Sujet Précédent Sujet Suivant

J'ai un vundo@dll.trj

Fermé
seb - 28 mai 2008 à 12:16
 Utilisateur anonyme - 1 juin 2008 à 17:15
Bonjour,

j'ai un cheval de troie qui me lache plus...
vundofix ne trouve rien
j'ai lancer un scan avec hijackthis et je ne sais pas quoi faire du résultat le voila merci pour l'aide


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:41, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - C:\WINDOWS\system32\cbXPiFxv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [qmoclya] c:\documents and settings\seb elmon\local settings\application data\qmoclya.exe qmoclya
O4 - HKCU\..\Run: [hhmgkkoc] c:\documents and settings\seb elmon\local settings\application data\hhmgkkoc.exe hhmgkkoc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: cbXPiFxv - C:\WINDOWS\SYSTEM32\cbXPiFxv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

45 réponses

Précédent
Réponse 21 / 45
Utilisateur anonyme
28 mai 2008 à 21:07
réouvre hijackthis fais scan only

coche ces lignes :

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b

coche les et clic sur fix checked

ensuite verifie ça

va dans poste de travail
entre dans le disque C
entre dans le dossier windows

recherche ce fichier : asxpmbdj.dll

si il est present supprime le


ensuite suis cette procédure :



_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.


? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.


http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe >
? Clique sur .Recherche
? puis sur Suppression quand la liste est trouvée.
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
0
seb
28 mai 2008 à 21:16
-->- Recherche:

C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\Seb Elmon\Local Settings\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe: trouvé !
C:\Documents and Settings\Seb Elmon\Local Settings\Temp\Répertoire temporaire 4 pour HiJackThis.zip\HijackThis.exe: trouvé !
C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\Clean.zip: trouvé !
C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\ComboFix.exe: trouvé !
C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\vundoFix.exe: trouvé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\Australia\Clean: trouvé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\Creative Assembly\Clean: trouvé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\EA Sports\Clean: trouvé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\England\Clean: trouvé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\France\Clean: trouvé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\Ireland\Clean: trouvé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\New Zealand\Clean: trouvé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\Scotland\Clean: trouvé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\South Africa\Clean: trouvé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\World Cup\Clean: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Seb Elmon\Local Settings\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe: supprimé !
C:\Documents and Settings\Seb Elmon\Local Settings\Temp\Répertoire temporaire 4 pour HiJackThis.zip\HijackThis.exe: supprimé !
C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\Clean.zip: supprimé !
C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\ComboFix.exe: supprimé !
C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\vundoFix.exe: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\Australia\Clean: supprimé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\Creative Assembly\Clean: supprimé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\EA Sports\Clean: supprimé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\England\Clean: supprimé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\France\Clean: supprimé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\Ireland\Clean: supprimé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\New Zealand\Clean: supprimé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\Scotland\Clean: supprimé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\South Africa\Clean: supprimé !
C:\Program Files\EA SPORTS\Rugby 2001\game\data\textures\balls\World Cup\Clean: supprimé !
0
Réponse 22 / 45
seb
28 mai 2008 à 21:08
lorsque je redemare l'ordi

une fenetre souvre

RUNDLL
erreur de chargement de C:\WINDOWS\system32\asxpmbdj.dll
le module spécifié est introuvable
0
Réponse 23 / 45
Utilisateur anonyme
28 mai 2008 à 21:14
faus positif rrrr

va sur ce site :

https://www.dll-files.com/request/

met ton mail

tu recevra un message et t aura la dll

il te suffira de la mettre dans le dossier system32

poste de travail dossier windows dossier system32
0
seb
28 mai 2008 à 21:23
j' ai mis mon adresse mail
le message d'erreur

mais filename je ne sais pas quoi mettre
0
Réponse 24 / 45
Utilisateur anonyme
28 mai 2008 à 21:25
DANS filename met : asxpmbdj.dll
0
seb
28 mai 2008 à 21:27
ok c'est fait
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
Utilisateur anonyme
28 mai 2008 à 21:28
en fait cette dll

