[résolu] analyse log hijackthis
Dernière réponse : dans Sécurité
Salut a tous !
J'ai un soucis depuis 2 jours :
ouverture de page internet intempestive + apparition d'icones sur mon bureau de temps en temps.
Après avoir cherché sur google, je suis tombé sur le message de quelqu'un qui avait le meme problème. J'ai suivi les conseils que vous lui aviez donné :
scan avec ad-aware
scan avec spybot
scan avec hijackthis
Mon problème est le suivant :
je comprend pas grand chose au log de hijackthis.
Si quelqu'un pouvez me filer un coup de main. D'avance merci![:)]( ":)")
Scan saved at 10:20:29, on 03/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\cytob.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\NICOLAS\Logiciels\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] lsass32.exe
O4 - HKLM\..\RunServices: [[Win Xp] Personal builtin Firewall] winrdms32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\RunServices: [[Win Xp] Personal builtin Firewall] winrdms32.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A4061F9-076E-4DE5-A037-631BB2544D95}: NameServer =
212.27.32.176,212.27.32.177
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\lv8m09l1e.dll
O23 - Service: aim.ex - Unknown owner - C:\WINDOWS\iexplorer.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. -
C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WindowsSysBoot - Unknown owner - C:\WINDOWS\cytob.exe
J'ai un soucis depuis 2 jours :
ouverture de page internet intempestive + apparition d'icones sur mon bureau de temps en temps.
Après avoir cherché sur google, je suis tombé sur le message de quelqu'un qui avait le meme problème. J'ai suivi les conseils que vous lui aviez donné :
scan avec ad-aware
scan avec spybot
scan avec hijackthis
Mon problème est le suivant :
je comprend pas grand chose au log de hijackthis.
Si quelqu'un pouvez me filer un coup de main. D'avance merci
Citation :
Logfile of HijackThis v1.99.1Scan saved at 10:20:29, on 03/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\cytob.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\NICOLAS\Logiciels\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] lsass32.exe
O4 - HKLM\..\RunServices: [[Win Xp] Personal builtin Firewall] winrdms32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\RunServices: [[Win Xp] Personal builtin Firewall] winrdms32.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A4061F9-076E-4DE5-A037-631BB2544D95}: NameServer =
212.27.32.176,212.27.32.177
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\lv8m09l1e.dll
O23 - Service: aim.ex - Unknown owner - C:\WINDOWS\iexplorer.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. -
C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WindowsSysBoot - Unknown owner - C:\WINDOWS\cytob.exe
Autres pages sur : resolu analyse log hijackthis
Lassé par la pub ? Créez un compte
Salut,
Tu as encore quelques merdes, dont une infection Look 2 Me.
1/ Redémarrer en mode sans échec
Redémarre l'ordinateur. Après les écritures du BIOS, appuyes sur F8 (ou F5 si F8 marche pas) pour arriver à un menu avec des écritures blanches sur un fond noir.
Dans ce menu, tu dois pouvoir choisir le mode sans échec (celà se passe avec les flèches et Entrée pour valider).
Le démarrage en mode sans échec est souvent relativement long. Si tu as des écritures blanches bizarres, ne t'inquiètes pas.
Prend juste ton mal en patience. ;-)
2/ Fixer des lignes
Relances HijackThis. Choisi Do a system scan only cette fois-ci.
Puis coche les lignes suivantes, et appuie sur Fix Checked.
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] lsass32.exe
O4 - HKLM\..\RunServices: [[Win Xp] Personal builtin Firewall] winrdms32.exe
O4 - HKCU\..\RunServices: [[Win Xp] Personal builtin Firewall] winrdms32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: aim.ex - Unknown owner - C:\WINDOWS\iexplorer.exe (file missing)
O23 - Service: WindowsSysBoot - Unknown owner - C:\WINDOWS\cytob.exe
3/ Afficher tous les fichiers
Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage
Coche : Afficher les fichiers cachés
Décoche : Masquer les extensions des types connus
Décoche : Masquer les fichiers protégés du système d'exploitation
4/ Supprimer des services
Démarrer -> Exécuter -> services.msc
Trouve, arrête les s'ils sont démarrés, et désactive les services suivants :
aim.ex
WindowsSysBoot
6/ Supprimer des fichiers
Supprime les fichiers / dossiers en gras suivants :
lsass32.exe
winrdms32.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\cytob.exe
Les fichiers sans arborescence sont dans C:\Windows ou C:\Windows\system32.
Si tu ne les trouves pas dans C:\Windows ou C:\Windows\system32, fais une recherche avec Windows.
7/ Redémarrer normalement
Redémarre normalement l'ordinateur.
8/ Remettre la configuration de l'affichage des fichiers comme avant
Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage
Remet tout comme avant (si tu affichais déjà tous les fichiers, ne change rien).
Décoche : Afficher les fichiers cachés
Coche : Masquer les extensions des types connus
Coche : Masquer les fichiers protégés du système d'exploitation
9/ Nettoyer les traces avec CCleaner et Kaspersky
Fais des analyses avec CCleaner et Kaspersky.
Si tu ne sais pas utiliser Kaspersky :
- va ici (obligé d'utiliser IE)
- choisi Kaspersky Online Scanner
- dans la popup qui s'ouvre, choisi Accept
- là, il met à jour les définitions de virus
- il peut te demander d'accepter un ActiveX, accepte le, une fois que la mise à jour est finie
- clique sur Next
- puis clique sur My computer
- attend que le scan se réalise
- post ton log final
10/ Reposter un log
Relances HijackThis. Choisi Do a system scan and save a logfile.
