of file sizes: 143 bytes 0,14 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est A0D3-E85D
R‚pertoire de C:\WINDOWS\System32
18/02/2007 14:17 26ÿ637 nnnkljh.dll
18/02/2007 14:15 <REP> dllcache
15/12/2005 21:50 <REP> Microsoft
05/08/2004 12:00 88ÿ484 taskmgrz.exe~
2 fichier(s) 115ÿ121 octets
2 R‚p(s) 18ÿ097ÿ627ÿ136 octets libres
A toute
ok;
Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.
ensuite, fais les manip de ce lien stp :
virus methode preliminaire de desinfection version fr
@+
Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.
ensuite, fais les manip de ce lien stp :
virus methode preliminaire de desinfection version fr
@+
re:
je te post le report l2m et j'enchaine sur le reste, à toute:
L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (644)
Killing 'winlogon.exe'
winlogon.exe (724)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1556)
Killing 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\klogon.dll"
"Logon"="WLEventStop"
"Startup"="WLEventStart"
"Lock"="WLEventStart"
"Unlock"="WLEventStop"
"Logoff"="WLEventStart"
@=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlmkl]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,b8,e8,81,0a,a6,bc,20,46,a2,bf,24,a7,73,45,a5,fb,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,84,3a,17,bb,92,7b,c4,25,\
f6,85,80,b7,1e,40,41,43,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,4d,\
16,f2,35,eb,4c,64,a6,76,a6,9a,1f,0a,41,0c,66,08,06,00,00,a4,b8,13,73,d6,20,\
9a,bc,81,0b,b8,24,25,eb,a6,91,ad,01,86,6a,7e,87,50,77,b6,a0,87,ba,cc,aa,63,\
f8,1e,06,29,b9,85,e6,16,5b,89,52,d3,d2,c3,74,d8,bc,7a,42,eb,6a,87,dc,68,9b,\
08,4b,5c,ae,ca,ec,f0,b0,65,00,90,d6,92,a4,06,ab,e7,18,22,2a,d4,54,29,f8,38,\
f2,de,bf,74,89,35,44,fe,6f,7e,d3,dc,57,d4,b7,5c,07,4d,e4,89,1c,56,3a,7a,90,\
3c,9f,6b,39,54,a4,c4,a1,00,25,fa,2f,7b,97,6d,07,5b,6b,d1,3d,2c,8b,e4,66,ce,\
b5,7d,9a,54,dc,dd,0f,a1,dd,7e,8b,ba,6c,3b,69,ca,f1,c6,bc,fc,60,15,8a,78,5c,\
3a,2b,2f,a5,e0,a8,8e,5d,96,a7,35,df,ab,04,77,58,d2,cc,da,5c,f3,94,be,57,e6,\
d8,f7,2c,a2,87,52,bf,72,05,a1,f6,e0,f1,38,5f,d4,25,da,9a,47,63,5c,8f,bc,49,\
37,b8,cc,eb,f6,59,91,20,30,64,c4,fc,80,ee,0f,15,9e,0c,95,12,67,e1,a6,50,05,\
dd,c3,87,a7,6f,2a,ad,20,53,c6,41,79,5c,f4,ad,94,e9,8d,9e,20,fb,1b,b6,11,26,\
4b,9f,d0,ba,77,71,12,7f,fe,1c,e0,70,97,e5,c5,d6,3c,02,7c,58,64,e4,f5,c0,11,\
8f,79,1f,ab,e3,ab,a5,5e,29,85,0f,a5,d2,7f,ac,ef,0e,11,45,a2,32,08,83,08,89,\
07,58,59,e1,01,b5,e3,cb,d6,54,2f,5d,98,bd,bb,72,55,f1,9c,fb,54,16,b6,3c,94,\
2a,d4,de,dd,52,27,b4,19,96,dd,eb,92,fc,92,e2,5d,00,df,83,7a,a0,39,d7,c2,8d,\
c2,86,25,14,29,2e,70,31,6f,a2,8c,12,2e,b2,26,fd,c1,e3,e3,eb,26,1f,d2,6d,88,\
f4,a7,bd,86,67,ab,67,fe,4c,5e,53,b1,2b,b2,6e,67,12,ea,40,9f,cc,c7,d6,93,a3,\
a0,25,83,f1,78,da,b3,06,c4,05,0d,3b,fe,2a,56,17,2e,86,fd,87,40,80,03,fd,72,\
48,f5,e9,63,03,09,ca,48,f9,92,9d,70,af,3c,d2,4e,2e,e5,d4,52,a9,1d,ff,49,83,\
bc,b0,82,00,6a,67,22,e6,f7,f3,41,a2,62,e0,1d,32,7a,17,e8,ba,10,b0,8a,7a,9f,\
15,44,48,72,8d,67,80,ae,48,d1,ee,92,3f,86,c5,15,bc,fb,52,34,19,b5,91,55,ba,\
8b,e6,22,3f,fa,4e,53,a5,6f,5c,48,e2,c5,a0,d7,32,c0,50,3e,d6,21,34,cc,1f,32,\
b5,98,08,3a,99,4a,18,7c,62,09,86,07,46,a5,59,cd,d9,b4,38,d3,a6,6d,bc,86,c8,\
61,53,49,5d,11,66,1c,c6,64,e9,96,08,b2,97,a9,5a,ea,cd,9d,e1,45,09,3c,a8,df,\
26,21,d8,8a,e6,21,fe,1d,93,17,1e,3f,d2,3a,e9,7c,74,d6,27,62,07,7a,5e,fc,55,\
ad,8f,43,d1,dc,29,40,13,01,5f,be,d2,17,3c,66,e7,2c,74,1b,c0,d8,4b,a5,aa,e1,\
67,91,f4,f9,e8,6c,cc,fd,cc,61,c9,07,9d,78,61,76,2e,3b,84,76,1e,a9,b2,2d,87,\
c8,dc,b6,a6,a7,8d,ed,a6,82,22,30,06,a0,15,87,c3,2e,f1,26,a3,f1,75,b8,64,31,\
71,d7,3e,8c,2c,56,02,28,0f,f9,3e,30,7b,5b,c9,1f,eb,0b,ca,91,6c,a7,31,43,72,\
78,87,9a,14,1f,74,a7,c4,f1,e3,1a,4c,09,30,ec,f5,60,d4,79,7c,50,0a,75,3d,76,\
ce,6e,2a,7d,ae,5d,38,de,8f,d8,13,36,9f,2f,29,aa,c7,bb,14,41,17,60,a7,43,cd,\
a9,52,1d,27,f5,06,2b,1f,66,ab,8e,9a,54,e0,72,65,11,f4,a3,1c,60,15,dc,03,80,\
ba,68,a9,83,58,3a,de,11,54,63,71,2f,f0,9e,19,f7,42,33,b7,e0,fd,2a,b6,c8,11,\
f7,8c,29,15,33,11,b3,9d,c1,fc,4d,88,68,48,8c,27,29,64,51,35,6b,2f,47,f3,20,\
23,2e,e5,79,97,d0,ad,f6,69,53,c4,31,ee,c1,cc,91,09,1a,cd,42,d5,ac,ff,87,2d,\
