[résolu] gros problemes
Dernière réponse : dans Sécurité
voila depuis quelque temps mon ordi ne fonctionne plus très bien, j'ai beaucoup de pub qui s'affichent, et pas mal de bugs, je poste mon log hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 00:23:28, on 28/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab301...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{323C2F83-DEB0-40E0-96C8-8E0884B88EB3}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\o8nsli5718.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Nvpnprrtcu - NVIDIA Corporation - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
je sais vous aller me dire que j'ai deux anti virus que c'est pas bien mais je vais desinstaler antivirxp une fois que j'aurai fini mon post.
d'ailleur je l'ai fini ^^
merci d'avance pour votre aide
Logfile of HijackThis v1.99.1
Scan saved at 00:23:28, on 28/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab301...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{323C2F83-DEB0-40E0-96C8-8E0884B88EB3}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\o8nsli5718.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Nvpnprrtcu - NVIDIA Corporation - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
je sais vous aller me dire que j'ai deux anti virus que c'est pas bien mais je vais desinstaler antivirxp une fois que j'aurai fini mon post.
d'ailleur je l'ai fini ^^
merci d'avance pour votre aide
Autres pages sur : resolu gros problemes
Lassé par la pub ? Créez un compte
Bonsoir,
tu as une infection de type VX2.Look2Me très coriace (ligne O20)
Le prog L2Mfix permet généralement de l'éradiquer.
1/ Télécharge l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install
2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.
3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.
tu as une infection de type VX2.Look2Me très coriace (ligne O20)
Le prog L2Mfix permet généralement de l'éradiquer.
1/ Télécharge l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install
2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.
3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.
Voila le 1er raport :
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n66qlgj516o.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{30E07801-2AE2-58C0-6F06-3E3107151FD0}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Labtec Pictures"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{EBDF1F20-C829-11D1-8233-0020AF3E97A6}"="ATS Context Menu Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{5CF5DEEE-EF77-4FFC-82B2-327E557A2214}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5CF5DEEE-EF77-4FFC-82B2-327E557A2214}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5CF5DEEE-EF77-4FFC-82B2-327E557A2214}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5CF5DEEE-EF77-4FFC-82B2-327E557A2214}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5CF5DEEE-EF77-4FFC-82B2-327E557A2214}\InprocServer32]
@="C:\\WINDOWS\\system32\\kh1394.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est D808-0FA0
R‚pertoire de C:\WINDOWS\System32
28/10/2005 09:18 233ÿ499 guard.tmp
28/10/2005 00:23 235ÿ257 k0440ahqed4e0.dll
28/10/2005 00:20 233ÿ499 n66qlgj516o.dll
28/10/2005 00:16 233ÿ499 SJtrmFI.dll
27/10/2005 09:18 237ÿ220 jrt.dll
25/10/2005 15:03 234ÿ266 izrtprio.dll
25/10/2005 00:56 234ÿ604 i2lo0c33ef.dll
24/10/2005 19:11 <REP> dllcache
24/10/2005 11:19 290ÿ816 msnxpexe.exe
28/09/2005 21:55 401ÿ408 l?ass.exe
03/02/2005 20:40 <REP> Microsoft
9 fichier(s) 2ÿ334ÿ068 octets
2 R‚p(s) 4ÿ161ÿ650ÿ688 octets libres
le log hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 09:53:20, on 28/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\LVComS.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\winsecure.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Windowfdgfds DLL fgfdg Verifier] winsecure.exe
O4 - HKLM\..\RunServices: [Windowfdgfds DLL fgfdg Verifier] winsecure.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab301...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{323C2F83-DEB0-40E0-96C8-8E0884B88EB3}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Nvpnprrtcu - NVIDIA Corporation - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
je le trouve ou le 2em raport?![:oops:]( ":oops:")