Et repostes nous ton nouveau log en nous précisant les étapes que tu n'as pas réussi.
-------------------------------
1/ Télécharge l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install
2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.
3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.
Tu as encore quelques merdes, dont une infection Look 2 Me.
1/ Redémarrer en mode sans échec
Redémarre l'ordinateur. Après les écritures du BIOS, appuyes sur F8 (ou F5 si F8 marche pas) pour arriver à un menu avec des écritures blanches sur un fond noir.
Dans ce menu, tu dois pouvoir choisir le mode sans échec (celà se passe avec les flèches et Entrée pour valider).
Le démarrage en mode sans échec est souvent relativement long. Si tu as des écritures blanches bizarres, ne t'inquiètes pas.
Prend juste ton mal en patience. ;-)
2/ Fixer des lignes
Relances HijackThis. Choisi Do a system scan only cette fois-ci.
Puis coche les lignes suivantes, et appuie sur Fix Checked.
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] lsass32.exe
O4 - HKLM\..\RunServices: [[Win Xp] Personal builtin Firewall] winrdms32.exe
O4 - HKCU\..\RunServices: [[Win Xp] Personal builtin Firewall] winrdms32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: aim.ex - Unknown owner - C:\WINDOWS\iexplorer.exe (file missing)
O23 - Service: WindowsSysBoot - Unknown owner - C:\WINDOWS\cytob.exe
3/ Afficher tous les fichiers
Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage
Coche : Afficher les fichiers cachés
Décoche : Masquer les extensions des types connus
Décoche : Masquer les fichiers protégés du système d'exploitation
4/ Supprimer des services
Démarrer -> Exécuter -> services.msc
Trouve, arrête les s'ils sont démarrés, et désactive les services suivants :
aim.ex
WindowsSysBoot
6/ Supprimer des fichiers
Supprime les fichiers / dossiers en gras suivants :
lsass32.exe
winrdms32.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\cytob.exe
Les fichiers sans arborescence sont dans C:\Windows ou C:\Windows\system32.
Si tu ne les trouves pas dans C:\Windows ou C:\Windows\system32, fais une recherche avec Windows.
7/ Redémarrer normalement
Redémarre normalement l'ordinateur.
8/ Remettre la configuration de l'affichage des fichiers comme avant
Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage
Remet tout comme avant (si tu affichais déjà tous les fichiers, ne change rien).
Décoche : Afficher les fichiers cachés
Coche : Masquer les extensions des types connus
Coche : Masquer les fichiers protégés du système d'exploitation
9/ Nettoyer les traces avec CCleaner et Kaspersky
Fais des analyses avec CCleaner et Kaspersky.
Si tu ne sais pas utiliser Kaspersky :
Citation :
Alors, pour le scan online de Kaspersky, fais ceci :- va ici (obligé d'utiliser IE)
- choisi Kaspersky Online Scanner
- dans la popup qui s'ouvre, choisi Accept
- là, il met à jour les définitions de virus
- il peut te demander d'accepter un ActiveX, accepte le, une fois que la mise à jour est finie
- clique sur Next
- puis clique sur My computer
- attend que le scan se réalise
- post ton log final
10/ Reposter un log
Relances HijackThis. Choisi Do a system scan and save a logfile.
Et repostes nous ton nouveau log en nous précisant les étapes que tu n'as pas réussi.
-------------------------------
Citation :
1/ Télécharge l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install
2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.
3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.
voila, j'ai fait tout ce que tu as dit. Voici mon nouveau log d'hijackthis :
Scan saved at 14:48:54, on 05/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
C:\NICOLAS\Logiciels\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A4061F9-076E-4DE5-A037-631BB2544D95}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\n6p4lg7q16.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
encore quelque chose qui va pas ?
Citation :
Logfile of HijackThis v1.99.1Scan saved at 14:48:54, on 05/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
C:\NICOLAS\Logiciels\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A4061F9-076E-4DE5-A037-631BB2544D95}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\n6p4lg7q16.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
encore quelque chose qui va pas ?
Bonsoir,
l'infection VX2.Look2Me a résisté.
Refais cette manip et poste bien les 2 rapports de l2mfix.
1/ Télécharge l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install
2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.
3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.
l'infection VX2.Look2Me a résisté.
Refais cette manip et poste bien les 2 rapports de l2mfix.
1/ Télécharge l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install
2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.
3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.
