virus spy sherrif mon ordi redemarre tout seul !!!
Forum Sécurité - Virus : virus spy sherrif mon ordi redemarre tout seul !!!
Bonjour all, Voila mon problem ; jai attraper un virus ki s appelle spy sherrif ke jai enlever mais mon ordi redemarre presque tout les 2h 4h ou 15 minute c un gros probleme car je pe plus aller sur mon pc en toute tranquiliter :-( :-( :-( aider moi svp merci :-)
télécharges spy sweeper ( valable 14 jours d'essai) ainsi que ewido security 4.5 et fais un scan complet
as tu un anti virus et un pare feu ??
Salut à tous.
Autre solution:
Télécharge SmitfraudFix de S!Ri, moe31 et balltrap34 http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Décompresse le, double-clique et choisis l'option 1
Poste le rapport généré.
Redémarre en mode sans échec
Relance le programme et choisis cette fois l'option 2 et réponds oui à tout
Redemarre et donne le nouveau rapport.
Complète par un scan HijackThis que tu posteras aussi.
Si tu ne sais pas faire un rapport HijackThis:
Télécharge HijackThis v1.99.1
http://www.merijn.org/files/hijackthis.zip
Tutorial
http://sitethemacs.free.fr/aide_en [...] ackthi.htm
Démo en image ici:
http://pageperso.aol.fr/balltrap34/demohijack.htm
voila le premier raport : SmitFraudFix v2.06
Rapport fait à 13:58:21,50 le 10/12/2005
Executé à partir de C:\Documents and Settings\Oums\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
C:\contextplus.exe PRESENT !
C:\stub_113_4_0_4_0.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
C:\WINDOWS\adtech2005.exe PRESENT !
C:\WINDOWS\secure32.html PRESENT !
C:\WINDOWS\timessquare.exe PRESENT!
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
C:\WINDOWS\system32\~update.exe PRESENT !
C:\WINDOWS\system32\ll.exe PRESENT !
C:\WINDOWS\system32\sywsvcs.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Oums\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
"{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}"="OutPost FireWall"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Voici le 2éme rapport SmitFraudFix v2.06
Rapport fait à 14:08:32,82 le 10/12/2005
Executé à partir de C:\Documents and Settings\Oums\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\contextplus.exe supprimé
C:\stub_113_4_0_4_0.exe supprimé
C:\WINDOWS\adtech2005.exe supprimé
C:\WINDOWS\secure32.html supprimé
C:\WINDOWS\timessquare.exe supprimé
C:\WINDOWS\system32\~update.exe supprimé
C:\WINDOWS\system32\ll.exe supprimé
C:\WINDOWS\system32\sywsvcs.exe supprimé
C:\WINDOWS\system32\zlbw.dll supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Et voici Le rapport hijackthis Logfile of HijackThis v1.99.1
Scan saved at 14:15:57, on 10/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\vidmon\vidmon.exe
C:\windows\adtech2006.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Oums\Mes documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/ [...] ite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerba [...] Loader.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 8178305764
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\g8lmli3118.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
re,
je regarde ton rapport, réponse dans quelques minutes.
re,
(Dans un premier temps, imprime ces instructions ou sauvegarde les dans un fichier texte de façon à pourvoir les consultés en mode sans échec)
1/ Télécharge et installe EasyCleaner de Toni Helenius: http://personal.inet.fi/business/toniarts/ecleane.htm
2/ Télécharge L2mfix (de Shadowwar) de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt" ) dans ta prochaine réponse.
Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse.
3/ Redémarre en mode sans échec.
4/ Désintalles ces programmes par le panneau de configuration:
5/ Vérifie d'avoir accès à tous les fichiers
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
6/ Relance un scan HijackThis, clique sur "Do a system scan only" et coche les lignes ci-dessous :
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/ [...] ite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerba [...] Loader.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 8178305764
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
Ferme toutes les fenêtres sauf HijackThis et "Fix Checked".
7/ Supprime les fichiers incriminés (s'ils existent encore) par l'Explorateur Windows :
- C:\WINDOWS\System32\vidmon\ <-- le dossier
- C:\windows\adtech2006.exe <-- le fichier
8/ renomme le fichier suivant (je te demande de le remonner afin de le rendre inactif et de ne pas le perdre, car il m'est inconnu):
- C:\WINDOWS\System32\nfomon\nfomon.exe renomme le en: nfomon-exe.anc (si dans 4/5jours tout fonctionne correctement tu pourra effacé le dossier suivant C:\WINDOWS\System32\nfomon )
9/ Execute EasyCleaner: Utilise les fonctions "Inutiles" et "Registre" seulement. Ne touche pas à la fonction "doublons". Dans les deux cas, supprime tous ce qu'il te propose.