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n66qlgj516o.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{30E07801-2AE2-58C0-6F06-3E3107151FD0}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Labtec Pictures"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{EBDF1F20-C829-11D1-8233-0020AF3E97A6}"="ATS Context Menu Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{5CF5DEEE-EF77-4FFC-82B2-327E557A2214}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5CF5DEEE-EF77-4FFC-82B2-327E557A2214}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5CF5DEEE-EF77-4FFC-82B2-327E557A2214}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5CF5DEEE-EF77-4FFC-82B2-327E557A2214}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5CF5DEEE-EF77-4FFC-82B2-327E557A2214}\InprocServer32]
@="C:\\WINDOWS\\system32\\kh1394.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est D808-0FA0
R‚pertoire de C:\WINDOWS\System32
28/10/2005 09:18 233ÿ499 guard.tmp
28/10/2005 00:23 235ÿ257 k0440ahqed4e0.dll
28/10/2005 00:20 233ÿ499 n66qlgj516o.dll
28/10/2005 00:16 233ÿ499 SJtrmFI.dll
27/10/2005 09:18 237ÿ220 jrt.dll
25/10/2005 15:03 234ÿ266 izrtprio.dll
25/10/2005 00:56 234ÿ604 i2lo0c33ef.dll
24/10/2005 19:11 <REP> dllcache
24/10/2005 11:19 290ÿ816 msnxpexe.exe
28/09/2005 21:55 401ÿ408 l?ass.exe
03/02/2005 20:40 <REP> Microsoft
9 fichier(s) 2ÿ334ÿ068 octets
2 R‚p(s) 4ÿ161ÿ650ÿ688 octets libres
le log hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 09:53:20, on 28/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\LVComS.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\winsecure.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Windowfdgfds DLL fgfdg Verifier] winsecure.exe
O4 - HKLM\..\RunServices: [Windowfdgfds DLL fgfdg Verifier] winsecure.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab301...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{323C2F83-DEB0-40E0-96C8-8E0884B88EB3}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Nvpnprrtcu - NVIDIA Corporation - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
je le trouve ou le 2em raport?
Salut,
L'infexion à l'air d'avoir été vaincue ! :-)
Il te reste quelques trucs à supprimer manuellement par contre.
Fais ceci :
1/ Redémarrer en mode sans échec
Redémarre l'ordinateur. Après les écritures du BIOS, appuyes sur F8 (ou F5 si F8 marche pas) pour arriver à un menu avec des écritures blanches sur un fond noir.
Dans ce menu, tu dois pouvoir choisir le mode sans échec (celà se passe avec les flèches et Entrée pour valider).
Le démarrage en mode sans échec est souvent relativement long. Si tu as des écritures blanches bizarres, ne t'inquiètes pas.
Prend juste ton mal en patience. ;-)
2/ Fixer des lignes
Relances HijackThis. Choisi Do a system scan only cette fois-ci.
Puis coche les lignes suivantes, et appuie sur Fix Checked.
O4 - HKLM\..\Run: [Windowfdgfds DLL fgfdg Verifier] winsecure.exe
O4 - HKLM\..\RunServices: [Windowfdgfds DLL fgfdg Verifier] winsecure.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Nvpnprrtcu - NVIDIA Corporation - (no file)
3/ Afficher tous les fichiers
Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage
Coche : Afficher les fichiers cachés
Décoche : Masquer les extensions des types connus
Décoche : Masquer les fichiers protégés du système d'exploitation
4/ Supprimer des services
Démarrer -> Exécuter -> services.msc
Trouve, arrête les s'ils sont démarrés, et désactive les services suivants :
Local Security Authority Subsystem Service (lsass)
Nvpnprrtcu
5/ Supprimer des fichiers
Supprime les fichiers / dossiers en gras suivants :
winsecure.exe
C:\WINDOWS\lsass.exe (pas celui dans C:\Windows\system32 !!!!!)
Les fichiers sans arborescence sont dans C:\Windows ou C:\Windows\system32.
Si tu ne les trouves pas dans C:\Windows ou C:\Windows\system32, fais une recherche avec Windows.
6/ Redémarrer normalement
Redémarre normalement l'ordinateur.
7/ Remettre la configuration de l'affichage des fichiers comme avant
Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage
Remet tout comme avant (si tu affichais déjà tous les fichiers, ne change rien).
Décoche : Afficher les fichiers cachés
Coche : Masquer les extensions des types connus
Coche : Masquer les fichiers protégés du système d'exploitation
8/ Nettoyer les traces avec CCleaner et Kaspersky
Fais des analyses avec CCleaner et Kaspersky.