Voila j'ai suivi toute la marche a suivre :
Le premier rapport de l2mfix :
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en48l1hu1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AE2D2B9F-7CD2-F2BD-1273-BF0A090EB6BC}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}"=""
"{0B95AC8B-7A36-4B73-9C98-52CAF7D285DF}"=""
"{4FEDDAB3-3552-4E4B-A1FE-28621F862706}"=""
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}\InprocServer32]
@="C:\\WINDOWS\\system32\\myvcrt20.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{4FEDDAB3-3552-4E4B-A1FE-28621F862706}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4FEDDAB3-3552-4E4B-A1FE-28621F862706}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4FEDDAB3-3552-4E4B-A1FE-28621F862706}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4FEDDAB3-3552-4E4B-A1FE-28621F862706}\InprocServer32]
@="C:\\WINDOWS\\system32\\idctl.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
ivsecsnp.dll Sun 30 Oct 2005 17:16:50 ..S.R 235 117 229,61 K
mjiwave.dll Sat 5 Nov 2005 13:25:28 ..S.R 236 568 231,02 K
hpink.dll Sun 30 Oct 2005 17:22:50 ..S.R 235 117 229,61 K
cjmodem.dll Sun 30 Oct 2005 17:44:58 ..S.R 235 651 230,13 K
kurnel32.dll Sun 30 Oct 2005 20:06:18 ..S.R 235 117 229,61 K
pmwave.dll Sun 30 Oct 2005 20:32:38 ..S.R 235 651 230,13 K
koddv.dll Sun 30 Oct 2005 20:46:40 ..S.R 235 117 229,61 K
dzcprop2.dll Sun 30 Oct 2005 21:06:54 ..S.R 235 707 230,18 K
pdofmap.dll Wed 2 Nov 2005 12:34:10 ..S.R 235 117 229,61 K
wvi.dll Wed 2 Nov 2005 14:45:54 ..S.R 236 568 231,02 K
adcups.dll Wed 2 Nov 2005 15:04:12 ..S.R 236 568 231,02 K
kidcan.dll Sat 5 Nov 2005 13:19:08 ..S.R 233 748 228,27 K
etent97.dll Fri 4 Nov 2005 20:55:34 ..S.R 236 568 231,02 K
myvcirt.dll Fri 4 Nov 2005 18:57:56 ..S.R 236 568 231,02 K
lv4u09~1.dll Thu 3 Nov 2005 10:31:12 ..S.R 236 568 231,02 K
en8ul1~1.dll Wed 2 Nov 2005 14:45:54 ..S.R 234 238 228,75 K
enl6l1~1.dll Fri 4 Nov 2005 20:39:32 ..S.R 236 568 231,02 K
qbsname.dll Fri 4 Nov 2005 21:02:54 ..S.R 236 568 231,02 K
idctl.dll Tue 8 Nov 2005 12:24:38 ..S.R 233 865 228,38 K
hrn805~1.dll Sat 5 Nov 2005 13:23:14 ..S.R 233 748 228,27 K
fp2003~1.dll Fri 4 Nov 2005 20:45:24 ..S.R 236 568 231,02 K
hr2u05~1.dll Wed 2 Nov 2005 17:53:50 ..S.R 236 782 231,23 K
jqvacypt.dll Sat 5 Nov 2005 13:36:00 ..S.R 236 568 231,02 K
en48l1~1.dll Sun 6 Nov 2005 17:01:14 ..S.R 233 865 228,38 K
egbycdio.dll Sun 6 Nov 2005 16:52:12 ..S.R 233 865 228,38 K
lv8209~1.dll Sun 6 Nov 2005 17:56:10 ..S.R 236 568 231,02 K
g4220e~1.dll Fri 4 Nov 2005 20:52:58 ..S.R 236 568 231,02 K
27 items found: 27 files (27 H/S), 0 directories.
Total of file sizes: 6 361 521 bytes 6,07 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle WINDAUBE
Le num‚ro de s‚rie du volume est 2413-EC8F
R‚pertoire de C:\WINDOWS\System32
08/11/2005 12:24 233ÿ865 idctl.dll
06/11/2005 17:56 236ÿ568 lv8209loe.dll
06/11/2005 17:01 233ÿ865 en48l1hu1.dll
06/11/2005 16:52 233ÿ865 EgbyCDIO.dll
05/11/2005 13:36 236ÿ568 jQvacypt.dll
05/11/2005 13:25 236ÿ568 mjiwave.dll
05/11/2005 13:23 233ÿ748 hrn8055ue.dll
05/11/2005 13:19 233ÿ748 kidcan.dll
04/11/2005 21:02 236ÿ568 qbsname.dll
04/11/2005 20:55 236ÿ568 etent97.dll
04/11/2005 20:52 236ÿ568 g4220efoeh2c0.dll
04/11/2005 20:45 236ÿ568 fp2003fme.dll
04/11/2005 20:39 236ÿ568 enl6l13s1.dll
04/11/2005 18:57 236ÿ568 myvcirt.dll
03/11/2005 10:31 236ÿ568 lv4u09h9e.dll
02/11/2005 17:53 236ÿ782 hr2u05f9e.dll
02/11/2005 15:04 236ÿ568 adcups.dll
02/11/2005 14:45 236ÿ568 wvi.dll
02/11/2005 14:45 234ÿ238 en8ul1l91.dll
02/11/2005 12:34 235ÿ117 pdofmap.dll
30/10/2005 21:06 235ÿ707 dzcprop2.dll
30/10/2005 20:46 235ÿ117 koddv.dll
30/10/2005 20:32 235ÿ651 pmwave.dll
30/10/2005 20:06 235ÿ117 kurnel32.dll
30/10/2005 17:44 235ÿ651 cjmodem.dll
30/10/2005 17:22 235ÿ117 hpink.dll
30/10/2005 17:16 235ÿ117 ivsecsnp.dll
08/06/2005 17:40 7ÿ168 Thumbs.db
12/04/2005 22:04 <REP> Microsoft
12/04/2005 21:25 <REP> dllcache
28 fichier(s) 6ÿ368ÿ689 octets
2 R‚p(s) 861ÿ200ÿ384 octets libres
Le second rapport de l2mfix :
Running From:
C:\Documents and Settings\nico\Bureau\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting up for Reboot
Starting Reboot!