79,eb,2a,ce,b5,de,42,0d,11,cc,0c,ca,f0,ba,b2,0b,d0,f9,5e,ec,1e,44,3b,23,c7,\
ef,73,49,0c,1e,71,a9,f0,3a,55,63,42,b0,b3,2a,ca,45,8d,fb,87,54,ab,54,d5,5d,\
e7,37,e1,de,40,8a,dd,10,bc,c3,60,9a,1a,e7,90,21,af,29,03,c1,9f,bc,82,a5,6f,\
80,8e,5c,ad,41,e7,f0,7f,40,d6,aa,1b,5e,2d,63,e0,92,e8,d7,05,cb,6c,2a,af,fb,\
78,f7,c7,19,ed,ce,55,e9,5a,cb,f0,cc,c0,38,8d,bd,25,cf,d4,ec,2b,a4,86,8f,e5,\
83,53,f7,4a,85,ee,8f,5d,64,6f,a1,b4,2a,5b,40,2b,e8,32,8f,23,44,e4,21,e9,92,\
42,9a,7c,26,c6,5d,f3,8e,99,b7,19,28,2a,c2,d5,ea,a9,c2,2c,c0,e0,f1,ed,63,84,\
39,2f,73,05,14,a2,87,d3,ab,1d,6b,30,8e,3c,12,73,e6,0d,29,a8,fd,e0,f6,36,13,\
ab,82,93,31,27,f8,d7,38,e5,85,f0,e2,19,e3,3b,fa,44,09,b9,65,8d,3c,1c,26,d6,\
5f,4d,52,da,2c,bd,9c,d8,d3,1c,6d,1e,b3,3c,2f,4a,b2,14,b8,df,66,bb,2c,3c,e2,\
73,9e,94,ab,80,6b,89,69,d2,e9,b3,6e,dc,fd,df,68,e2,3a,65,75,f8,2c,c6,9f,c1,\
0b,22,da,8d,bb,8d,62,51,1f,59,37,ed,a8,34,52,b2,79,2c,eb,1d,65,68,7a,1f,fb,\
5f,10,8a,95,1a,13,13,30,e1,3a,5e,7c,a1,1b,48,41,69,fd,2f,e8,ed,ef,c4,67,a5,\
5d,f0,31,2c,9f,8f,eb,9c,01,23,e3,6a,ba,59,6c,03,78,07,81,80,a6,f9,c4,41,f0,\
7e,eb,b5,1b,af,cb,b1,c0,b5,a2,9c,89,91,a8,dd,fb,83,b3,44,d0,90,56,4d,5e,87,\
36,20,23,1c,57,c9,8d,1f,7f,a4,b9,aa,b0,ad,11,42,a7,4a,7e,8d,4b,f5,bd,99,74,\
b0,1e,8a,e9,d5,12,23,9d,f5,a0,3b,68,2b,09,e6,20,cd,f1,1c,96,c2,49,68,dd,14,\
4b,eb,43,df,56,7d,10,9b,8a,7f,b7,1e,e9,70,b6,e2,81,cb,1c,8f,d8,b8,3e,24,11,\
33,65,be,26,d4,30,cf,6b,bc,82,3e,92,a7,9f,9d,d4,3f,a8,a8,b8,97,1a,ec,0c,84,\
f2,ab,6b,17,54,a0,dc,b7,11,34,10,32,31,9a,cc,1a,dc,af,d5,8c,8e,bb,49,62,e3,\
65,08,9d,26,5c,cc,ad,e1,22,84,89,74,af,90,2c,63,33,71,dc,4e,59,80,93,1f,85,\
bc,a5,8f,64,98,b9,a6,59,e5,24,d7,f2,20,bf,2a,02,f9,86,77,94,aa,84,96,bd,f9,\
2b,43,fb,e9,89,ce,91,09,5e,25,06,9c,b4,57,42,70,f9,cc,34,1f,f5,73,21,74,2a,\
44,2f,e2,82,c2,9a,35,bd,00,a0,89,6d,52,5d,ed,c5,c8,04,81,a9,72,0d,5f,3e,79,\
8e,d4,bc,85,31,32,d8,45,7a,2a,90,c8,64,d3,23,34,a9,5e,be,43,8d,49,3b,60,11,\
51,34,b5,35,69,b9,8a,80,27,4c,29,bd,ca,9b,ea,dd,72,da,3b,cd,9e,19,6a,5e,ae,\
24,27,9c,d2,4c,f9,40,20,a4,1c,49,43,5a,a5,42,a3,69,ee,78,f5,de,bc,2c,27,b2,\
54,69,d0,51,bb,05,24,b1,eb,67,21,b8,e0,14,00,00,00,17,11,d9,fa,a5,43,f9,49,\
21,4a,4e,08,87,3e,9b,89,07,5b,45,bf
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32]
"Asynchronous"=dword:00000001
"DllName"="winjyp32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 80%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
je te post le report l2m et j'enchaine sur le reste, à toute:
L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (644)
Killing 'winlogon.exe'
winlogon.exe (724)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1556)
Killing 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\klogon.dll"
"Logon"="WLEventStop"
"Startup"="WLEventStart"
"Lock"="WLEventStart"
"Unlock"="WLEventStop"
"Logoff"="WLEventStart"
@=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlmkl]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,b8,e8,81,0a,a6,bc,20,46,a2,bf,24,a7,73,45,a5,fb,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,84,3a,17,bb,92,7b,c4,25,\
f6,85,80,b7,1e,40,41,43,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,4d,\
16,f2,35,eb,4c,64,a6,76,a6,9a,1f,0a,41,0c,66,08,06,00,00,a4,b8,13,73,d6,20,\
9a,bc,81,0b,b8,24,25,eb,a6,91,ad,01,86,6a,7e,87,50,77,b6,a0,87,ba,cc,aa,63,\
f8,1e,06,29,b9,85,e6,16,5b,89,52,d3,d2,c3,74,d8,bc,7a,42,eb,6a,87,dc,68,9b,\
08,4b,5c,ae,ca,ec,f0,b0,65,00,90,d6,92,a4,06,ab,e7,18,22,2a,d4,54,29,f8,38,\
f2,de,bf,74,89,35,44,fe,6f,7e,d3,dc,57,d4,b7,5c,07,4d,e4,89,1c,56,3a,7a,90,\
3c,9f,6b,39,54,a4,c4,a1,00,25,fa,2f,7b,97,6d,07,5b,6b,d1,3d,2c,8b,e4,66,ce,\
b5,7d,9a,54,dc,dd,0f,a1,dd,7e,8b,ba,6c,3b,69,ca,f1,c6,bc,fc,60,15,8a,78,5c,\
3a,2b,2f,a5,e0,a8,8e,5d,96,a7,35,df,ab,04,77,58,d2,cc,da,5c,f3,94,be,57,e6,\
d8,f7,2c,a2,87,52,bf,72,05,a1,f6,e0,f1,38,5f,d4,25,da,9a,47,63,5c,8f,bc,49,\
37,b8,cc,eb,f6,59,91,20,30,64,c4,fc,80,ee,0f,15,9e,0c,95,12,67,e1,a6,50,05,\
dd,c3,87,a7,6f,2a,ad,20,53,c6,41,79,5c,f4,ad,94,e9,8d,9e,20,fb,1b,b6,11,26,\
4b,9f,d0,ba,77,71,12,7f,fe,1c,e0,70,97,e5,c5,d6,3c,02,7c,58,64,e4,f5,c0,11,\
8f,79,1f,ab,e3,ab,a5,5e,29,85,0f,a5,d2,7f,ac,ef,0e,11,45,a2,32,08,83,08,89,\