j ai fais des recherche et elle etait declaré nefaste

mais au final dans ton system elle est légitime sorry
0
seb
28 mai 2008 à 21:29
je fais quoi maintenant
0
Réponse 26 / 45
Utilisateur anonyme
28 mai 2008 à 21:32
Maintenat c est fini ton pc est propre

faudra attendre le mail pour la dll tu aura un lien pour la telecharger

voila

ciao et @+
0
Réponse 27 / 45
Utilisateur anonyme
28 mai 2008 à 21:34
Je garde ton sujet dans mes intervention au cas ou y un soucis avec cette dll
0
seb
28 mai 2008 à 21:36
merci pour tous
bonne soiree
0
seb
28 mai 2008 à 22:21
par contre j'ai le processeur qui tourne vite meme avec aucune application ouverte
0
Réponse 28 / 45
Utilisateur anonyme
28 mai 2008 à 21:37
Salut ,
Non dans son système ( comme dans tout les systèmes ) , elle n'est pas légitime.

Seb , supprime ce fichier :

C:\WINDOWS\system32\asxpmbdj.dll

Si tu ne le trouve pas , cela veut dire qu'il y a des clés de registres infectées à supprimer.

(Chiquitine > d'ailleurs dans le CFScript , la syntaxe pour registry est incorrècte )




A++
0
Réponse 29 / 45
Utilisateur anonyme
28 mai 2008 à 22:30
telecharge Ccleaner :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

instal le sans la barre yahoo

fais lancer le nettoyage

repete l opération jusqu a ce qu il trouve rien

ensuite fais registre

fais chercher les erreures

ensuite fais corriger les erreures

repete l opération jusqu a ce qu il trouve rien
0
seb
28 mai 2008 à 22:56
idem au niveau du processeur

plein de fichier suprime avec le nettoyeur, je n'ai plus rien

registre idem sauf un qui reste
programme de demarage manquant rundll32.exe
windows/system32/asxpmbdj.dll'',b
0
Réponse 30 / 45
Utilisateur anonyme
28 mai 2008 à 23:16
Va dans poste de travail

fais un clic droit sur le disque C
choisi propriete
va sur outil
chosi defragmenter

ouvre la commande executer
tape msconfig
va sur demarrage

décoche les programmes inutiles clic sur appliquer et redémarre apres la defragmentation

sinon fais moi la liste des programmes je te dirais quoi decocher
0
seb
29 mai 2008 à 21:37
comment je fais pour t'envoyer la liste je ne peut pas faire de copier coller
0
Réponse 31 / 45
Utilisateur anonyme
29 mai 2008 à 21:38
manuellement sorry
0
seb
29 mai 2008 à 21:46
je n'ai toujours pas reçus de mail pour systeme 32


voici les programs

jusched
stsystra
issch
groove monitor
ehtray
bjjmain
avgnt
atiptaxx
reader_sl
asxpmbdj
teatimer
0
Réponse 32 / 45
Utilisateur anonyme
29 mai 2008 à 21:52
decoche ça :

stsystra
jusched
reader_sl
asxpmbdj

clic sur appliqué et redémarre

dis moi si t as encore le soucis de dll
0
seb
29 mai 2008 à 22:06
oui j'ai toujours le probleme et le processeur spide toujours autant
0
Réponse 33 / 45
Utilisateur anonyme
29 mai 2008 à 22:25
fais ctrl + alt + suprr

ouvre le gestionnaire des taches et regarde quelle application te prend le plus de ressources
0
seb
29 mai 2008 à 23:28
lorsque j'ouvre le gestionnaire de tache le pocesseur s'arrete de speede
lorsque je le referme le processeur speed de nouveau

je ne sais pas voir quelle application prend le plus de ressources
0
Réponse 34 / 45
seb
29 mai 2008 à 23:23
voici le report.txt
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\sys92499.exe
Running in: User mode
Date: 29/05/2008
Time: 23:18:20