Setting Directory
C:\Documents and Settings\nico\Bureau\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\nico\Bureau\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1444 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 472 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\adcups.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\cjmodem.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\dzcprop2.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\EgbyCDIO.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\en8ul1l91.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\enl6l13s1.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\etent97.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\fp2003fme.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\g4220efoeh2c0.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\hpink.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\hr2u05f9e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\hrn8055ue.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\idctl.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\ivsecsnp.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\jQvacypt.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\kidcan.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\koddv.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\kurnel32.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\lv4u09h9e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\lv8209loe.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\mjiwave.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\mxise.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\myvcirt.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\pdofmap.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\pmwave.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\qbsname.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\wvi.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: C:\WINDOWS\system32\adcups.dll
Successfully Deleted: C:\WINDOWS\system32\adcups.dll
deleting: C:\WINDOWS\system32\cjmodem.dll
Successfully Deleted: C:\WINDOWS\system32\cjmodem.dll
deleting: C:\WINDOWS\system32\dzcprop2.dll
Successfully Deleted: C:\WINDOWS\system32\dzcprop2.dll
deleting: C:\WINDOWS\system32\EgbyCDIO.dll
Successfully Deleted: C:\WINDOWS\system32\EgbyCDIO.dll
deleting: C:\WINDOWS\system32\en8ul1l91.dll
Successfully Deleted: C:\WINDOWS\system32\en8ul1l91.dll
deleting: C:\WINDOWS\system32\enl6l13s1.dll
Successfully Deleted: C:\WINDOWS\system32\enl6l13s1.dll
deleting: C:\WINDOWS\system32\etent97.dll
Successfully Deleted: C:\WINDOWS\system32\etent97.dll
deleting: C:\WINDOWS\system32\fp2003fme.dll
Successfully Deleted: C:\WINDOWS\system32\fp2003fme.dll
deleting: C:\WINDOWS\system32\g4220efoeh2c0.dll
Successfully Deleted: C:\WINDOWS\system32\g4220efoeh2c0.dll
deleting: C:\WINDOWS\system32\hpink.dll
Successfully Deleted: C:\WINDOWS\system32\hpink.dll
deleting: C:\WINDOWS\system32\hr2u05f9e.dll
Successfully Deleted: C:\WINDOWS\system32\hr2u05f9e.dll
deleting: C:\WINDOWS\system32\hrn8055ue.dll
Successfully Deleted: C:\WINDOWS\system32\hrn8055ue.dll
deleting: C:\WINDOWS\system32\idctl.dll
Successfully Deleted: C:\WINDOWS\system32\idctl.dll
deleting: C:\WINDOWS\system32\ivsecsnp.dll
Successfully Deleted: C:\WINDOWS\system32\ivsecsnp.dll
deleting: C:\WINDOWS\system32\jQvacypt.dll
Successfully Deleted: C:\WINDOWS\system32\jQvacypt.dll
deleting: C:\WINDOWS\system32\kidcan.dll
Successfully Deleted: C:\WINDOWS\system32\kidcan.dll
deleting: C:\WINDOWS\system32\koddv.dll
Successfully Deleted: C:\WINDOWS\system32\koddv.dll
deleting: C:\WINDOWS\system32\kurnel32.dll
Successfully Deleted: C:\WINDOWS\system32\kurnel32.dll
deleting: C:\WINDOWS\system32\lv4u09h9e.dll
Successfully Deleted: C:\WINDOWS\system32\lv4u09h9e.dll
deleting: C:\WINDOWS\system32\lv8209loe.dll
Successfully Deleted: C:\WINDOWS\system32\lv8209loe.dll
deleting: C:\WINDOWS\system32\mjiwave.dll
Successfully Deleted: C:\WINDOWS\system32\mjiwave.dll
deleting: C:\WINDOWS\system32\mxise.dll
Successfully Deleted: C:\WINDOWS\system32\mxise.dll
deleting: C:\WINDOWS\system32\myvcirt.dll
Successfully Deleted: C:\WINDOWS\system32\myvcirt.dll
deleting: C:\WINDOWS\system32\pdofmap.dll
Successfully Deleted: C:\WINDOWS\system32\pdofmap.dll
deleting: C:\WINDOWS\system32\pmwave.dll
Successfully Deleted: C:\WINDOWS\system32\pmwave.dll
deleting: C:\WINDOWS\system32\qbsname.dll
Successfully Deleted: C:\WINDOWS\system32\qbsname.dll
deleting: C:\WINDOWS\system32\wvi.dll