10/ Redémarre l'ordinateur en mode normal et poste un nouveau rapport HijackThis à titre de vérification.
Remarque: utilisation de Shareaza, OS pas à jour, pas de firewall, normal que tu soit infecté!
L2MFIX find log 120905
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\g8lmli3118.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D24827EC-58C9-076D-761B-1663B58E594D}"=""
"FREE"="IEAKproxad"
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{A2C058B3-EDCC-4CB0-819A-9CB99D6ABE0E}"=""
"{B35F1130-1EEA-491C-8B5A-A5313F80C077}"=""
"{601DBD26-07FA-452D-920D-560C8564C3D7}"=""
"{F51A0032-67CA-490A-BCEE-3250E8EDB404}"=""
"{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}"=""
"{42096FE3-BD4C-44A8-903F-270BB26BC71E}"=""
"{DCFEB13C-1C49-41D7-9675-F489E4BC535B}"=""
"{31CAFB10-0D03-459D-9EA2-78120353F725}"=""
"{21FB6C8A-9202-4EC4-9252-3788DF5C974B}"=""
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B35F1130-1EEA-491C-8B5A-A5313F80C077}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B35F1130-1EEA-491C-8B5A-A5313F80C077}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B35F1130-1EEA-491C-8B5A-A5313F80C077}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B35F1130-1EEA-491C-8B5A-A5313F80C077}\InprocServer32]
@="C:\\WINDOWS\\system32\\spldivx.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{601DBD26-07FA-452D-920D-560C8564C3D7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{601DBD26-07FA-452D-920D-560C8564C3D7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{601DBD26-07FA-452D-920D-560C8564C3D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{601DBD26-07FA-452D-920D-560C8564C3D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\itaksie.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F51A0032-67CA-490A-BCEE-3250E8EDB404}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F51A0032-67CA-490A-BCEE-3250E8EDB404}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F51A0032-67CA-490A-BCEE-3250E8EDB404}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F51A0032-67CA-490A-BCEE-3250E8EDB404}\InprocServer32]
@="C:\\WINDOWS\\system32\\tintsvrp.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}\InprocServer32]
@="C:\\WINDOWS\\system32\\mkrepl40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{42096FE3-BD4C-44A8-903F-270BB26BC71E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42096FE3-BD4C-44A8-903F-270BB26BC71E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42096FE3-BD4C-44A8-903F-270BB26BC71E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42096FE3-BD4C-44A8-903F-270BB26BC71E}\InprocServer32]
@="C:\\WINDOWS\\system32\\desshlex.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DCFEB13C-1C49-41D7-9675-F489E4BC535B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DCFEB13C-1C49-41D7-9675-F489E4BC535B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DCFEB13C-1C49-41D7-9675-F489E4BC535B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DCFEB13C-1C49-41D7-9675-F489E4BC535B}\InprocServer32]