Si tu ne sais pas utiliser Kaspersky :
- va ici (obligé d'utiliser IE)
- choisi Kaspersky Online Scanner
- dans la popup qui s'ouvre, choisi Accept
- là, il met à jour les définitions de virus
- il peut te demander d'accepter un ActiveX, accepte le, une fois que la mise à jour est finie
- clique sur Next
- puis clique sur My computer
- attend que le scan se réalise
- post ton log final
9/ Reposter un log
Relances HijackThis. Choisi Do a system scan and save a logfile.
Et repostes nous ton nouveau log en nous précisant les étapes que tu n'as pas réussi.
L'infexion à l'air d'avoir été vaincue ! :-)
Il te reste quelques trucs à supprimer manuellement par contre.
Fais ceci :
1/ Redémarrer en mode sans échec
Redémarre l'ordinateur. Après les écritures du BIOS, appuyes sur F8 (ou F5 si F8 marche pas) pour arriver à un menu avec des écritures blanches sur un fond noir.
Dans ce menu, tu dois pouvoir choisir le mode sans échec (celà se passe avec les flèches et Entrée pour valider).
Le démarrage en mode sans échec est souvent relativement long. Si tu as des écritures blanches bizarres, ne t'inquiètes pas.
Prend juste ton mal en patience. ;-)
2/ Fixer des lignes
Relances HijackThis. Choisi Do a system scan only cette fois-ci.
Puis coche les lignes suivantes, et appuie sur Fix Checked.
O4 - HKLM\..\Run: [Windowfdgfds DLL fgfdg Verifier] winsecure.exe
O4 - HKLM\..\RunServices: [Windowfdgfds DLL fgfdg Verifier] winsecure.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Nvpnprrtcu - NVIDIA Corporation - (no file)
3/ Afficher tous les fichiers
Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage
Coche : Afficher les fichiers cachés
Décoche : Masquer les extensions des types connus
Décoche : Masquer les fichiers protégés du système d'exploitation
4/ Supprimer des services
Démarrer -> Exécuter -> services.msc
Trouve, arrête les s'ils sont démarrés, et désactive les services suivants :
Local Security Authority Subsystem Service (lsass)
Nvpnprrtcu
5/ Supprimer des fichiers
Supprime les fichiers / dossiers en gras suivants :
winsecure.exe
C:\WINDOWS\lsass.exe (pas celui dans C:\Windows\system32 !!!!!)
Les fichiers sans arborescence sont dans C:\Windows ou C:\Windows\system32.
Si tu ne les trouves pas dans C:\Windows ou C:\Windows\system32, fais une recherche avec Windows.
6/ Redémarrer normalement
Redémarre normalement l'ordinateur.
7/ Remettre la configuration de l'affichage des fichiers comme avant
Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage
Remet tout comme avant (si tu affichais déjà tous les fichiers, ne change rien).
Décoche : Afficher les fichiers cachés
Coche : Masquer les extensions des types connus
Coche : Masquer les fichiers protégés du système d'exploitation
8/ Nettoyer les traces avec CCleaner et Kaspersky
Fais des analyses avec CCleaner et Kaspersky.
Si tu ne sais pas utiliser Kaspersky :
Citation :
Alors, pour le scan online de Kaspersky, fais ceci :- va ici (obligé d'utiliser IE)
- choisi Kaspersky Online Scanner
- dans la popup qui s'ouvre, choisi Accept
- là, il met à jour les définitions de virus
- il peut te demander d'accepter un ActiveX, accepte le, une fois que la mise à jour est finie
- clique sur Next
- puis clique sur My computer
- attend que le scan se réalise
- post ton log final
9/ Reposter un log
Relances HijackThis. Choisi Do a system scan and save a logfile.
Et repostes nous ton nouveau log en nous précisant les étapes que tu n'as pas réussi.
J'ai réussi toutes les étapes ![:)]( ":)")
Merci beaucoup pour votre aide !