Successfully Deleted: C:\WINDOWS\system32\wvi.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: adcups.dll (deflated 5%)
adding: cjmodem.dll (deflated 5%)
adding: dzcprop2.dll (deflated 5%)
adding: EgbyCDIO.dll (deflated 4%)
adding: en8ul1l91.dll (deflated 4%)
adding: enl6l13s1.dll (deflated 5%)
adding: etent97.dll (deflated 5%)
adding: fp2003fme.dll (deflated 5%)
adding: g4220efoeh2c0.dll (deflated 5%)
adding: hpink.dll (deflated 5%)
adding: hr2u05f9e.dll (deflated 5%)
adding: hrn8055ue.dll (deflated 4%)
adding: idctl.dll (deflated 4%)
adding: ivsecsnp.dll (deflated 5%)
adding: jQvacypt.dll (deflated 5%)
adding: kidcan.dll (deflated 4%)
adding: koddv.dll (deflated 5%)
adding: kurnel32.dll (deflated 5%)
adding: lv4u09h9e.dll (deflated 5%)
adding: lv8209loe.dll (deflated 5%)
adding: mjiwave.dll (deflated 5%)
adding: mxise.dll (deflated 4%)
adding: myvcirt.dll (deflated 5%)
adding: pdofmap.dll (deflated 5%)
adding: pmwave.dll (deflated 5%)
adding: qbsname.dll (deflated 5%)
adding: wvi.dll (deflated 5%)
adding: guard.tmp (deflated 4%)
adding: echo.reg (deflated 12%)
adding: clear.reg (deflated 46%)
adding: desktop.ini (stored 0%)
adding: readme.txt (deflated 52%)
adding: direct.txt (stored 0%)
adding: report.txt (deflated 66%)
adding: lo2.txt (deflated 84%)
adding: test2.txt (deflated 26%)
adding: test3.txt (deflated 26%)
adding: test5.txt (deflated 26%)
adding: test.txt (deflated 81%)
adding: xfind.txt (deflated 75%)
adding: backregs/notibac.reg (deflated 87%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/27298D24-4E86-48C0-BC5A-62BDCF80CCC8.reg (deflated 69%)
adding: backregs/4FEDDAB3-3552-4E4B-A1FE-28621F862706.reg (deflated 70%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
Restoring Windows Update Certificates.:
deleting local copy: adcups.dll
deleting local copy: cjmodem.dll
deleting local copy: dzcprop2.dll
deleting local copy: EgbyCDIO.dll
deleting local copy: en8ul1l91.dll
deleting local copy: enl6l13s1.dll
deleting local copy: etent97.dll
deleting local copy: fp2003fme.dll
deleting local copy: g4220efoeh2c0.dll
deleting local copy: hpink.dll
deleting local copy: hr2u05f9e.dll
deleting local copy: hrn8055ue.dll
deleting local copy: idctl.dll
deleting local copy: ivsecsnp.dll
deleting local copy: jQvacypt.dll
deleting local copy: kidcan.dll
deleting local copy: koddv.dll
deleting local copy: kurnel32.dll
deleting local copy: lv4u09h9e.dll
deleting local copy: lv8209loe.dll
deleting local copy: mjiwave.dll
deleting local copy: mxise.dll
deleting local copy: myvcirt.dll
deleting local copy: pdofmap.dll
deleting local copy: pmwave.dll
deleting local copy: qbsname.dll
deleting local copy: wvi.dll
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\adcups.dll
C:\WINDOWS\system32\cjmodem.dll
C:\WINDOWS\system32\dzcprop2.dll
C:\WINDOWS\system32\EgbyCDIO.dll
C:\WINDOWS\system32\en8ul1l91.dll
C:\WINDOWS\system32\enl6l13s1.dll
C:\WINDOWS\system32\etent97.dll
C:\WINDOWS\system32\fp2003fme.dll
C:\WINDOWS\system32\g4220efoeh2c0.dll
C:\WINDOWS\system32\hpink.dll
C:\WINDOWS\system32\hr2u05f9e.dll
C:\WINDOWS\system32\hrn8055ue.dll
C:\WINDOWS\system32\idctl.dll
C:\WINDOWS\system32\ivsecsnp.dll
C:\WINDOWS\system32\jQvacypt.dll
C:\WINDOWS\system32\kidcan.dll
C:\WINDOWS\system32\koddv.dll
C:\WINDOWS\system32\kurnel32.dll
C:\WINDOWS\system32\lv4u09h9e.dll
C:\WINDOWS\system32\lv8209loe.dll
C:\WINDOWS\system32\mjiwave.dll
C:\WINDOWS\system32\mxise.dll
C:\WINDOWS\system32\myvcirt.dll
C:\WINDOWS\system32\pdofmap.dll
C:\WINDOWS\system32\pmwave.dll
C:\WINDOWS\system32\qbsname.dll
C:\WINDOWS\system32\wvi.dll
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}"=-
"{0B95AC8B-7A36-4B73-9C98-52CAF7D285DF}"=-
"{4FEDDAB3-3552-4E4B-A1FE-28621F862706}"=-
[-HKEY_CLASSES_ROOT\CLSID\{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}]
[-HKEY_CLASSES_ROOT\CLSID\{0B95AC8B-7A36-4B73-9C98-52CAF7D285DF}]
[-HKEY_CLASSES_ROOT\CLSID\{4FEDDAB3-3552-4E4B-A1FE-28621F862706}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Et enfin le nouveau rapport de Hijackthis :
Scan saved at 12:55:31, on 08/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\NICOLAS\Logiciels\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A4061F9-076E-4DE5-A037-631BB2544D95}: NameServer =
212.27.32.176,212.27.32.177
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. -
C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
Personal\kavsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
Moi jcomprends pas grand chose, ça vous parle vous ?