07,58,59,e1,01,b5,e3,cb,d6,54,2f,5d,98,bd,bb,72,55,f1,9c,fb,54,16,b6,3c,94,\
2a,d4,de,dd,52,27,b4,19,96,dd,eb,92,fc,92,e2,5d,00,df,83,7a,a0,39,d7,c2,8d,\
c2,86,25,14,29,2e,70,31,6f,a2,8c,12,2e,b2,26,fd,c1,e3,e3,eb,26,1f,d2,6d,88,\
f4,a7,bd,86,67,ab,67,fe,4c,5e,53,b1,2b,b2,6e,67,12,ea,40,9f,cc,c7,d6,93,a3,\
a0,25,83,f1,78,da,b3,06,c4,05,0d,3b,fe,2a,56,17,2e,86,fd,87,40,80,03,fd,72,\
48,f5,e9,63,03,09,ca,48,f9,92,9d,70,af,3c,d2,4e,2e,e5,d4,52,a9,1d,ff,49,83,\
bc,b0,82,00,6a,67,22,e6,f7,f3,41,a2,62,e0,1d,32,7a,17,e8,ba,10,b0,8a,7a,9f,\
15,44,48,72,8d,67,80,ae,48,d1,ee,92,3f,86,c5,15,bc,fb,52,34,19,b5,91,55,ba,\
8b,e6,22,3f,fa,4e,53,a5,6f,5c,48,e2,c5,a0,d7,32,c0,50,3e,d6,21,34,cc,1f,32,\
b5,98,08,3a,99,4a,18,7c,62,09,86,07,46,a5,59,cd,d9,b4,38,d3,a6,6d,bc,86,c8,\
61,53,49,5d,11,66,1c,c6,64,e9,96,08,b2,97,a9,5a,ea,cd,9d,e1,45,09,3c,a8,df,\
26,21,d8,8a,e6,21,fe,1d,93,17,1e,3f,d2,3a,e9,7c,74,d6,27,62,07,7a,5e,fc,55,\
ad,8f,43,d1,dc,29,40,13,01,5f,be,d2,17,3c,66,e7,2c,74,1b,c0,d8,4b,a5,aa,e1,\
67,91,f4,f9,e8,6c,cc,fd,cc,61,c9,07,9d,78,61,76,2e,3b,84,76,1e,a9,b2,2d,87,\
c8,dc,b6,a6,a7,8d,ed,a6,82,22,30,06,a0,15,87,c3,2e,f1,26,a3,f1,75,b8,64,31,\
71,d7,3e,8c,2c,56,02,28,0f,f9,3e,30,7b,5b,c9,1f,eb,0b,ca,91,6c,a7,31,43,72,\
78,87,9a,14,1f,74,a7,c4,f1,e3,1a,4c,09,30,ec,f5,60,d4,79,7c,50,0a,75,3d,76,\
ce,6e,2a,7d,ae,5d,38,de,8f,d8,13,36,9f,2f,29,aa,c7,bb,14,41,17,60,a7,43,cd,\
a9,52,1d,27,f5,06,2b,1f,66,ab,8e,9a,54,e0,72,65,11,f4,a3,1c,60,15,dc,03,80,\
ba,68,a9,83,58,3a,de,11,54,63,71,2f,f0,9e,19,f7,42,33,b7,e0,fd,2a,b6,c8,11,\
f7,8c,29,15,33,11,b3,9d,c1,fc,4d,88,68,48,8c,27,29,64,51,35,6b,2f,47,f3,20,\
23,2e,e5,79,97,d0,ad,f6,69,53,c4,31,ee,c1,cc,91,09,1a,cd,42,d5,ac,ff,87,2d,\
79,eb,2a,ce,b5,de,42,0d,11,cc,0c,ca,f0,ba,b2,0b,d0,f9,5e,ec,1e,44,3b,23,c7,\
ef,73,49,0c,1e,71,a9,f0,3a,55,63,42,b0,b3,2a,ca,45,8d,fb,87,54,ab,54,d5,5d,\
e7,37,e1,de,40,8a,dd,10,bc,c3,60,9a,1a,e7,90,21,af,29,03,c1,9f,bc,82,a5,6f,\
80,8e,5c,ad,41,e7,f0,7f,40,d6,aa,1b,5e,2d,63,e0,92,e8,d7,05,cb,6c,2a,af,fb,\
78,f7,c7,19,ed,ce,55,e9,5a,cb,f0,cc,c0,38,8d,bd,25,cf,d4,ec,2b,a4,86,8f,e5,\
83,53,f7,4a,85,ee,8f,5d,64,6f,a1,b4,2a,5b,40,2b,e8,32,8f,23,44,e4,21,e9,92,\
42,9a,7c,26,c6,5d,f3,8e,99,b7,19,28,2a,c2,d5,ea,a9,c2,2c,c0,e0,f1,ed,63,84,\
39,2f,73,05,14,a2,87,d3,ab,1d,6b,30,8e,3c,12,73,e6,0d,29,a8,fd,e0,f6,36,13,\
ab,82,93,31,27,f8,d7,38,e5,85,f0,e2,19,e3,3b,fa,44,09,b9,65,8d,3c,1c,26,d6,\
5f,4d,52,da,2c,bd,9c,d8,d3,1c,6d,1e,b3,3c,2f,4a,b2,14,b8,df,66,bb,2c,3c,e2,\
73,9e,94,ab,80,6b,89,69,d2,e9,b3,6e,dc,fd,df,68,e2,3a,65,75,f8,2c,c6,9f,c1,\
0b,22,da,8d,bb,8d,62,51,1f,59,37,ed,a8,34,52,b2,79,2c,eb,1d,65,68,7a,1f,fb,\
5f,10,8a,95,1a,13,13,30,e1,3a,5e,7c,a1,1b,48,41,69,fd,2f,e8,ed,ef,c4,67,a5,\
5d,f0,31,2c,9f,8f,eb,9c,01,23,e3,6a,ba,59,6c,03,78,07,81,80,a6,f9,c4,41,f0,\
7e,eb,b5,1b,af,cb,b1,c0,b5,a2,9c,89,91,a8,dd,fb,83,b3,44,d0,90,56,4d,5e,87,\
36,20,23,1c,57,c9,8d,1f,7f,a4,b9,aa,b0,ad,11,42,a7,4a,7e,8d,4b,f5,bd,99,74,\
b0,1e,8a,e9,d5,12,23,9d,f5,a0,3b,68,2b,09,e6,20,cd,f1,1c,96,c2,49,68,dd,14,\
4b,eb,43,df,56,7d,10,9b,8a,7f,b7,1e,e9,70,b6,e2,81,cb,1c,8f,d8,b8,3e,24,11,\
33,65,be,26,d4,30,cf,6b,bc,82,3e,92,a7,9f,9d,d4,3f,a8,a8,b8,97,1a,ec,0c,84,\
f2,ab,6b,17,54,a0,dc,b7,11,34,10,32,31,9a,cc,1a,dc,af,d5,8c,8e,bb,49,62,e3,\
65,08,9d,26,5c,cc,ad,e1,22,84,89,74,af,90,2c,63,33,71,dc,4e,59,80,93,1f,85,\
bc,a5,8f,64,98,b9,a6,59,e5,24,d7,f2,20,bf,2a,02,f9,86,77,94,aa,84,96,bd,f9,\
2b,43,fb,e9,89,ce,91,09,5e,25,06,9c,b4,57,42,70,f9,cc,34,1f,f5,73,21,74,2a,\
44,2f,e2,82,c2,9a,35,bd,00,a0,89,6d,52,5d,ed,c5,c8,04,81,a9,72,0d,5f,3e,79,\
8e,d4,bc,85,31,32,d8,45,7a,2a,90,c8,64,d3,23,34,a9,5e,be,43,8d,49,3b,60,11,\
51,34,b5,35,69,b9,8a,80,27,4c,29,bd,ca,9b,ea,dd,72,da,3b,cd,9e,19,6a,5e,ae,\
24,27,9c,d2,4c,f9,40,20,a4,1c,49,43,5a,a5,42,a3,69,ee,78,f5,de,bc,2c,27,b2,\
54,69,d0,51,bb,05,24,b1,eb,67,21,b8,e0,14,00,00,00,17,11,d9,fa,a5,43,f9,49,\
21,4a,4e,08,87,3e,9b,89,07,5b,45,bf
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32]
"Asynchronous"=dword:00000001
"DllName"="winjyp32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 80%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
re:
j'ai dormi entre temps,...