Output limited to:
-Recent files
-Registry Run Keys
-Suspicious Files

===================== RECENT FILES =====================

Showing files newer than 30 days

----- recent files in C:\
10/05/2008 14:59:38 (DIR) 0 byte 19 days old -- System Volume Information
15/05/2008 14:06:30 (DIR) 0 byte 14 days old -- i386
22/05/2008 11:18:14 (DIR) 0 byte 7 days old -- kav
23/05/2008 19:26:53 969 byte 6 days old -- VundoFix.txt
28/05/2008 15:03:41 640432 byte 1 days old -- upload_moi_ELMON.tar.gz
28/05/2008 15:30:47 198 byte 1 days old -- resultat_clean.txt
28/05/2008 15:32:50 637 byte 1 days old -- rapport_clean.txt
28/05/2008 18:39:20 13463 byte 1 days old -- ComboFix.txt
28/05/2008 18:54:04 (DIR) 0 byte 1 days old -- RECYCLER
28/05/2008 19:31:57 (DIR) 0 byte 1 days old -- Config.Msi
28/05/2008 21:15:45 3103 byte 1 days old -- TCleaner.txt
29/05/2008 22:04:22 209 byte 0 days old -- boot.ini
29/05/2008 22:24:00 1610612736 byte 0 days old -- pagefile.sys
29/05/2008 22:24:02 (DIR)1071796224 byte 0 days old -- hiberfil.sys
29/05/2008 22:26:18 (DIR) 0 byte 0 days old -- WINDOWS
29/05/2008 23:05:09 (DIR) 0 byte 0 days old -- Program Files
29/05/2008 23:06:06 (DIR) 0 byte 0 days old -- Deckard

----- recent files in C:\WINDOWS\
15/05/2008 11:49:17 1208 byte 14 days old -- wininit.ini
19/05/2008 20:24:27 (DIR) 0 byte 10 days old -- $NtUninstallKB950749$
22/05/2008 11:36:24 614 byte 7 days old -- BM97e7ca65.txt
28/05/2008 10:31:38 (DIR) 0 byte 1 days old -- $hf_mig$
28/05/2008 11:45:54 (DIR) 0 byte 1 days old -- $NtUninstallKB932823-v3$
28/05/2008 11:46:01 (DIR) 0 byte 1 days old -- inf
28/05/2008 15:15:20 (DIR) 0 byte 1 days old -- network diagnostic
28/05/2008 19:34:14 (DIR) 0 byte 1 days old -- Installer
28/05/2008 20:19:50 (DIR) 0 byte 1 days old -- Debug
28/05/2008 20:19:50 (DIR) 0 byte 1 days old -- Minidump
29/05/2008 08:29:06 (DIR) 0 byte 0 days old -- pss
29/05/2008 15:56:21 (DIR) 0 byte 0 days old -- system32
29/05/2008 22:00:35 4776 byte 0 days old -- ModemLog_SoftV90 Data Fax Modem.txt
29/05/2008 22:04:22 227 byte 0 days old -- system.ini
29/05/2008 22:04:22 699 byte 0 days old -- win.ini
29/05/2008 22:23:07 32512 byte 0 days old -- SchedLgU.Txt
29/05/2008 22:24:04 2048 byte 0 days old -- bootstat.dat
29/05/2008 22:24:19 50 byte 0 days old -- wiaservc.log
29/05/2008 22:24:20 159 byte 0 days old -- wiadebug.log
29/05/2008 22:24:20 (DIR) 0 byte 0 days old -- Registration
29/05/2008 22:25:04 0 byte 0 days old -- 0.log
29/05/2008 22:28:45 32 byte 0 days old -- buff-out.r72
29/05/2008 23:05:03 1381167 byte 0 days old -- WindowsUpdate.log
29/05/2008 23:05:03 1212 byte 0 days old -- wmsetup.log
29/05/2008 23:06:15 (DIR) 0 byte 0 days old -- erdnt
29/05/2008 23:17:16 (DIR) 0 byte 0 days old -- Temp
29/05/2008 23:17:36 (DIR) 0 byte 0 days old -- Prefetch
29/05/2008 23:17:55 384 byte 0 days old -- jantje
29/05/2008 23:17:55 8304 byte 0 days old -- buff-in.ogf
29/05/2008 23:17:55 208 byte 0 days old -- buff-out.ogf
29/05/2008 23:17:55 32 byte 0 days old -- buff-in.r72