@="C:\\WINDOWS\\system32\\smcsccp.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{31CAFB10-0D03-459D-9EA2-78120353F725}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31CAFB10-0D03-459D-9EA2-78120353F725}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31CAFB10-0D03-459D-9EA2-78120353F725}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31CAFB10-0D03-459D-9EA2-78120353F725}\InprocServer32]
@="C:\\WINDOWS\\system32\\ikpeers.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{21FB6C8A-9202-4EC4-9252-3788DF5C974B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21FB6C8A-9202-4EC4-9252-3788DF5C974B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21FB6C8A-9202-4EC4-9252-3788DF5C974B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21FB6C8A-9202-4EC4-9252-3788DF5C974B}\InprocServer32]
@="C:\\WINDOWS\\system32\\sporage.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
cmdlin~1.dll Mon 10 Oct 2005 16:03:30 A.... 98 304 96,00 K
desshlex.dll Sat 26 Nov 2005 19:51:32 ..S.R 236 767 231,21 K
divx.dll Wed 28 Sep 2005 22:29:14 A.... 693 248 677,00 K
divx_x~1.dll Wed 28 Sep 2005 22:29:12 A.... 688 128 672,00 K
divx_x~2.dll Wed 28 Sep 2005 22:29:12 A.... 688 128 672,00 K
divx_x~3.dll Wed 28 Sep 2005 22:29:12 A.... 671 744 656,00 K
dpl100.dll Thu 27 Oct 2005 20:37:46 A.... 86 016 84,00 K
dpu10.dll Thu 27 Oct 2005 20:37:44 A.... 294 912 288,00 K
dpu11.dll Thu 27 Oct 2005 20:37:44 A.... 294 912 288,00 K
dpugui10.dll Thu 27 Oct 2005 20:37:48 A.... 53 248 52,00 K
dpugui11.dll Thu 27 Oct 2005 20:37:46 A.... 593 920 580,00 K
dpus11.dll Thu 27 Oct 2005 20:37:44 A.... 339 968 332,00 K
dpv11.dll Thu 27 Oct 2005 20:37:44 A.... 57 344 56,00 K
dtu100.dll Thu 27 Oct 2005 20:37:44 A.... 200 704 196,00 K
f6l00g~1.dll Sat 26 Nov 2005 20:36:16 ..S.R 233 847 228,36 K
h82o0i~1.dll Sat 26 Nov 2005 18:08:58 ..S.R 234 513 229,02 K
hnesbkup.dll Sat 26 Nov 2005 18:02:18 A.... 45 056 44,00 K
ikpeers.dll Sat 26 Nov 2005 23:54:06 ..S.R 235 755 230,23 K
itaksie.dll Sat 26 Nov 2005 18:52:22 ..S.R 235 910 230,38 K
k0260a~1.dll Sat 26 Nov 2005 21:15:06 ..S.R 234 696 229,20 K
ktn2l7~1.dll Sat 26 Nov 2005 21:29:56 ..S.R 235 008 229,50 K
libdivx.dll Wed 28 Sep 2005 19:50:06 A.... 1 044 480 1020,00 K
lvn809~1.dll Sat 26 Nov 2005 18:26:18 ..S.R 233 965 228,48 K
m2lslc~1.dll Sat 26 Nov 2005 20:49:14 ..S.R 234 769 229,27 K
mhdocs.dll Sat 26 Nov 2005 22:41:52 ..S.R 234 094 228,61 K
mkrepl40.dll Sat 26 Nov 2005 19:47:32 ..S.R 237 148 231,59 K
mpwinet.dll Sat 26 Nov 2005 18:02:34 A.S.. 5 120 5,00 K
n6p40g~1.dll Sat 26 Nov 2005 23:54:12 ..S.R 235 764 230,24 K
o0rola~1.dll Sat 26 Nov 2005 18:00:38 ..S.R 234 328 228,84 K
o484le~1.dll Sat 26 Nov 2005 18:11:06 ..S.R 236 157 230,62 K
p4p60e~1.dll Sat 26 Nov 2005 23:03:14 ..S.R 236 092 230,56 K
sirenacm.dll Wed 12 Oct 2005 23:11:06 A.... 118 784 116,00 K
smcsccp.dll Sat 26 Nov 2005 20:36:10 ..S.R 237 148 231,59 K
spldivx.dll Sat 26 Nov 2005 18:08:54 ..S.R 234 328 228,84 K
sporage.dll Sun 27 Nov 2005 0:04:42 ..S.R 236 284 230,75 K
ssldivx.dll Wed 28 Sep 2005 19:50:04 A.... 200 704 196,00 K
tintsvrp.dll Sat 26 Nov 2005 19:43:02 ..S.R 236 767 231,21 K
37 items found: 37 files (20 H/S), 0 directories.
Total of file sizes: 10 648 060 bytes 10,15 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
guard.tmp Sun 27 Nov 2005 0:04:50 A.... 234 132 228,64 K
1 item found: 1 file, 0 directories.