Alors, dans l'ordre
1 le apport AVG antispyware:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 09:47:00 19/02/2007
+ Résultat de l'analyse:
C:\Program Files\DriveCleaner 2006 Free -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Activate.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\AE_CD_Cr.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\AReadr4.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\AReadr5.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ASDSEEpv.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ASPack.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\BDelphi5.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Babylon.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CBuildr5.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CCGA.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CManager.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CatchUp.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CuteFTP4.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CuteHTML.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\DAcceler.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\DiscJug.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ECDCreat4.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FFTsks.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Far.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FlashFXP.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FrntPage.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FrontPEx.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FtpEXP.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FtpVoya.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\GetRight.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\GoZilla.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\GravMRU.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\H_TxtPad.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\HomeSite.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\HotDogPr.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\IconExtr.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ImgReady3.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\InsShExp.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\JASC_P_P.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\KaZaA.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\LView.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MMUnDisk.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MM_CON.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPImaGal.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPaint.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPicPub.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSExplorer.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSRegEdit.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSWMP.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSWordPad.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSoffice.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MacDir.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MacDrWea.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MicAng.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MicDes.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Morpheus.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\NTBackup.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Nero.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\NetShow.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\PHPCoder.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\PhotShel.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\PowerZIP.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\RapidBr.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\RealAuPl.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\RealDown.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\SL_BlWin.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\SecurCRT.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\SmartClr.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Sonique.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\StuffIt.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\TelepPro.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UGifAnim.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UMedStud.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UPhImpV.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UPhotoEx.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UVidStud.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UltraEd.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\VNC.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WebFeret.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WebReap.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinACE.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinGate.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinRAR.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinZIP.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WiseInst.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\YahooPl.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ZipMagic.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\iMesh.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\pfilelst.xda -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\wordslst.xda -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Download -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\InstHelp.exe -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\ScanReport.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Schedule.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\UDC2006.xml -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\UDC6.url -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\bnlink.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\diagnosis.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\err.log -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\lapv.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\license.rtf -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\manual.url -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\pv.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\pv.exe -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\readme.rtf -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\sr.log -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\support.url -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\unins000.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\unins000.exe -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\uninstall.ico -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\up.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\updater.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\vbpv.dat -> Adware.DriveCleaner : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039055.exe -> Adware.DriveCleaner : Nettoyé.
HKLM\SOFTWARE\DriveCleaner 2006 Free -> Adware.DriveCleaner : Nettoyé.
HKU\S-1-5-21-3117846246-626433616-840302518-1006\Software\DriveCleaner 2006 Free -> Adware.DriveCleaner : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040310.exe -> Adware.PrivacyProtector : Nettoyé.
C:\Program Files\Outerinfo\OiUninstaller.exe -> Adware.PurityScan : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039038.dll -> Adware.PurityScan : Nettoyé.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039040.dll -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039043.exe -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039045.dll -> Adware.Softomate : Nettoyé.
C:\WINDOWS\Μicrosoft.NET\ѕvchost.exe -> Adware.ValueAd : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP105\A0037485.exe -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040311.exe -> Adware.WinFixer : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039021.dll -> Backdoor.Small.nz : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039019.exe -> Downloader.Agent.bca : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039020.exe -> Downloader.Obfuscated.bh : Nettoyé.
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Nettoyé.
C:\WINDOWS\Αdobe\arpa.exe -> Downloader.PurityScan.dt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039014.dll -> Downloader.Small.crd : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039024.exe -> Downloader.Small.crd : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP107\A0038915.exe -> Downloader.Small.ddp : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039047.exe -> Downloader.Tiny.fk : Nettoyé.
C:\Documents and Settings\audrey becourt\Mes documents\Mes fichiers reçus\Pinnacle Studio patch 11.1.0.exe/SiN.exe -> Heuristic.Win32.Backdoor.IrcBot : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039017.exe -> Hijacker.Agent.is : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039048.dll -> Proxy.Dlena.ca : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040048.dll -> Trojan.Agent.acl : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039018.exe -> Trojan.Agent.afs : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039016.dll -> Trojan.Agent.qt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039023.dll -> Trojan.Agent.qt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP106\A0037668.exe -> Trojan.Dialer.rt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP106\A0037679.exe -> Trojan.Dialer.rt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP107\A0037759.exe -> Trojan.Dialer.rt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP107\A0037795.exe -> Trojan.Dialer.rt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP107\A0038798.exe -> Trojan.Dialer.rt : Nettoyé.
C:\WINDOWS\system32\wintsvtr.exe -> Trojan.Small : Nettoyé.
Fin du rapport
2 celui de Bitfender
BitDefender Online Scanner
Scan report generated at: Mon, Feb 19, 2007 - 11:51:42
Scan path: C:\;D:\;E:\;
Statistics
Time 01:59:31
Files 899136
Folders 5097
Boot Sectors 2
Archives 9886
Packed Files 125149
Results
Identified Viruses 11
Infected Files 27
Suspect Files 1
Warnings 0
Disinfected 0
Deleted Files 28
Engines Info
Virus Definitions 388752
Engine build AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins 14
Archive plugins 38
Unpack plugins 6
E-mail plugins 6
System plugins 1
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File Status
C:\$VAULT$.AVG\20217890.FIL Infected with: Trojan.SpySheriff.C
C:\$VAULT$.AVG\20217890.FIL Disinfection failed
C:\$VAULT$.AVG\20217890.FIL Deleted
C:\Documents and Settings\audrey becourt\Bureau\l2mfix.exe Infected with: Trojan.Shutdown.Q
C:\Documents and Settings\audrey becourt\Bureau\l2mfix.exe Disinfection failed
C:\Documents and Settings\audrey becourt\Bureau\l2mfix.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP105\A0037503.exe Infected with: Trojan.Downloader.Small.ABK
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP105\A0037503.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP105\A0037503.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039022.dll Infected with: Trojan.Spy.VBStat.B
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039022.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039036.dll Infected with: Trojan.Busky.2.Gen
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039036.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039036.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039042.dll Infected with: Trojan.Obfus.Gen
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039042.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039042.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040064.exe Suspected of: Generic.Malware.Sdld.994F7195
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040064.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040064.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040080.dll Infected with: Trojan.Virtumod.EB
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040080.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040080.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040082.dll Infected with: Trojan.Virtumod.EB
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040082.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040082.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040083.exe Infected with: Trojan.Agent.ACL
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040083.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040083.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040086.dll Infected with: Trojan.Virtumod.EB
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040086.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040086.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040087.dll Infected with: Trojan.Virtumod.EB
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040087.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040087.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040088.exe Infected with: Trojan.Agent.ACL
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040088.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040088.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040314.exe Infected with: Trojan.Downloader.BKK
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040314.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040314.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040316.exe Infected with: Trojan.Downloader.PurityScan.DT
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040316.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040316.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040323.exe=>(NSIS o)=>zlib_nsis0001 Infected with: Trojan.Downloader.Purityscan.C
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040323.exe=>(NSIS o)=>zlib_nsis0001 Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040323.exe=>(NSIS o)=>zlib_nsis0001 Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040323.exe=>(NSIS o) Update failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040326.exe Infected with: Trojan.Shutdown.Q
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040326.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040326.exe Deleted
C:\VundoFix Backups\bkdtvink.dll.bad Infected with: Trojan.Virtumod.EB
C:\VundoFix Backups\bkdtvink.dll.bad Disinfection failed
C:\VundoFix Backups\bkdtvink.dll.bad Deleted
C:\VundoFix Backups\dgeaswnc.dll.bad Infected with: Trojan.Virtumod.EB
C:\VundoFix Backups\dgeaswnc.dll.bad Disinfection failed
C:\VundoFix Backups\dgeaswnc.dll.bad Deleted
C:\VundoFix Backups\gftjapvt.exe.bad Infected with: Trojan.Agent.ACL
C:\VundoFix Backups\gftjapvt.exe.bad Disinfection failed
C:\VundoFix Backups\gftjapvt.exe.bad Deleted
C:\VundoFix Backups\rksvfsnh.dll.bad Infected with: Trojan.Virtumod.EB
C:\VundoFix Backups\rksvfsnh.dll.bad Disinfection failed
C:\VundoFix Backups\rksvfsnh.dll.bad Deleted
C:\VundoFix Backups\vemdeuhn.dll.bad Infected with: Trojan.Virtumod.EB
C:\VundoFix Backups\vemdeuhn.dll.bad Disinfection failed
C:\VundoFix Backups\vemdeuhn.dll.bad Deleted
C:\VundoFix Backups\yfqcfddw.exe.bad Infected with: Trojan.Agent.ACL
C:\VundoFix Backups\yfqcfddw.exe.bad Disinfection failed
C:\VundoFix Backups\yfqcfddw.exe.bad Deleted
C:\WINDOWS\system32\gpjgcxj.dll Infected with: Trojan.Obfus.Gen
C:\WINDOWS\system32\gpjgcxj.dll Disinfection failed
C:\WINDOWS\system32\gpjgcxj.dll Deleted
C:\WINDOWS\system32\lvsgamoc.dll Infected with: Trojan.Spy.VBStat.B
C:\WINDOWS\system32\lvsgamoc.dll Deleted
C:\WINDOWS\system32\secure32.html Infected with: Trojan.SpySheriff.C
C:\WINDOWS\system32\secure32.html Disinfection failed
C:\WINDOWS\system32\secure32.html Deleted
C:\WINDOWS\system32\spyzygg.dll Infected with: Trojan.Obfus.Gen
C:\WINDOWS\system32\spyzygg.dll Disinfection failed
C:\WINDOWS\system32\spyzygg.dll Deleted
C:\WINDOWS\system32\whoefsje.dll Infected with: Trojan.Spy.VBStat.B
C:\WINDOWS\system32\whoefsje.dll Deleted
3 et pour finir le Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 12:51:31, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: rpcc - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
Voilà, je suis prête pour la suite
A+
j'ai dormi entre temps,...