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
09/05/2008 23:35:04 16863864 byte 20 days old -- MRT.exe
10/05/2008 14:59:38 (DIR) 0 byte 19 days old -- Restore
10/05/2008 15:00:33 1 byte 19 days old -- kr_done1de
22/05/2008 11:35:17 0 byte 7 days old -- clkcnt.txt
28/05/2008 11:45:55 (DIR) 0 byte 1 days old -- dllcache
28/05/2008 16:12:57 (DIR) 0 byte 1 days old -- config
28/05/2008 19:14:36 (DIR) 0 byte 1 days old -- FlashAX
28/05/2008 19:31:37 6508 byte 1 days old -- jupdate-1.6.0_06-b02.log
28/05/2008 19:45:17 3072 byte 1 days old -- CONFIG.NT
28/05/2008 19:58:03 (DIR) 0 byte 1 days old -- drivers
29/05/2008 22:24:20 (DIR) 0 byte 0 days old -- CatRoot2
29/05/2008 22:26:12 2206 byte 0 days old -- wpa.dbl

----- recent files in C:\WINDOWS\system32\drivers\
05/05/2008 20:46:32 15864 byte 24 days old -- mbam.sys
05/05/2008 20:46:36 27048 byte 24 days old -- mbamcatchme.sys
28/05/2008 20:12:24 79424 byte 1 days old -- avipbb.sys
28/05/2008 23:19:07 (DIR) 0 byte 1 days old -- etc

----- recent files in C:\WINDOWS\temp\

----- recent files in C:\Program Files\
08/05/2008 14:41:33 (DIR) 0 byte 21 days old -- FileZilla FTP Client
09/05/2008 12:51:18 (DIR) 0 byte 20 days old -- Luxor 3
22/05/2008 10:18:57 (DIR) 0 byte 7 days old -- eMule
28/05/2008 12:25:53 (DIR) 0 byte 1 days old -- Malwarebytes' Anti-Malware
28/05/2008 19:30:08 (DIR) 0 byte 1 days old -- Fichiers communs
28/05/2008 19:31:37 (DIR) 0 byte 1 days old -- Java
28/05/2008 19:31:56 (DIR) 0 byte 1 days old -- Sun
28/05/2008 19:45:42 (DIR) 0 byte 1 days old -- Alwil Software
28/05/2008 19:58:02 (DIR) 0 byte 1 days old -- Avira
28/05/2008 20:18:39 (DIR) 0 byte 1 days old -- CCleaner
28/05/2008 20:21:52 (DIR) 0 byte 1 days old -- Yahoo!
29/05/2008 23:05:09 (DIR) 0 byte 0 days old -- Trend Micro

----- recent files in C:\Program Files\Fichiers communs\
28/05/2008 19:30:08 (DIR) 0 byte 1 days old -- Java

----- recent files in C:\Documents and Settings\Seb Elmon\Application Data\
02/05/2008 10:32:58 (DIR) 0 byte 27 days old -- Mozilla
07/05/2008 11:36:09 (DIR) 0 byte 22 days old -- Microsoft
08/05/2008 15:16:36 (DIR) 0 byte 21 days old -- FileZilla
11/05/2008 19:12:52 196 byte 18 days old -- G-Force Prefs (WindowsMediaPlayer).txt
22/05/2008 11:20:30 (DIR) 0 byte 7 days old -- uTorrent
28/05/2008 12:26:03 (DIR) 0 byte 1 days old -- Malwarebytes