Total of file sizes: 234 132 bytes 228,64 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est DCE8-0046
R‚pertoire de C:\WINDOWS\System32
28/11/2005 22:21 <REP> dllcache
27/11/2005 10:17 <REP> Microsoft
27/11/2005 00:04 236ÿ284 sporage.dll
26/11/2005 23:54 235ÿ764 n6p40g7qe6.dll
26/11/2005 23:54 235ÿ755 ikpeers.dll
26/11/2005 23:03 236ÿ092 p4p60e7seh.dll
26/11/2005 22:41 234ÿ094 mhdocs.dll
26/11/2005 21:29 235ÿ008 ktn2l75o1.dll
26/11/2005 21:15 234ÿ696 k0260afsed260.dll
26/11/2005 20:49 234ÿ769 m2lslc371f.dll
26/11/2005 20:36 233ÿ847 f6l00g3me6.dll
26/11/2005 20:36 237ÿ148 smcsccp.dll
26/11/2005 19:51 236ÿ767 desshlex.dll
26/11/2005 19:47 237ÿ148 mkrepl40.dll
26/11/2005 19:43 236ÿ767 tintsvrp.dll
26/11/2005 18:52 235ÿ910 itaksie.dll
26/11/2005 18:26 233ÿ965 lvn8095ue.dll
26/11/2005 18:11 236ÿ157 o484lelq1hqe.dll
26/11/2005 18:08 234ÿ513 h82o0if3e82.dll
26/11/2005 18:08 234ÿ328 spldivx.dll
26/11/2005 18:02 5ÿ120 MPWINET.dll
26/11/2005 18:00 234ÿ328 o0rola931d.dll
23/10/2005 16:51 56 7AB497FD4F.sys
21 fichier(s) 4ÿ478ÿ516 octets
2 R‚p(s) 37ÿ635ÿ960ÿ832 octets libres
c est le report de i2mfx merci pour les indication
voila le 2eme raport de l option 2 L2mfix Beta 120905
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 616 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 688 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 232 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 492 'rundll32.exe'
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
Granting SeDebugPrivilege to Administrateurs ... successful
Granting SeDebugPrivilege to Administrat÷rer ... failed (GetAccountSid(Administrat÷rer)=1332
Granting SeDebugPrivilege to Administradores ... failed (GetAccountSid(Administradores)=1332
Granting SeDebugPrivilege to Amministratore ... failed (GetAccountSid(Amministratore)=1332
Granting SeDebugPrivilege to Administratoren ... failed (GetAccountSid(Administratoren)=1332
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\desshlex.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\f6l00g3me6.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\h82o0if3e82.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\ikpeers.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\itaksie.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\k0260afsed260.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\ktn2l75o1.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\lvn8095ue.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\m2lslc371f.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\mhdocs.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\mkrepl40.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\n6p40g7qe6.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\o0rola931d.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\o484lelq1hqe.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\p4p60e7seh.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\smcsccp.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\spldivx.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\sporage.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\tintsvrp.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: C:\WINDOWS\system32\desshlex.dll
Successfully Deleted: C:\WINDOWS\system32\desshlex.dll
deleting: C:\WINDOWS\system32\f6l00g3me6.dll
Successfully Deleted: C:\WINDOWS\system32\f6l00g3me6.dll
deleting: C:\WINDOWS\system32\h82o0if3e82.dll
Successfully Deleted: C:\WINDOWS\system32\h82o0if3e82.dll
deleting: C:\WINDOWS\system32\ikpeers.dll
Successfully Deleted: C:\WINDOWS\system32\ikpeers.dll
deleting: C:\WINDOWS\system32\itaksie.dll
Successfully Deleted: C:\WINDOWS\system32\itaksie.dll
deleting: C:\WINDOWS\system32\k0260afsed260.dll
Successfully Deleted: C:\WINDOWS\system32\k0260afsed260.dll
deleting: C:\WINDOWS\system32\ktn2l75o1.dll
Successfully Deleted: C:\WINDOWS\system32\ktn2l75o1.dll
deleting: C:\WINDOWS\system32\lvn8095ue.dll