Le premier rapport de l2mfix :
Citation :
L2MFIX find log 1.04aThese are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en48l1hu1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AE2D2B9F-7CD2-F2BD-1273-BF0A090EB6BC}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}"=""
"{0B95AC8B-7A36-4B73-9C98-52CAF7D285DF}"=""
"{4FEDDAB3-3552-4E4B-A1FE-28621F862706}"=""
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}\InprocServer32]
@="C:\\WINDOWS\\system32\\myvcrt20.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{4FEDDAB3-3552-4E4B-A1FE-28621F862706}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4FEDDAB3-3552-4E4B-A1FE-28621F862706}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4FEDDAB3-3552-4E4B-A1FE-28621F862706}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4FEDDAB3-3552-4E4B-A1FE-28621F862706}\InprocServer32]
@="C:\\WINDOWS\\system32\\idctl.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
ivsecsnp.dll Sun 30 Oct 2005 17:16:50 ..S.R 235 117 229,61 K
mjiwave.dll Sat 5 Nov 2005 13:25:28 ..S.R 236 568 231,02 K
hpink.dll Sun 30 Oct 2005 17:22:50 ..S.R 235 117 229,61 K
cjmodem.dll Sun 30 Oct 2005 17:44:58 ..S.R 235 651 230,13 K
kurnel32.dll Sun 30 Oct 2005 20:06:18 ..S.R 235 117 229,61 K
pmwave.dll Sun 30 Oct 2005 20:32:38 ..S.R 235 651 230,13 K
koddv.dll Sun 30 Oct 2005 20:46:40 ..S.R 235 117 229,61 K
dzcprop2.dll Sun 30 Oct 2005 21:06:54 ..S.R 235 707 230,18 K
pdofmap.dll Wed 2 Nov 2005 12:34:10 ..S.R 235 117 229,61 K
wvi.dll Wed 2 Nov 2005 14:45:54 ..S.R 236 568 231,02 K
adcups.dll Wed 2 Nov 2005 15:04:12 ..S.R 236 568 231,02 K
kidcan.dll Sat 5 Nov 2005 13:19:08 ..S.R 233 748 228,27 K
etent97.dll Fri 4 Nov 2005 20:55:34 ..S.R 236 568 231,02 K
myvcirt.dll Fri 4 Nov 2005 18:57:56 ..S.R 236 568 231,02 K
lv4u09~1.dll Thu 3 Nov 2005 10:31:12 ..S.R 236 568 231,02 K
en8ul1~1.dll Wed 2 Nov 2005 14:45:54 ..S.R 234 238 228,75 K
enl6l1~1.dll Fri 4 Nov 2005 20:39:32 ..S.R 236 568 231,02 K
qbsname.dll Fri 4 Nov 2005 21:02:54 ..S.R 236 568 231,02 K
idctl.dll Tue 8 Nov 2005 12:24:38 ..S.R 233 865 228,38 K
hrn805~1.dll Sat 5 Nov 2005 13:23:14 ..S.R 233 748 228,27 K
fp2003~1.dll Fri 4 Nov 2005 20:45:24 ..S.R 236 568 231,02 K
hr2u05~1.dll Wed 2 Nov 2005 17:53:50 ..S.R 236 782 231,23 K
jqvacypt.dll Sat 5 Nov 2005 13:36:00 ..S.R 236 568 231,02 K
en48l1~1.dll Sun 6 Nov 2005 17:01:14 ..S.R 233 865 228,38 K
egbycdio.dll Sun 6 Nov 2005 16:52:12 ..S.R 233 865 228,38 K
lv8209~1.dll Sun 6 Nov 2005 17:56:10 ..S.R 236 568 231,02 K
g4220e~1.dll Fri 4 Nov 2005 20:52:58 ..S.R 236 568 231,02 K
27 items found: 27 files (27 H/S), 0 directories.
Total of file sizes: 6 361 521 bytes 6,07 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle WINDAUBE
Le num‚ro de s‚rie du volume est 2413-EC8F
R‚pertoire de C:\WINDOWS\System32
08/11/2005 12:24 233ÿ865 idctl.dll
06/11/2005 17:56 236ÿ568 lv8209loe.dll
06/11/2005 17:01 233ÿ865 en48l1hu1.dll
06/11/2005 16:52 233ÿ865 EgbyCDIO.dll
05/11/2005 13:36 236ÿ568 jQvacypt.dll
05/11/2005 13:25 236ÿ568 mjiwave.dll
05/11/2005 13:23 233ÿ748 hrn8055ue.dll
05/11/2005 13:19 233ÿ748 kidcan.dll
04/11/2005 21:02 236ÿ568 qbsname.dll
04/11/2005 20:55 236ÿ568 etent97.dll
04/11/2005 20:52 236ÿ568 g4220efoeh2c0.dll
04/11/2005 20:45 236ÿ568 fp2003fme.dll
04/11/2005 20:39 236ÿ568 enl6l13s1.dll
04/11/2005 18:57 236ÿ568 myvcirt.dll
03/11/2005 10:31 236ÿ568 lv4u09h9e.dll
02/11/2005 17:53 236ÿ782 hr2u05f9e.dll
02/11/2005 15:04 236ÿ568 adcups.dll
02/11/2005 14:45 236ÿ568 wvi.dll
02/11/2005 14:45 234ÿ238 en8ul1l91.dll
02/11/2005 12:34 235ÿ117 pdofmap.dll
30/10/2005 21:06 235ÿ707 dzcprop2.dll
30/10/2005 20:46 235ÿ117 koddv.dll
30/10/2005 20:32 235ÿ651 pmwave.dll
30/10/2005 20:06 235ÿ117 kurnel32.dll
30/10/2005 17:44 235ÿ651 cjmodem.dll
30/10/2005 17:22 235ÿ117 hpink.dll
30/10/2005 17:16 235ÿ117 ivsecsnp.dll
08/06/2005 17:40 7ÿ168 Thumbs.db
12/04/2005 22:04 <REP> Microsoft
12/04/2005 21:25 <REP> dllcache
28 fichier(s) 6ÿ368ÿ689 octets
2 R‚p(s) 861ÿ200ÿ384 octets libres
Le second rapport de l2mfix :
Citation :
L2Mfix 1.04aRunning From:
C:\Documents and Settings\nico\Bureau\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting up for Reboot
Starting Reboot!