----- recent files in C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\
29/05/2008 22:32:56 75460 byte 0 days old -- WCESLog.log
29/05/2008 23:17:26 25850 byte 0 days old -- WCESMgr.log
29/05/2008 23:17:26 16384 byte 0 days old -- ~DF3433.tmp
29/05/2008 23:17:26 76 byte 0 days old -- systemscan.ini
29/05/2008 23:17:26 (DIR) 0 byte 0 days old -- nsw29.tmp

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[run]
"ISUSScheduler"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe\" -start"
"ISUSPM Startup"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe\" -startup"
"GrooveMonitor"="\"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe\""
"ehTray"="C:\WINDOWS\ehome\ehtray.exe"
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon"
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"ATIPTA"="\"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe\""
"94d4f9f9"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b"

[run\OptionalComponents]
@=""

[run\OptionalComponents\IMAIL]
@=""

[run\OptionalComponents\MAPI]
@=""

[run\OptionalComponents\MSFS]
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"H/PC Connection Agent"="\"C:\Program Files\Microsoft ActiveSync\wcescomm.exe\""

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
#### HKCR\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32 @="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Sans fil"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Planificateur de paquets QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Sécurité IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\WgaLogon]
"DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\WgaLogon\Settings]

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SCLogon]

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00lsdelete\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll"

[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll"

[Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
#### HKCR\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\InprocServer32 @="C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

[MSConfig]

[MSConfig\services]

[MSConfig\startupfolder]

[MSConfig\startupreg]

[MSConfig\startupreg\94d4f9f9]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="asxpmbdj"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b"
"inimapping"="0"

[MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"inimapping"="0"

[MSConfig\startupreg\SigmatelSysTrayApp]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="stsystra"
"hkey"="HKLM"
"command"="stsystra.exe"
"inimapping"="0"

[MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe\""
"inimapping"="0"

[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000002

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00002d27

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"

[SharedAccess\Parameters\FirewallPolicy\RestrictedServices]

[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\WYSIWYG\Bin\Wyg.exe"="C:\Program Files\WYSIWYG\Bin\Wyg.exe:*:Enabled:WYG Application"
"C:\Program Files\MA Lighting Technologies\grandMA 3D\GrandMA 3D.exe"="C:\Program Files\MA Lighting Technologies\grandMA 3D\GrandMA 3D.exe:*:Enabled:grandMA 3D"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Flying Pig Systems\Hog3PC\launcher-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\launcher-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\Program Files\Flying Pig Systems\Hog3PC\server-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\server-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\Program Files\Flying Pig Systems\Hog3PC\ob2000-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\ob2000-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\Program Files\Flying Pig Systems\Hog3PC\desktop-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\desktop-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\Program Files\Flying Pig Systems\Hog3PC\critical-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\critical-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\Program Files\Flying Pig Systems\Hog3PC\livecache-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\livecache-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\kav\kav7.0\english\setup.exe"="C:\kav\kav7.0\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22002"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

[AU]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{C75D780B-5CD4-494E-AB96-5DA2A6677439}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{161C1725-D892-484A-9F8E-41B7C73BAA5F}]
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\KB910393]
"@="KB910393"
"ComponentID"="KB910393"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall"

[Installed Components\Microsoft Base Smart Card Crypto Provider Package]

[Installed Components\WriteRegStr]

[Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
#### HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll"

[Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre1.6.0_06\bin\regutils.dll"

[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}]
"@="Fichier Lisez-moi d'Internet Explorer"
"ComponentID"="IEREADME"

[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
"@="IEEX"
"ComponentID"="IEEX"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"

[Installed Components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]
"@="Microsoft .NET Framework 1.0 Hotfix (KB887998)"
"ComponentID"="NDPKB887998"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
#### HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll"

[Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
#### HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
"@="Media Center"
"ComponentID"="Media Center Shortcut"
"StubPath"=expand:"%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf"