Successfully Deleted: C:\WINDOWS\system32\lvn8095ue.dll
deleting: C:\WINDOWS\system32\m2lslc371f.dll
Successfully Deleted: C:\WINDOWS\system32\m2lslc371f.dll
deleting: C:\WINDOWS\system32\mhdocs.dll
Successfully Deleted: C:\WINDOWS\system32\mhdocs.dll
deleting: C:\WINDOWS\system32\mkrepl40.dll
Successfully Deleted: C:\WINDOWS\system32\mkrepl40.dll
deleting: C:\WINDOWS\system32\n6p40g7qe6.dll
Successfully Deleted: C:\WINDOWS\system32\n6p40g7qe6.dll
deleting: C:\WINDOWS\system32\o0rola931d.dll
Successfully Deleted: C:\WINDOWS\system32\o0rola931d.dll
deleting: C:\WINDOWS\system32\o484lelq1hqe.dll
Successfully Deleted: C:\WINDOWS\system32\o484lelq1hqe.dll
deleting: C:\WINDOWS\system32\p4p60e7seh.dll
Successfully Deleted: C:\WINDOWS\system32\p4p60e7seh.dll
deleting: C:\WINDOWS\system32\smcsccp.dll
Successfully Deleted: C:\WINDOWS\system32\smcsccp.dll
deleting: C:\WINDOWS\system32\spldivx.dll
Successfully Deleted: C:\WINDOWS\system32\spldivx.dll
deleting: C:\WINDOWS\system32\sporage.dll
Successfully Deleted: C:\WINDOWS\system32\sporage.dll
deleting: C:\WINDOWS\system32\tintsvrp.dll
Successfully Deleted: C:\WINDOWS\system32\tintsvrp.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
Zipping up files for submission:
zip warning: name not matched: guard.tmp
zip error: Nothing to do! (backup.zip)
adding: Documents and Settings/Oums/Bureau/l2mfix/backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: Documents and Settings/Oums/Bureau/l2mfix/backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Sedebugprivilege:
Restoring Windows Update Certificates.:
deleting local copy: desshlex.dll
deleting local copy: f6l00g3me6.dll
deleting local copy: h82o0if3e82.dll
deleting local copy: ikpeers.dll
deleting local copy: itaksie.dll
deleting local copy: k0260afsed260.dll
deleting local copy: ktn2l75o1.dll
deleting local copy: lvn8095ue.dll
deleting local copy: m2lslc371f.dll
deleting local copy: mhdocs.dll
deleting local copy: mkrepl40.dll
deleting local copy: n6p40g7qe6.dll
deleting local copy: o0rola931d.dll
deleting local copy: o484lelq1hqe.dll
deleting local copy: p4p60e7seh.dll
deleting local copy: smcsccp.dll
deleting local copy: spldivx.dll
deleting local copy: sporage.dll
deleting local copy: tintsvrp.dll
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\g8lmli3118.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\desshlex.dll
C:\WINDOWS\system32\f6l00g3me6.dll
C:\WINDOWS\system32\h82o0if3e82.dll
C:\WINDOWS\system32\ikpeers.dll
C:\WINDOWS\system32\itaksie.dll
C:\WINDOWS\system32\k0260afsed260.dll
C:\WINDOWS\system32\ktn2l75o1.dll
C:\WINDOWS\system32\lvn8095ue.dll
C:\WINDOWS\system32\m2lslc371f.dll
C:\WINDOWS\system32\mhdocs.dll
C:\WINDOWS\system32\mkrepl40.dll
C:\WINDOWS\system32\n6p40g7qe6.dll
C:\WINDOWS\system32\o0rola931d.dll
C:\WINDOWS\system32\o484lelq1hqe.dll
C:\WINDOWS\system32\p4p60e7seh.dll
C:\WINDOWS\system32\smcsccp.dll
C:\WINDOWS\system32\spldivx.dll
C:\WINDOWS\system32\sporage.dll
C:\WINDOWS\system32\tintsvrp.dll
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B35F1130-1EEA-491C-8B5A-A5313F80C077}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B35F1130-1EEA-491C-8B5A-A5313F80C077}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B35F1130-1EEA-491C-8B5A-A5313F80C077}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B35F1130-1EEA-491C-8B5A-A5313F80C077}\InprocServer32]
@="C:\\WINDOWS\\system32\\spldivx.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{601DBD26-07FA-452D-920D-560C8564C3D7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{601DBD26-07FA-452D-920D-560C8564C3D7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{601DBD26-07FA-452D-920D-560C8564C3D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{601DBD26-07FA-452D-920D-560C8564C3D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\itaksie.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F51A0032-67CA-490A-BCEE-3250E8EDB404}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F51A0032-67CA-490A-BCEE-3250E8EDB404}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F51A0032-67CA-490A-BCEE-3250E8EDB404}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F51A0032-67CA-490A-BCEE-3250E8EDB404}\InprocServer32]