Alors, dans l'ordre
1 le apport AVG antispyware:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 09:47:00 19/02/2007
+ Résultat de l'analyse:
C:\Program Files\DriveCleaner 2006 Free -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Activate.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\AE_CD_Cr.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\AReadr4.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\AReadr5.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ASDSEEpv.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ASPack.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\BDelphi5.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Babylon.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CBuildr5.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CCGA.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CManager.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CatchUp.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CuteFTP4.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CuteHTML.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\DAcceler.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\DiscJug.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ECDCreat4.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FFTsks.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Far.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FlashFXP.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FrntPage.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FrontPEx.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FtpEXP.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FtpVoya.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\GetRight.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\GoZilla.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\GravMRU.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\H_TxtPad.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\HomeSite.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\HotDogPr.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\IconExtr.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ImgReady3.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\InsShExp.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\JASC_P_P.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\KaZaA.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\LView.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MMUnDisk.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MM_CON.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPImaGal.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPaint.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPicPub.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSExplorer.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSRegEdit.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSWMP.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSWordPad.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSoffice.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MacDir.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MacDrWea.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MicAng.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MicDes.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Morpheus.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\NTBackup.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Nero.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\NetShow.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\PHPCoder.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\PhotShel.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\PowerZIP.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\RapidBr.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\RealAuPl.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\RealDown.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\SL_BlWin.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\SecurCRT.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\SmartClr.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Sonique.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\StuffIt.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\TelepPro.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UGifAnim.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UMedStud.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UPhImpV.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UPhotoEx.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UVidStud.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UltraEd.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\VNC.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WebFeret.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WebReap.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinACE.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinGate.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinRAR.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinZIP.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WiseInst.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\YahooPl.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ZipMagic.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\iMesh.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\pfilelst.xda -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Appbase\wordslst.xda -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Download -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\InstHelp.exe -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\ScanReport.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\Schedule.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\UDC2006.xml -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\UDC6.url -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\bnlink.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\diagnosis.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\err.log -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\lapv.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\license.rtf -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\manual.url -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\pv.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\pv.exe -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\readme.rtf -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\sr.log -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\support.url -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\unins000.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\unins000.exe -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\uninstall.ico -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\up.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\updater.dat -> Adware.DriveCleaner : Nettoyé.
C:\Program Files\DriveCleaner 2006 Free\vbpv.dat -> Adware.DriveCleaner : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039055.exe -> Adware.DriveCleaner : Nettoyé.
HKLM\SOFTWARE\DriveCleaner 2006 Free -> Adware.DriveCleaner : Nettoyé.
HKU\S-1-5-21-3117846246-626433616-840302518-1006\Software\DriveCleaner 2006 Free -> Adware.DriveCleaner : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040310.exe -> Adware.PrivacyProtector : Nettoyé.
C:\Program Files\Outerinfo\OiUninstaller.exe -> Adware.PurityScan : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039038.dll -> Adware.PurityScan : Nettoyé.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039040.dll -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039043.exe -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039045.dll -> Adware.Softomate : Nettoyé.
C:\WINDOWS\Μicrosoft.NET\ѕvchost.exe -> Adware.ValueAd : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP105\A0037485.exe -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040311.exe -> Adware.WinFixer : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039021.dll -> Backdoor.Small.nz : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039019.exe -> Downloader.Agent.bca : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039020.exe -> Downloader.Obfuscated.bh : Nettoyé.
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Nettoyé.
C:\WINDOWS\Αdobe\arpa.exe -> Downloader.PurityScan.dt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039014.dll -> Downloader.Small.crd : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039024.exe -> Downloader.Small.crd : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP107\A0038915.exe -> Downloader.Small.ddp : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039047.exe -> Downloader.Tiny.fk : Nettoyé.
C:\Documents and Settings\audrey becourt\Mes documents\Mes fichiers reçus\Pinnacle Studio patch 11.1.0.exe/SiN.exe -> Heuristic.Win32.Backdoor.IrcBot : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039017.exe -> Hijacker.Agent.is : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039048.dll -> Proxy.Dlena.ca : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040048.dll -> Trojan.Agent.acl : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039018.exe -> Trojan.Agent.afs : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039016.dll -> Trojan.Agent.qt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039023.dll -> Trojan.Agent.qt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP106\A0037668.exe -> Trojan.Dialer.rt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP106\A0037679.exe -> Trojan.Dialer.rt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP107\A0037759.exe -> Trojan.Dialer.rt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP107\A0037795.exe -> Trojan.Dialer.rt : Nettoyé.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP107\A0038798.exe -> Trojan.Dialer.rt : Nettoyé.
C:\WINDOWS\system32\wintsvtr.exe -> Trojan.Small : Nettoyé.