[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
"@="Web Folders"
"ComponentID"="WebFolders"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"

[Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
"@="Fax"
"ComponentID"="Fax"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser"

[Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
"ComponentID"="M928366"
"@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
"@="Fax Provider"
"ComponentID"="Fax Provider"
"StubPath"="rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider"

[Installed Components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
"@=".NET Framework"
"ComponentID"=".NETFramework"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
"@="Microsoft .NET Framework 1.0 Hotfix (KB930494)"
"ComponentID"="NDPKB930494"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
"@="Mise à jours cumulée de sécurité OE Avril 2003"
"ComponentID"="CUSTOM2"

[Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]
"@=".NET Framework"
"ComponentID"=".NETFramework"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {44A97F48-C35D-4E71-8945-283E62E16E51} REG_BINARY 36000000000000000400000000000000D6A66648A9FE020133000000000000000400000000000000D6A6664800278D003B000000000000000400000000000000D6A6664800229B603A000000000000000400000000000000D6A666480013C68001000000000000000400000000000000D6A66648FFFFFF0035000000000000000100000000000000D6A6664805000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {44A97F48-C35D-4E71-8945-283E62E16E51} REG_BINARY FC00000000000000000000000000000024113F4836000000000000000400000000000000E59D6648A9FE020133000000000000000400000000000000E59D664800278D003B000000000000000400000000000000E59D664800229B603A000000000000000400000000000000E59D66480013C68001000000000000000400000000000000E59D6648FFFFFF0035000000000000000100000000000000E59D664805000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP\Parameters\Synchronize
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11559 (0x2D27)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11553 (0x2D21)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.54.252 212.27.53.252
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseObtainedTime REG_DWORD 1212094934 (0x483F19D6)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseObtainedTime REG_DWORD 1212092645 (0x483F10E5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T1 REG_DWORD 1213390934 (0x4852E056)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T1 REG_DWORD 1213388645 (0x4852D765)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T2 REG_DWORD 1214362934 (0x4861B536)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T2 REG_DWORD 1214360645 (0x4861AC45)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseTerminatesTime REG_DWORD 1214686934 (0x4866A6D6)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseTerminatesTime REG_DWORD 1214684645 (0x48669DE5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} DhcpRetryTime REG_DWORD 1295997 (0x13C67D)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} DhcpRetryTime REG_DWORD 1295998 (0x13C67E)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1212094934 (0x483F19D6)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1212092645 (0x483F10E5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T1 REG_DWORD 1213390934 (0x4852E056)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T1 REG_DWORD 1213388645 (0x4852D765)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T2 REG_DWORD 1214362934 (0x4861B536)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T2 REG_DWORD 1214360645 (0x4861AC45)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1214686934 (0x4866A6D6)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1214684645 (0x48669DE5)

Result compared: Different


===================== SUSPICIOUS FILES =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\

C:\WINDOWS\Nircmd.exe --> is compressed with UPX
C:\WINDOWS\swreg.exe --> is compressed with UPX
C:\WINDOWS\swsc.exe --> is compressed with UPX

==========================================
Scan completed in 1,1 minutes
End of report


~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work
0
Réponse 35 / 45
Utilisateur anonyme
29 mai 2008 à 23:26
Pourquoi tu postes en double ??

J'analyse et je reviens.
++
0
Réponse 36 / 45
Utilisateur anonyme
29 mai 2008 à 23:49
Re ,

*****************************************************************

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\


1)Télécharge OTMoveIt2 ( de Old Timer )

2)Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\94d4f9f9
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86959FE0-462B-4162-9ED9-402A78B7C9F9}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2750932-B7C1-4B2C-A2C9-32CA193D702E}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F43C3FF0-479C-495C-AA43-5275FA825372}
C:\upload_moi_ELMON.tar.gz
C:\VundoFix.txt
C:\resultat_clean.txt
C:\rapport_clean.txt
C:\ComboFix.txt
C:\TCleaner.txt
C:\Program Files\Malwarebytes' Anti-Malware
C:\Program Files\Alwil Software
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\94d4f9f9
Emptytemp





et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.