Setting Directory
C:\Documents and Settings\nico\Bureau\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\nico\Bureau\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1444 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 472 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\adcups.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\cjmodem.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\dzcprop2.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\EgbyCDIO.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\en8ul1l91.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\enl6l13s1.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\etent97.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\fp2003fme.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\g4220efoeh2c0.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\hpink.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\hr2u05f9e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\hrn8055ue.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\idctl.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\ivsecsnp.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\jQvacypt.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\kidcan.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\koddv.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\kurnel32.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\lv4u09h9e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\lv8209loe.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\mjiwave.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\mxise.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\myvcirt.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\pdofmap.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\pmwave.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\qbsname.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\wvi.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: C:\WINDOWS\system32\adcups.dll
Successfully Deleted: C:\WINDOWS\system32\adcups.dll
deleting: C:\WINDOWS\system32\cjmodem.dll
Successfully Deleted: C:\WINDOWS\system32\cjmodem.dll
deleting: C:\WINDOWS\system32\dzcprop2.dll
Successfully Deleted: C:\WINDOWS\system32\dzcprop2.dll
deleting: C:\WINDOWS\system32\EgbyCDIO.dll
Successfully Deleted: C:\WINDOWS\system32\EgbyCDIO.dll
deleting: C:\WINDOWS\system32\en8ul1l91.dll
Successfully Deleted: C:\WINDOWS\system32\en8ul1l91.dll
deleting: C:\WINDOWS\system32\enl6l13s1.dll
Successfully Deleted: C:\WINDOWS\system32\enl6l13s1.dll
deleting: C:\WINDOWS\system32\etent97.dll
Successfully Deleted: C:\WINDOWS\system32\etent97.dll
deleting: C:\WINDOWS\system32\fp2003fme.dll
Successfully Deleted: C:\WINDOWS\system32\fp2003fme.dll
deleting: C:\WINDOWS\system32\g4220efoeh2c0.dll
Successfully Deleted: C:\WINDOWS\system32\g4220efoeh2c0.dll
deleting: C:\WINDOWS\system32\hpink.dll
Successfully Deleted: C:\WINDOWS\system32\hpink.dll
deleting: C:\WINDOWS\system32\hr2u05f9e.dll
Successfully Deleted: C:\WINDOWS\system32\hr2u05f9e.dll
deleting: C:\WINDOWS\system32\hrn8055ue.dll
Successfully Deleted: C:\WINDOWS\system32\hrn8055ue.dll
deleting: C:\WINDOWS\system32\idctl.dll
Successfully Deleted: C:\WINDOWS\system32\idctl.dll
deleting: C:\WINDOWS\system32\ivsecsnp.dll
Successfully Deleted: C:\WINDOWS\system32\ivsecsnp.dll
deleting: C:\WINDOWS\system32\jQvacypt.dll
Successfully Deleted: C:\WINDOWS\system32\jQvacypt.dll
deleting: C:\WINDOWS\system32\kidcan.dll
Successfully Deleted: C:\WINDOWS\system32\kidcan.dll
deleting: C:\WINDOWS\system32\koddv.dll
Successfully Deleted: C:\WINDOWS\system32\koddv.dll
deleting: C:\WINDOWS\system32\kurnel32.dll
Successfully Deleted: C:\WINDOWS\system32\kurnel32.dll
deleting: C:\WINDOWS\system32\lv4u09h9e.dll
Successfully Deleted: C:\WINDOWS\system32\lv4u09h9e.dll
deleting: C:\WINDOWS\system32\lv8209loe.dll
Successfully Deleted: C:\WINDOWS\system32\lv8209loe.dll
deleting: C:\WINDOWS\system32\mjiwave.dll
Successfully Deleted: C:\WINDOWS\system32\mjiwave.dll
deleting: C:\WINDOWS\system32\mxise.dll
Successfully Deleted: C:\WINDOWS\system32\mxise.dll
deleting: C:\WINDOWS\system32\myvcirt.dll
Successfully Deleted: C:\WINDOWS\system32\myvcirt.dll
deleting: C:\WINDOWS\system32\pdofmap.dll
Successfully Deleted: C:\WINDOWS\system32\pdofmap.dll
deleting: C:\WINDOWS\system32\pmwave.dll
Successfully Deleted: C:\WINDOWS\system32\pmwave.dll
deleting: C:\WINDOWS\system32\qbsname.dll
Successfully Deleted: C:\WINDOWS\system32\qbsname.dll
deleting: C:\WINDOWS\system32\wvi.dll
Successfully Deleted: C:\WINDOWS\system32\wvi.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: adcups.dll (deflated 5%)
adding: cjmodem.dll (deflated 5%)
adding: dzcprop2.dll (deflated 5%)
adding: EgbyCDIO.dll (deflated 4%)