Voila le log Kaspersky :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, October 28, 2005 11:35:32
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/10/2005
Kaspersky Anti-Virus database records: 147295
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 61848
Number of viruses found: 24
Number of infected objects: 76
Number of suspicious objects: 0
Duration of the scan process: 2380 sec
Infected Object Name - Virus Name
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/low.exe Infected: Trojan.Win32.LowZones.c
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x Infected: Trojan-Downloader.Win32.VB.rl
C:\low.exe Infected: Trojan.Win32.LowZones.c
C:\mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP1\A0002100.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP1\A0002101.exe Infected: Backdoor.Win32.Rbot.abh
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007476.exe Infected: Backdoor.Win32.IRCBot.hg
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007477.exe Infected: Backdoor.Win32.Rbot.aeu
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007697.dll Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007698.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008709.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008710.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008711.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008717.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008753.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008755.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008756.exe Infected: Trojan.Win32.LowZones.c
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008757.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008760.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008801.dll Infected: Trojan-Downloader.Win32.IstBar.ms
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008802.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/low.exe Infected: Trojan.Win32.LowZones.c
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008808.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008809.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008810.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008812.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008815.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008816.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008837.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008866.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008867.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008868.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008869.pif Infected: Backdoor.Win32.Rbot.agu
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008870.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008874.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP11\A0009069.dll Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP11\A0009070.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP5\A0003491.exe Infected: Backdoor.Win32.Rbot.adf
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP5\A0003760.exe Infected: Trojan-Downloader.Win32.Agent.xh
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP6\A0004875.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP7\A0006087.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP9\A0006252.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP9\A0006253.dll Infected: Trojan.Win32.EliteBar.f
C:\tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\WINDOWS\system32\jggdimap.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\msnxpexe.exe Infected: Backdoor.Win32.Rbot.gen
C:\WINDOWS\system32\winsecure.exe Infected: Backdoor.Win32.Rbot.gen
C:\xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\zxvcc73x.exe/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\zxvcc73x.exe/low.exe Infected: Trojan.Win32.LowZones.c
C:\zxvcc73x.exe/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\zxvcc73x.exe/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\zxvcc73x.exe Infected: Trojan-Downloader.Win32.VB.rl
D:\Program Files\TDS3\xDynamic\TDS.Unpk\musik.exe/email.exe Infected: not-virus:BadJoke.Win32.Enfin.a
D:\Program Files\TDS3\xDynamic\TDS.Unpk\musik.exe Infected: not-virus:BadJoke.Win32.Enfin.a
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 11:38:01, on 28/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab301...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{323C2F83-DEB0-40E0-96C8-8E0884B88EB3}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Merci beaucoup pour votre aide !
Voila le log Kaspersky :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, October 28, 2005 11:35:32
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/10/2005
Kaspersky Anti-Virus database records: 147295
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 61848
Number of viruses found: 24
Number of infected objects: 76
Number of suspicious objects: 0
Duration of the scan process: 2380 sec
Infected Object Name - Virus Name
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/low.exe Infected: Trojan.Win32.LowZones.c
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x Infected: Trojan-Downloader.Win32.VB.rl
C:\low.exe Infected: Trojan.Win32.LowZones.c
C:\mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP1\A0002100.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP1\A0002101.exe Infected: Backdoor.Win32.Rbot.abh
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007476.exe Infected: Backdoor.Win32.IRCBot.hg
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007477.exe Infected: Backdoor.Win32.Rbot.aeu
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007697.dll Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007698.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008709.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008710.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008711.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008717.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008753.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008755.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008756.exe Infected: Trojan.Win32.LowZones.c
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008757.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008760.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008801.dll Infected: Trojan-Downloader.Win32.IstBar.ms
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008802.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/low.exe Infected: Trojan.Win32.LowZones.c
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008808.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008809.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008810.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008812.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008815.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008816.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008837.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008866.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008867.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008868.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008869.pif Infected: Backdoor.Win32.Rbot.agu
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008870.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008874.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP11\A0009069.dll Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP11\A0009070.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP5\A0003491.exe Infected: Backdoor.Win32.Rbot.adf
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP5\A0003760.exe Infected: Trojan-Downloader.Win32.Agent.xh
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP6\A0004875.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP7\A0006087.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP9\A0006252.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP9\A0006253.dll Infected: Trojan.Win32.EliteBar.f
C:\tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\WINDOWS\system32\jggdimap.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\msnxpexe.exe Infected: Backdoor.Win32.Rbot.gen
C:\WINDOWS\system32\winsecure.exe Infected: Backdoor.Win32.Rbot.gen
C:\xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\zxvcc73x.exe/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\zxvcc73x.exe/low.exe Infected: Trojan.Win32.LowZones.c
C:\zxvcc73x.exe/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\zxvcc73x.exe/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\zxvcc73x.exe Infected: Trojan-Downloader.Win32.VB.rl
D:\Program Files\TDS3\xDynamic\TDS.Unpk\musik.exe/email.exe Infected: not-virus:BadJoke.Win32.Enfin.a
D:\Program Files\TDS3\xDynamic\TDS.Unpk\musik.exe Infected: not-virus:BadJoke.Win32.Enfin.a
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 11:38:01, on 28/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab301...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{323C2F83-DEB0-40E0-96C8-8E0884B88EB3}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
J'ai réussi toutes les étapes ![:)]( ":)")
Merci beaucoup pour votre aide !