Fin du rapport
2 celui de Bitfender
BitDefender Online Scanner
Scan report generated at: Mon, Feb 19, 2007 - 11:51:42
Scan path: C:\;D:\;E:\;
Statistics
Time 01:59:31
Files 899136
Folders 5097
Boot Sectors 2
Archives 9886
Packed Files 125149
Results
Identified Viruses 11
Infected Files 27
Suspect Files 1
Warnings 0
Disinfected 0
Deleted Files 28
Engines Info
Virus Definitions 388752
Engine build AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins 14
Archive plugins 38
Unpack plugins 6
E-mail plugins 6
System plugins 1
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File Status
C:\$VAULT$.AVG\20217890.FIL Infected with: Trojan.SpySheriff.C
C:\$VAULT$.AVG\20217890.FIL Disinfection failed
C:\$VAULT$.AVG\20217890.FIL Deleted
C:\Documents and Settings\audrey becourt\Bureau\l2mfix.exe Infected with: Trojan.Shutdown.Q
C:\Documents and Settings\audrey becourt\Bureau\l2mfix.exe Disinfection failed
C:\Documents and Settings\audrey becourt\Bureau\l2mfix.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP105\A0037503.exe Infected with: Trojan.Downloader.Small.ABK
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP105\A0037503.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP105\A0037503.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039022.dll Infected with: Trojan.Spy.VBStat.B
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP108\A0039022.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039036.dll Infected with: Trojan.Busky.2.Gen
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039036.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039036.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039042.dll Infected with: Trojan.Obfus.Gen
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039042.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0039042.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040064.exe Suspected of: Generic.Malware.Sdld.994F7195
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040064.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040064.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040080.dll Infected with: Trojan.Virtumod.EB
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040080.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040080.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040082.dll Infected with: Trojan.Virtumod.EB
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040082.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040082.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040083.exe Infected with: Trojan.Agent.ACL
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040083.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040083.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040086.dll Infected with: Trojan.Virtumod.EB
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040086.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040086.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040087.dll Infected with: Trojan.Virtumod.EB
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040087.dll Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040087.dll Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040088.exe Infected with: Trojan.Agent.ACL
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040088.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040088.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040314.exe Infected with: Trojan.Downloader.BKK
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040314.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040314.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040316.exe Infected with: Trojan.Downloader.PurityScan.DT
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040316.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040316.exe Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040323.exe=>(NSIS o)=>zlib_nsis0001 Infected with: Trojan.Downloader.Purityscan.C
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040323.exe=>(NSIS o)=>zlib_nsis0001 Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040323.exe=>(NSIS o)=>zlib_nsis0001 Deleted
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040323.exe=>(NSIS o) Update failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040326.exe Infected with: Trojan.Shutdown.Q
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040326.exe Disinfection failed
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP109\A0040326.exe Deleted
C:\VundoFix Backups\bkdtvink.dll.bad Infected with: Trojan.Virtumod.EB
C:\VundoFix Backups\bkdtvink.dll.bad Disinfection failed
C:\VundoFix Backups\bkdtvink.dll.bad Deleted
C:\VundoFix Backups\dgeaswnc.dll.bad Infected with: Trojan.Virtumod.EB
C:\VundoFix Backups\dgeaswnc.dll.bad Disinfection failed
C:\VundoFix Backups\dgeaswnc.dll.bad Deleted
C:\VundoFix Backups\gftjapvt.exe.bad Infected with: Trojan.Agent.ACL
C:\VundoFix Backups\gftjapvt.exe.bad Disinfection failed
C:\VundoFix Backups\gftjapvt.exe.bad Deleted
C:\VundoFix Backups\rksvfsnh.dll.bad Infected with: Trojan.Virtumod.EB
C:\VundoFix Backups\rksvfsnh.dll.bad Disinfection failed
C:\VundoFix Backups\rksvfsnh.dll.bad Deleted
C:\VundoFix Backups\vemdeuhn.dll.bad Infected with: Trojan.Virtumod.EB
C:\VundoFix Backups\vemdeuhn.dll.bad Disinfection failed
C:\VundoFix Backups\vemdeuhn.dll.bad Deleted
C:\VundoFix Backups\yfqcfddw.exe.bad Infected with: Trojan.Agent.ACL
C:\VundoFix Backups\yfqcfddw.exe.bad Disinfection failed
C:\VundoFix Backups\yfqcfddw.exe.bad Deleted
C:\WINDOWS\system32\gpjgcxj.dll Infected with: Trojan.Obfus.Gen
C:\WINDOWS\system32\gpjgcxj.dll Disinfection failed
C:\WINDOWS\system32\gpjgcxj.dll Deleted
C:\WINDOWS\system32\lvsgamoc.dll Infected with: Trojan.Spy.VBStat.B
C:\WINDOWS\system32\lvsgamoc.dll Deleted
C:\WINDOWS\system32\secure32.html Infected with: Trojan.SpySheriff.C
C:\WINDOWS\system32\secure32.html Disinfection failed
C:\WINDOWS\system32\secure32.html Deleted
C:\WINDOWS\system32\spyzygg.dll Infected with: Trojan.Obfus.Gen
C:\WINDOWS\system32\spyzygg.dll Disinfection failed
C:\WINDOWS\system32\spyzygg.dll Deleted
C:\WINDOWS\system32\whoefsje.dll Infected with: Trojan.Spy.VBStat.B
C:\WINDOWS\system32\whoefsje.dll Deleted
3 et pour finir le Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 12:51:31, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: rpcc - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
Voilà, je suis prête pour la suite
A+
Salut
bien,
Télécharge Blacklight (de F-Secure) :
https://europe.f-secure.com/exclude/blacklight/index.shtml
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
++
bien,
Télécharge Blacklight (de F-Secure) :
https://europe.f-secure.com/exclude/blacklight/index.shtml
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
++
re
voici le rapport mais j'ai un doute
02/19/07 13:40:42 [Info]: BlackLight Engine 1.0.55 initialized
02/19/07 13:40:42 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/19/07 13:40:42 [Note]: 7019 4
02/19/07 13:40:42 [Note]: 7005 0
02/19/07 13:40:54 [Note]: 7006 0
02/19/07 13:40:54 [Note]: 7011 1680
02/19/07 13:40:54 [Note]: 7026 0
02/19/07 13:40:54 [Note]: 7026 0
02/19/07 13:41:04 [Note]: FSRAW library version 1.7.1021
02/19/07 13:52:00 [Note]: 7007 0
A+
voici le rapport mais j'ai un doute
02/19/07 13:40:42 [Info]: BlackLight Engine 1.0.55 initialized
02/19/07 13:40:42 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/19/07 13:40:42 [Note]: 7019 4
02/19/07 13:40:42 [Note]: 7005 0
02/19/07 13:40:54 [Note]: 7006 0
02/19/07 13:40:54 [Note]: 7011 1680
02/19/07 13:40:54 [Note]: 7026 0
02/19/07 13:40:54 [Note]: 7026 0
02/19/07 13:41:04 [Note]: FSRAW library version 1.7.1021
02/19/07 13:52:00 [Note]: 7007 0
A+
re
c'est bien celui-ci !
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
ensuite remets un new hijack stp
@+
c'est bien celui-ci !
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
ensuite remets un new hijack stp
@+
re
voisi le rapport mais je n'ai pas eu d'ecran bleu
[02/19/2007, 19:51:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\audrey becourt\Bureau\VirtumundoBeGone.exe" )
[02/19/2007, 19:51:35] - Detected System Information:
[02/19/2007, 19:51:35] - Windows Version: 5.1.2600, Service Pack 2
[02/19/2007, 19:51:35] - Current Username: audrey becourt (Admin)
[02/19/2007, 19:51:35] - Windows is in NORMAL mode.
[02/19/2007, 19:51:35] - Searching for Browser Helper Objects:
[02/19/2007, 19:51:35] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[02/19/2007, 19:51:35] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/19/2007, 19:51:35] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/19/2007, 19:51:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2007, 19:51:35] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/19/2007, 19:51:35] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/19/2007, 19:51:35] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[02/19/2007, 19:51:35] - BHO 5: {8C32931D-9CBC-4126-83BA-55EAAA25B255} ()
[02/19/2007, 19:51:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2007, 19:51:35] - No filename found. Continuing.
[02/19/2007, 19:51:35] - BHO 6: {8E0D7062-B99F-48D1-9BF9-6E93522879A8} ()
[02/19/2007, 19:51:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2007, 19:51:35] - No filename found. Continuing.
[02/19/2007, 19:51:35] - BHO 7: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/19/2007, 19:51:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2007, 19:51:35] - Checking for HKLM\...\Winlogon\Notify\oudoewdm
[02/19/2007, 19:51:35] - Key not found: HKLM\...\Winlogon\Notify\oudoewdm, continuing.