adding: en8ul1l91.dll (deflated 4%)
adding: enl6l13s1.dll (deflated 5%)
adding: etent97.dll (deflated 5%)
adding: fp2003fme.dll (deflated 5%)
adding: g4220efoeh2c0.dll (deflated 5%)
adding: hpink.dll (deflated 5%)
adding: hr2u05f9e.dll (deflated 5%)
adding: hrn8055ue.dll (deflated 4%)
adding: idctl.dll (deflated 4%)
adding: ivsecsnp.dll (deflated 5%)
adding: jQvacypt.dll (deflated 5%)
adding: kidcan.dll (deflated 4%)
adding: koddv.dll (deflated 5%)
adding: kurnel32.dll (deflated 5%)
adding: lv4u09h9e.dll (deflated 5%)
adding: lv8209loe.dll (deflated 5%)
adding: mjiwave.dll (deflated 5%)
adding: mxise.dll (deflated 4%)
adding: myvcirt.dll (deflated 5%)
adding: pdofmap.dll (deflated 5%)
adding: pmwave.dll (deflated 5%)
adding: qbsname.dll (deflated 5%)
adding: wvi.dll (deflated 5%)
adding: guard.tmp (deflated 4%)
adding: echo.reg (deflated 12%)
adding: clear.reg (deflated 46%)
adding: desktop.ini (stored 0%)
adding: readme.txt (deflated 52%)
adding: direct.txt (stored 0%)
adding: report.txt (deflated 66%)
adding: lo2.txt (deflated 84%)
adding: test2.txt (deflated 26%)
adding: test3.txt (deflated 26%)
adding: test5.txt (deflated 26%)
adding: test.txt (deflated 81%)
adding: xfind.txt (deflated 75%)
adding: backregs/notibac.reg (deflated 87%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/27298D24-4E86-48C0-BC5A-62BDCF80CCC8.reg (deflated 69%)
adding: backregs/4FEDDAB3-3552-4E4B-A1FE-28621F862706.reg (deflated 70%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
Restoring Windows Update Certificates.:
deleting local copy: adcups.dll
deleting local copy: cjmodem.dll
deleting local copy: dzcprop2.dll
deleting local copy: EgbyCDIO.dll
deleting local copy: en8ul1l91.dll
deleting local copy: enl6l13s1.dll
deleting local copy: etent97.dll
deleting local copy: fp2003fme.dll
deleting local copy: g4220efoeh2c0.dll
deleting local copy: hpink.dll
deleting local copy: hr2u05f9e.dll
deleting local copy: hrn8055ue.dll
deleting local copy: idctl.dll
deleting local copy: ivsecsnp.dll
deleting local copy: jQvacypt.dll
deleting local copy: kidcan.dll
deleting local copy: koddv.dll
deleting local copy: kurnel32.dll
deleting local copy: lv4u09h9e.dll
deleting local copy: lv8209loe.dll
deleting local copy: mjiwave.dll
deleting local copy: mxise.dll
deleting local copy: myvcirt.dll
deleting local copy: pdofmap.dll
deleting local copy: pmwave.dll
deleting local copy: qbsname.dll
deleting local copy: wvi.dll
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\adcups.dll
C:\WINDOWS\system32\cjmodem.dll
C:\WINDOWS\system32\dzcprop2.dll
C:\WINDOWS\system32\EgbyCDIO.dll
C:\WINDOWS\system32\en8ul1l91.dll
C:\WINDOWS\system32\enl6l13s1.dll
C:\WINDOWS\system32\etent97.dll
C:\WINDOWS\system32\fp2003fme.dll
C:\WINDOWS\system32\g4220efoeh2c0.dll
C:\WINDOWS\system32\hpink.dll
C:\WINDOWS\system32\hr2u05f9e.dll
C:\WINDOWS\system32\hrn8055ue.dll
C:\WINDOWS\system32\idctl.dll
C:\WINDOWS\system32\ivsecsnp.dll
C:\WINDOWS\system32\jQvacypt.dll
C:\WINDOWS\system32\kidcan.dll
C:\WINDOWS\system32\koddv.dll
C:\WINDOWS\system32\kurnel32.dll
C:\WINDOWS\system32\lv4u09h9e.dll
C:\WINDOWS\system32\lv8209loe.dll
C:\WINDOWS\system32\mjiwave.dll
C:\WINDOWS\system32\mxise.dll
C:\WINDOWS\system32\myvcirt.dll
C:\WINDOWS\system32\pdofmap.dll
C:\WINDOWS\system32\pmwave.dll
C:\WINDOWS\system32\qbsname.dll
C:\WINDOWS\system32\wvi.dll
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}"=-
"{0B95AC8B-7A36-4B73-9C98-52CAF7D285DF}"=-
"{4FEDDAB3-3552-4E4B-A1FE-28621F862706}"=-
[-HKEY_CLASSES_ROOT\CLSID\{27298D24-4E86-48C0-BC5A-62BDCF80CCC8}]
[-HKEY_CLASSES_ROOT\CLSID\{0B95AC8B-7A36-4B73-9C98-52CAF7D285DF}]
[-HKEY_CLASSES_ROOT\CLSID\{4FEDDAB3-3552-4E4B-A1FE-28621F862706}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Et enfin le nouveau rapport de Hijackthis :
Citation :
Logfile of HijackThis v1.99.1Scan saved at 12:55:31, on 08/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\NICOLAS\Logiciels\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A4061F9-076E-4DE5-A037-631BB2544D95}: NameServer =
212.27.32.176,212.27.32.177
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. -
C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
Personal\kavsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
Moi jcomprends pas grand chose, ça vous parle vous ?
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumSpyware analyse du log hijackthis
- ForumAnalyse de log hijackthis
- ForumAnalyse du log hijackthis de mon pc
- ForumPour analyse de log hijackthis, merci
- ForumAnalyse du log de hijackthis
- ForumAnalyse log hijackthis svp merci
- ForumAide analyse log hijackthis
- ForumAide pour analyse du log hijackthis
- ForumAnalyse de mon log hijackthis please
- ForumAnalyse de mon log hijackthis svp
- Voir plus