Voila le log Kaspersky :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, October 28, 2005 11:35:32
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/10/2005
Kaspersky Anti-Virus database records: 147295
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 61848
Number of viruses found: 24
Number of infected objects: 76
Number of suspicious objects: 0
Duration of the scan process: 2380 sec
Infected Object Name - Virus Name
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/low.exe Infected: Trojan.Win32.LowZones.c
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x Infected: Trojan-Downloader.Win32.VB.rl
C:\low.exe Infected: Trojan.Win32.LowZones.c
C:\mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP1\A0002100.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP1\A0002101.exe Infected: Backdoor.Win32.Rbot.abh
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007476.exe Infected: Backdoor.Win32.IRCBot.hg
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007477.exe Infected: Backdoor.Win32.Rbot.aeu
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007697.dll Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007698.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008709.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008710.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008711.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008717.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008753.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008755.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008756.exe Infected: Trojan.Win32.LowZones.c
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008757.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008760.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008801.dll Infected: Trojan-Downloader.Win32.IstBar.ms
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008802.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/low.exe Infected: Trojan.Win32.LowZones.c
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008808.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008809.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008810.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008812.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008815.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008816.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008837.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008866.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008867.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008868.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008869.pif Infected: Backdoor.Win32.Rbot.agu
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008870.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008874.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP11\A0009069.dll Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP11\A0009070.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP5\A0003491.exe Infected: Backdoor.Win32.Rbot.adf
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP5\A0003760.exe Infected: Trojan-Downloader.Win32.Agent.xh
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP6\A0004875.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP7\A0006087.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP9\A0006252.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP9\A0006253.dll Infected: Trojan.Win32.EliteBar.f
C:\tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\WINDOWS\system32\jggdimap.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\msnxpexe.exe Infected: Backdoor.Win32.Rbot.gen
C:\WINDOWS\system32\winsecure.exe Infected: Backdoor.Win32.Rbot.gen
C:\xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\zxvcc73x.exe/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\zxvcc73x.exe/low.exe Infected: Trojan.Win32.LowZones.c
C:\zxvcc73x.exe/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\zxvcc73x.exe/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\zxvcc73x.exe Infected: Trojan-Downloader.Win32.VB.rl
D:\Program Files\TDS3\xDynamic\TDS.Unpk\musik.exe/email.exe Infected: not-virus:BadJoke.Win32.Enfin.a
D:\Program Files\TDS3\xDynamic\TDS.Unpk\musik.exe Infected: not-virus:BadJoke.Win32.Enfin.a
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 11:38:01, on 28/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab301...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{323C2F83-DEB0-40E0-96C8-8E0884B88EB3}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Merci beaucoup pour votre aide !