[02/19/2007, 19:51:35] - Finished Searching Browser Helper Objects
[02/19/2007, 19:51:35] - Finishing up...
[02/19/2007, 19:51:35] - Nothing found! Exiting...
puis le HIjack
Logfile of HijackThis v1.99.1
Scan saved at 19:58:30, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: rpcc - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
je n'ai pas bien compris s'il fallait que j'envoie un seconde Hijack?!
A toute
voisi le rapport mais je n'ai pas eu d'ecran bleu
[02/19/2007, 19:51:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\audrey becourt\Bureau\VirtumundoBeGone.exe" )
[02/19/2007, 19:51:35] - Detected System Information:
[02/19/2007, 19:51:35] - Windows Version: 5.1.2600, Service Pack 2
[02/19/2007, 19:51:35] - Current Username: audrey becourt (Admin)
[02/19/2007, 19:51:35] - Windows is in NORMAL mode.
[02/19/2007, 19:51:35] - Searching for Browser Helper Objects:
[02/19/2007, 19:51:35] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[02/19/2007, 19:51:35] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/19/2007, 19:51:35] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/19/2007, 19:51:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2007, 19:51:35] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/19/2007, 19:51:35] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/19/2007, 19:51:35] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[02/19/2007, 19:51:35] - BHO 5: {8C32931D-9CBC-4126-83BA-55EAAA25B255} ()
[02/19/2007, 19:51:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2007, 19:51:35] - No filename found. Continuing.
[02/19/2007, 19:51:35] - BHO 6: {8E0D7062-B99F-48D1-9BF9-6E93522879A8} ()
[02/19/2007, 19:51:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2007, 19:51:35] - No filename found. Continuing.
[02/19/2007, 19:51:35] - BHO 7: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/19/2007, 19:51:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2007, 19:51:35] - Checking for HKLM\...\Winlogon\Notify\oudoewdm
[02/19/2007, 19:51:35] - Key not found: HKLM\...\Winlogon\Notify\oudoewdm, continuing.
[02/19/2007, 19:51:35] - Finished Searching Browser Helper Objects
[02/19/2007, 19:51:35] - Finishing up...
[02/19/2007, 19:51:35] - Nothing found! Exiting...
puis le HIjack
Logfile of HijackThis v1.99.1
Scan saved at 19:58:30, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: rpcc - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
je n'ai pas bien compris s'il fallait que j'envoie un seconde Hijack?!
A toute
re
ok,
Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1
Poste le rapport qui se trouve ici C:\rapport_clean.txt
ensuite :
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 2
Poste le rapport qui se trouve ici C:\rapport_clean.txt
ensuite :
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis stp
@+
ok,
Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1
Poste le rapport qui se trouve ici C:\rapport_clean.txt
ensuite :
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 2
Poste le rapport qui se trouve ici C:\rapport_clean.txt
ensuite :
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis stp
@+
re
voici les rapports:
CLEAN:
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 20/02/2007 a 9:01:11,09
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\unsvchosts.lzma FOUND
"C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\" FOUND
"C:\Program Files\DivX\Google\Firefox\ffinstaller.exe" FOUND
"C:\Program Files\Outerinfo" FOUND
"C:\Program Files\VSAdd-in\" FOUND
*** Fin du rapport !
CLEAN MODE SS ECHEC
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 20/02/2007 a 9:10:38,81
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
tentative de suppression de C:\WINDOWS\system32\unsvchosts.lzma
tentative de suppression de "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\"
tentative de suppression de "C:\Program Files\DivX\Google\Firefox\ffinstaller.exe"
tentative de suppression de "C:\Program Files\Outerinfo"
tentative de suppression de "C:\Program Files\VSAdd-in\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
SDFIX MODE SS ECHEC
SDFix: Version 1.66
Run by Administrateur - 20/02/2007 @ 9:26:51,43
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
COM+ Messages
Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272
COM+ Messages Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found...
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Microsoft Games\\Combat Flight Simulator 3\\cfs3.exe"="C:\\Program Files\\Microsoft Games\\Combat Flight Simulator 3\\cfs3.exe:*:Enabled:Microsoft® Combat Flight Simulator 3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\WINDOWS\\TEMP\\win19.tmp.exe"="C:\\WINDOWS\\TEMP\\win19.tmp.exe:*:Enabled:win19.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
Remaining Files:
---------------
Checking For Files with Hidden Attributes :
C:\Documents and Settings\audrey becourt\Mes documents\Ma musique\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\Thumbs.db
C:\WINDOWS\system32\nnnkljh.dll
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP93\A0035243.exe
C:\WINDOWS\system32\taskmgrz.exe~
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Add/Remove Programs List:
Ad-Aware SE Personal
Adobe Acrobat 5.0
Agent Wifi Club-Internet
ATI - Utilitaire de d‚sinstallation du logiciel
ATI Display Driver
AVG Anti-Spyware 7.5
CCleaner (remove only)
Microsoft Combat Flight Simulator 2
Microsoft Combat Flight Simulator 3.0
Microsoft Fighter Ace II
Axialis IconWorkshop 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Kaspersky Internet Security 6.0
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB884018
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885855
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
High Definition Audio Driver Package - KB888111
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB889673
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Correctif Windows XP - KB893056
Correctif Windows XP - KB895200
K-Lite Codec Pack 2.72 Full
Language pack for Ad-Aware SE
LiveUpdate 1.90 (Symantec Corporation)
Microsoft .NET Framework 1.1
Mozilla Firefox (2.0.0.1)
Microsoft Compression Client Pack 1.0 for Windows XP
Native Instruments B4 v1.11
Nero OEM
NeroVision Express 2
Microsoft National Language Support Downlevel APIs
Nero Media Player
NoAdware v5.0
Outil de diagnostic PC TOSHIBA
Gestion d'‚nergie TOSHIBA
Adobe Flash Player 9 ActiveX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Synaptics Pointing Device Driver
Docteur Club Internet
TOSHIBA Software Modem
VideoLAN VLC media player 0.8.6a
Lecteur Windows Mediaÿ11
WinRAR archiver
Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Anti-Spy
Yahoo! Toolbar avec bloqueur de fenˆtres pop-up
Yahoo! Toolbar
Outerinfo
Microsoft Office 2000 Small Business
Macromedia Flash Player
Atheros Wireless LAN MiniPCI card Driver
Panneau de contr“le ATI
Sonic DLA
Assist TOSHIBA
Norton WMI Update
Mosquito Combat
AutoUpdate
Google Toolbar for Firefox
InterVideo WinDVD Creator 2
J2SE Runtime Environment 5.0 Update 4
Manuels TOSHIBA
Touch and Launch
Utilitaire de zoom TOSHIBA
TOSHIBA Hotkey Utility
TOSHIBA TouchPad ON/Off Utility
Microsoft Works
Atheros Client Utility
VSAdd-in for Internet Explorer
TOSHIBA Utilities
DivX Player
Son virtuel TOSHIBA
Microsoft Office Excel Viewer 2003
InterVideo WinDVD for TOSHIBA
Microsoft Office OneNote 2003
REALTEK Gigabit and Fast Ethernet NIC Driver
Sonic RecordNow!