**************************************************************

Ouvre ce dossier et dis moi ce qu'il y a dedans :

C:\WINDOWS\jantje

**************************************************************

Télécharge HostsXpert


> Dézippe le sur le Bureau

> Clique sur "Restore MS Hosts File"

***************************************************************

A++
0
seb
30 mai 2008 à 00:15
je ne peut pas ouvrir le fichier C:\WINDOWS\jantje
dans C:\WINDOWS\ il y a plein de fichier $ntuninstallkb il sont ecrient en bleu??????

le logiciel hostxpert mais le message d'ereur suivant cannot create file C:\WINDOWS\systeme 32 \driver\etc\hosts

et pour finir voici le rapport que tu m'as demande

< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F} \\ not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200} \\ not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} \\ not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A} \\ not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} \\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\94d4f9f9 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\94d4f9f9 not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676} \\ not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86959FE0-462B-4162-9ED9-402A78B7C9F9} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86959FE0-462B-4162-9ED9-402A78B7C9F9} \\ not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2750932-B7C1-4B2C-A2C9-32CA193D702E} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2750932-B7C1-4B2C-A2C9-32CA193D702E} \\ not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F43C3FF0-479C-495C-AA43-5275FA825372} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F43C3FF0-479C-495C-AA43-5275FA825372} \\ not found.
C:\upload_moi_ELMON.tar.gz moved successfully.
C:\VundoFix.txt moved successfully.
C:\resultat_clean.txt moved successfully.
C:\rapport_clean.txt moved successfully.
C:\ComboFix.txt moved successfully.
C:\TCleaner.txt moved successfully.
C:\Program Files\Malwarebytes' Anti-Malware\Languages moved successfully.
C:\Program Files\Malwarebytes' Anti-Malware moved successfully.
C:\Program Files\Alwil Software moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\94d4f9f9 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\94d4f9f9 \\ not found.
< Emptytemp >
File delete failed. C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\WCESMgr.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05292008_235634

Files moved on Reboot...
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\WCESLog.log moved successfully.
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\WCESMgr.log moved successfully.
0
Réponse 37 / 45
seb
30 mai 2008 à 00:19
je ne sais pas si tu a vu mon autre message lorsque j'ouvre le gestionaire de tache j' ai le processeur qui tourne normalement
0
Réponse 38 / 45
seb
30 mai 2008 à 00:38
vous encore la tous les deux?

je ne suis pas chez moi jusqu'a dimanche soir peut on continuer dimanche
0
Réponse 39 / 45
sebdelily Messages postés 26 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 21 octobre 2009
30 mai 2008 à 00:43
je me suis inscri pour avoir un suivit sebdelily et mon nouveau pseudo
0
Réponse 40 / 45
Utilisateur anonyme
30 mai 2008 à 09:13
Re ,

Il reste encore des choses à faire ,,

Fais Démarrer et Exécuter.

Dans la fenêtre qui s'ouvre, tu copies/colles :

regedit /a C:\run.txt HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

puis OK.

Copie dans ta réponse C:\run.txt (en l'ouvrant avec le Bloc-notes).

****************************************************

Fais Démarrer et Exécuter.

Dans la fenêtre qui s'ouvre, tu copies/colles :

regedit /a C:\run.txt HKEY_LOCAL_MACHINE\~\Browser Helper Objects

puis OK.

Copie dans ta réponse C:\run.txt (en l'ouvrant avec le Bloc-notes).





********************

Va dans C:\_OtmoveIt\MovedfFile -> Supprime tout ce qu'il y a dedans.

Puis ,

Dans OtMoveIt , copie/colle cette ligne :


C:\WINDOWS\jantje


-> MoveIT !

poste le rapport.
A++


( 3 rapports )
0

Discussions similaires

[virus] infecté par trojan vundo
j-mi57 -
j-mi57 -

15 réponses