Voila le log Kaspersky :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, October 28, 2005 11:35:32
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/10/2005
Kaspersky Anti-Virus database records: 147295
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 61848
Number of viruses found: 24
Number of infected objects: 76
Number of suspicious objects: 0
Duration of the scan process: 2380 sec
Infected Object Name - Virus Name
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/low.exe Infected: Trojan.Win32.LowZones.c
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Q03U86W\yes[1].x Infected: Trojan-Downloader.Win32.VB.rl
C:\low.exe Infected: Trojan.Win32.LowZones.c
C:\mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP1\A0002100.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP1\A0002101.exe Infected: Backdoor.Win32.Rbot.abh
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007476.exe Infected: Backdoor.Win32.IRCBot.hg
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007477.exe Infected: Backdoor.Win32.Rbot.aeu
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007697.dll Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0007698.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008709.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008710.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008711.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008717.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008753.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008755.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008756.exe Infected: Trojan.Win32.LowZones.c
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008757.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008758.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008760.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008801.dll Infected: Trojan-Downloader.Win32.IstBar.ms
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008802.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/low.exe Infected: Trojan.Win32.LowZones.c
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008806.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008808.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008809.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008810.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008812.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008815.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008816.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008837.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008866.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008867.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008868.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008869.pif Infected: Backdoor.Win32.Rbot.agu
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008870.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP10\A0008874.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP11\A0009069.dll Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP11\A0009070.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP5\A0003491.exe Infected: Backdoor.Win32.Rbot.adf
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP5\A0003760.exe Infected: Trojan-Downloader.Win32.Agent.xh
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP6\A0004875.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP7\A0006087.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP9\A0006252.exe Infected: Trojan.Win32.EliteBar.f
C:\System Volume Information\_restore{0A11E083-45C1-4152-A555-AA10956A474C}\RP9\A0006253.dll Infected: Trojan.Win32.EliteBar.f
C:\tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\WINDOWS\system32\jggdimap.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\msnxpexe.exe Infected: Backdoor.Win32.Rbot.gen
C:\WINDOWS\system32\winsecure.exe Infected: Backdoor.Win32.Rbot.gen
C:\xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\zxvcc73x.exe/is.exe Infected: Trojan-Downloader.Win32.ConHook.n
C:\zxvcc73x.exe/low.exe Infected: Trojan.Win32.LowZones.c
C:\zxvcc73x.exe/xe.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\zxvcc73x.exe/tb.exe/tb.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/tb.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/tb.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\zxvcc73x.exe/mmxateam.exe Infected: Trojan-Downloader.Win32.VB.rl
C:\zxvcc73x.exe Infected: Trojan-Downloader.Win32.VB.rl
D:\Program Files\TDS3\xDynamic\TDS.Unpk\musik.exe/email.exe Infected: not-virus:BadJoke.Win32.Enfin.a
D:\Program Files\TDS3\xDynamic\TDS.Unpk\musik.exe Infected: not-virus:BadJoke.Win32.Enfin.a
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 11:38:01, on 28/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab301...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{323C2F83-DEB0-40E0-96C8-8E0884B88EB3}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
vide ce dossier (sauf index.dat) :
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\
Supprime ces fichiers et/ou dossiers suivants :
C:\low.exe
C:\mmxateam.exe
C:\tb.exe
C:\WINDOWS\system32\jggdimap.exe
C:\WINDOWS\system32\msnxpexe.exe
C:\WINDOWS\system32\winsecure.exe
C:\xe.exe
C:\zxvcc73x.exe
D:\Program Files\TDS3\xDynamic\TDS.Unpk\musik.exe
Les virus localisés dans C:\System Volume Information\_restore{...
sont dans les points de restauration du système donc :
Désactive la restauration du système pour supprimer ces points de restauration (clic droit sur poste de travail/propriétés/restauration du système/cocher la case : désactiver la restauration du système)
puis réactive-la
As-tu encore des popups intempestifs ?
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\
Supprime ces fichiers et/ou dossiers suivants :
C:\low.exe
C:\mmxateam.exe
C:\tb.exe
C:\WINDOWS\system32\jggdimap.exe
C:\WINDOWS\system32\msnxpexe.exe
C:\WINDOWS\system32\winsecure.exe
C:\xe.exe
C:\zxvcc73x.exe
D:\Program Files\TDS3\xDynamic\TDS.Unpk\musik.exe
Les virus localisés dans C:\System Volume Information\_restore{...
sont dans les points de restauration du système donc :
Désactive la restauration du système pour supprimer ces points de restauration (clic droit sur poste de travail/propriétés/restauration du système/cocher la case : désactiver la restauration du système)
puis réactive-la
As-tu encore des popups intempestifs ?
Lassé par la pub ? Créez un compte
- Contenus similaires :