Microsoft .NET Framework 1.1 French Language Pack
Myst III: Exile
R‚ducteur de bruit lect. CD/DVD
Commandes TOSHIBA
Adobe Reader 8 - Fran‡ais
ArcSoft Camera Suite
DivX Converter
DivX Web Player
TOSHIBA ConfigFree
Microsoft .NET Framework 1.1
Kaspersky Internet Security 6.0
Lanceur Club Internet v6
Windows Live Messenger
Realtek High Definition Audio Driver
Finished
HIJACK
Logfile of HijackThis v1.99.1
Scan saved at 09:59:10, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
merci et à toute
voici les rapports:
CLEAN:
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 20/02/2007 a 9:01:11,09
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\unsvchosts.lzma FOUND
"C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\" FOUND
"C:\Program Files\DivX\Google\Firefox\ffinstaller.exe" FOUND
"C:\Program Files\Outerinfo" FOUND
"C:\Program Files\VSAdd-in\" FOUND
*** Fin du rapport !
CLEAN MODE SS ECHEC
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 20/02/2007 a 9:10:38,81
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
tentative de suppression de C:\WINDOWS\system32\unsvchosts.lzma
tentative de suppression de "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\"
tentative de suppression de "C:\Program Files\DivX\Google\Firefox\ffinstaller.exe"
tentative de suppression de "C:\Program Files\Outerinfo"
tentative de suppression de "C:\Program Files\VSAdd-in\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
SDFIX MODE SS ECHEC
SDFix: Version 1.66
Run by Administrateur - 20/02/2007 @ 9:26:51,43
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
COM+ Messages
Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272
COM+ Messages Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found...
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Microsoft Games\\Combat Flight Simulator 3\\cfs3.exe"="C:\\Program Files\\Microsoft Games\\Combat Flight Simulator 3\\cfs3.exe:*:Enabled:Microsoft® Combat Flight Simulator 3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\WINDOWS\\TEMP\\win19.tmp.exe"="C:\\WINDOWS\\TEMP\\win19.tmp.exe:*:Enabled:win19.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
Remaining Files:
---------------
Checking For Files with Hidden Attributes :
C:\Documents and Settings\audrey becourt\Mes documents\Ma musique\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\Thumbs.db
C:\WINDOWS\system32\nnnkljh.dll
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP93\A0035243.exe
C:\WINDOWS\system32\taskmgrz.exe~
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Add/Remove Programs List:
Ad-Aware SE Personal
Adobe Acrobat 5.0
Agent Wifi Club-Internet
ATI - Utilitaire de d‚sinstallation du logiciel
ATI Display Driver
AVG Anti-Spyware 7.5
CCleaner (remove only)
Microsoft Combat Flight Simulator 2
Microsoft Combat Flight Simulator 3.0
Microsoft Fighter Ace II
Axialis IconWorkshop 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Kaspersky Internet Security 6.0
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB884018
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885855
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
High Definition Audio Driver Package - KB888111
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB889673
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Correctif Windows XP - KB893056
Correctif Windows XP - KB895200
K-Lite Codec Pack 2.72 Full
Language pack for Ad-Aware SE
LiveUpdate 1.90 (Symantec Corporation)
Microsoft .NET Framework 1.1
Mozilla Firefox (2.0.0.1)
Microsoft Compression Client Pack 1.0 for Windows XP
Native Instruments B4 v1.11
Nero OEM
NeroVision Express 2
Microsoft National Language Support Downlevel APIs
Nero Media Player
NoAdware v5.0
Outil de diagnostic PC TOSHIBA
Gestion d'‚nergie TOSHIBA
Adobe Flash Player 9 ActiveX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Synaptics Pointing Device Driver
Docteur Club Internet
TOSHIBA Software Modem
VideoLAN VLC media player 0.8.6a
Lecteur Windows Mediaÿ11
WinRAR archiver
Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Anti-Spy
Yahoo! Toolbar avec bloqueur de fenˆtres pop-up
Yahoo! Toolbar
Outerinfo
Microsoft Office 2000 Small Business
Macromedia Flash Player
Atheros Wireless LAN MiniPCI card Driver
Panneau de contr“le ATI
Sonic DLA
Assist TOSHIBA
Norton WMI Update
Mosquito Combat
AutoUpdate
Google Toolbar for Firefox
InterVideo WinDVD Creator 2
J2SE Runtime Environment 5.0 Update 4
Manuels TOSHIBA
Touch and Launch
Utilitaire de zoom TOSHIBA
TOSHIBA Hotkey Utility
TOSHIBA TouchPad ON/Off Utility
Microsoft Works
Atheros Client Utility
VSAdd-in for Internet Explorer
TOSHIBA Utilities
DivX Player
Son virtuel TOSHIBA
Microsoft Office Excel Viewer 2003
InterVideo WinDVD for TOSHIBA
Microsoft Office OneNote 2003
REALTEK Gigabit and Fast Ethernet NIC Driver
Sonic RecordNow!
Microsoft .NET Framework 1.1 French Language Pack
Myst III: Exile
R‚ducteur de bruit lect. CD/DVD
Commandes TOSHIBA
Adobe Reader 8 - Fran‡ais
ArcSoft Camera Suite
DivX Converter
DivX Web Player
TOSHIBA ConfigFree
Microsoft .NET Framework 1.1
Kaspersky Internet Security 6.0
Lanceur Club Internet v6
Windows Live Messenger
Realtek High Definition Audio Driver
Finished
HIJACK
Logfile of HijackThis v1.99.1
Scan saved at 09:59:10, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\audrey becourt\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Task Manager Service] taskmgrz.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Task Manager Service] taskmgrz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
merci et à toute
Salut
# Désactiver la Restauration du système
* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs
( tu pourras la réactivé à la fin de la manip )
# Affiche les dossiers système et fichiers cachés :
Ouvrir le poste de travail :
- Outils --> Options des dossiers
- Affichage --> zone Paramètres avancés
- Cocher : Afficher le contenu des dossiers système
- Cocher : Afficher les fichiers et dossiers cachés
- Décocher : Masquer les extensions des fichiers dont le type est connu
- Décocher : Masquer les fichiers protégés du système d'exploitation (recommandé)
répondre Oui au message
Clique sur "Appliquer à tous les dossiers"
Clique sur OK
# Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
Télécharge Killbox sur ton Bureau :
http://www.downloads.subratam.org/KillBox.exe
Double-clique killbox.exe.
Copie le texte gras ci-bas (sélectionne tout avec ta souris, clic-droit et "Copier") :
winjyp32.dll
C:\WINDOWS\system32\oudoewdm.dll
* Sélectionnz "delete on reboot"
* Cliquez sur le menu "File" -> "Past from clip board"
* Cliquez sur All Files
* Cliquez sur la croix rouge et et blanche
* Répondez yes et laisse redémarrer ton pc.
*poste un nouveau blacklight
cf démo : http://mickael.barroux.free.fr/securite/killbox.html
ensuite, reposte un nouveau hijack stp
@+
# Désactiver la Restauration du système
* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs
( tu pourras la réactivé à la fin de la manip )
# Affiche les dossiers système et fichiers cachés :
Ouvrir le poste de travail :
- Outils --> Options des dossiers
- Affichage --> zone Paramètres avancés
- Cocher : Afficher le contenu des dossiers système
- Cocher : Afficher les fichiers et dossiers cachés
- Décocher : Masquer les extensions des fichiers dont le type est connu
- Décocher : Masquer les fichiers protégés du système d'exploitation (recommandé)
répondre Oui au message
Clique sur "Appliquer à tous les dossiers"
Clique sur OK
# Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - (no file)
O2 - BHO: (no name) - {8E0D7062-B99F-48D1-9BF9-6E93522879A8} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oudoewdm.dll
O20 - Winlogon Notify: opnlmkl - C:\WINDOWS\
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
Télécharge Killbox sur ton Bureau :
http://www.downloads.subratam.org/KillBox.exe
Double-clique killbox.exe.
Copie le texte gras ci-bas (sélectionne tout avec ta souris, clic-droit et "Copier") :
winjyp32.dll
C:\WINDOWS\system32\oudoewdm.dll
* Sélectionnz "delete on reboot"
* Cliquez sur le menu "File" -> "Past from clip board"
* Cliquez sur All Files
* Cliquez sur la croix rouge et et blanche
* Répondez yes et laisse redémarrer ton pc.
*poste un nouveau blacklight
cf démo : http://mickael.barroux.free.fr/securite/killbox.html
ensuite, reposte un nouveau hijack stp
@+