@="C:\\WINDOWS\\system32\\tintsvrp.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}\InprocServer32]
@="C:\\WINDOWS\\system32\\mkrepl40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{42096FE3-BD4C-44A8-903F-270BB26BC71E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42096FE3-BD4C-44A8-903F-270BB26BC71E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42096FE3-BD4C-44A8-903F-270BB26BC71E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42096FE3-BD4C-44A8-903F-270BB26BC71E}\InprocServer32]
@="C:\\WINDOWS\\system32\\desshlex.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DCFEB13C-1C49-41D7-9675-F489E4BC535B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DCFEB13C-1C49-41D7-9675-F489E4BC535B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DCFEB13C-1C49-41D7-9675-F489E4BC535B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DCFEB13C-1C49-41D7-9675-F489E4BC535B}\InprocServer32]
@="C:\\WINDOWS\\system32\\smcsccp.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{31CAFB10-0D03-459D-9EA2-78120353F725}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31CAFB10-0D03-459D-9EA2-78120353F725}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31CAFB10-0D03-459D-9EA2-78120353F725}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{31CAFB10-0D03-459D-9EA2-78120353F725}\InprocServer32]
@="C:\\WINDOWS\\system32\\ikpeers.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{21FB6C8A-9202-4EC4-9252-3788DF5C974B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21FB6C8A-9202-4EC4-9252-3788DF5C974B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21FB6C8A-9202-4EC4-9252-3788DF5C974B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21FB6C8A-9202-4EC4-9252-3788DF5C974B}\InprocServer32]
@="C:\\WINDOWS\\system32\\sporage.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A2C058B3-EDCC-4CB0-819A-9CB99D6ABE0E}"=
"{B35F1130-1EEA-491C-8B5A-A5313F80C077}"=
"{601DBD26-07FA-452D-920D-560C8564C3D7}"=
"{F51A0032-67CA-490A-BCEE-3250E8EDB404}"=
"{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}"=
"{42096FE3-BD4C-44A8-903F-270BB26BC71E}"=
"{DCFEB13C-1C49-41D7-9675-F489E4BC535B}"=
"{31CAFB10-0D03-459D-9EA2-78120353F725}"=
"{21FB6C8A-9202-4EC4-9252-3788DF5C974B}"=
[-HKEY_CLASSES_ROOT\CLSID\{A2C058B3-EDCC-4CB0-819A-9CB99D6ABE0E}]
[-HKEY_CLASSES_ROOT\CLSID\{B35F1130-1EEA-491C-8B5A-A5313F80C077}]
[-HKEY_CLASSES_ROOT\CLSID\{601DBD26-07FA-452D-920D-560C8564C3D7}]
[-HKEY_CLASSES_ROOT\CLSID\{F51A0032-67CA-490A-BCEE-3250E8EDB404}]
[-HKEY_CLASSES_ROOT\CLSID\{3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647}]
[-HKEY_CLASSES_ROOT\CLSID\{42096FE3-BD4C-44A8-903F-270BB26BC71E}]
[-HKEY_CLASSES_ROOT\CLSID\{DCFEB13C-1C49-41D7-9675-F489E4BC535B}]
[-HKEY_CLASSES_ROOT\CLSID\{31CAFB10-0D03-459D-9EA2-78120353F725}]
[-HKEY_CLASSES_ROOT\CLSID\{21FB6C8A-9202-4EC4-9252-3788DF5C974B}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
C:\WINDOWS\System32\21FB6C8A-9202-4EC4-9252-3788DF5C974B.reg
C:\WINDOWS\System32\31CAFB10-0D03-459D-9EA2-78120353F725.reg
C:\WINDOWS\System32\3B8B5CA0-4D92-4D1B-B8BC-8E9E13FED647.reg
C:\WINDOWS\System32\42096FE3-BD4C-44A8-903F-270BB26BC71E.reg
C:\WINDOWS\System32\601DBD26-07FA-452D-920D-560C8564C3D7.reg
C:\WINDOWS\System32\B35F1130-1EEA-491C-8B5A-A5313F80C077.reg
C:\WINDOWS\System32\DCFEB13C-1C49-41D7-9675-F489E4BC535B.reg
C:\WINDOWS\System32\F51A0032-67CA-490A-BCEE-3250E8EDB404.reg
Checking for L2MFix account(0=no 1=yes):
0
adding: dlls/desshlex.dll (164 bytes security) (deflated 5%)
adding: dlls/f6l00g3me6.dll (164 bytes security) (deflated 4%)
adding: dlls/h82o0if3e82.dll (164 bytes security) (deflated 4%)
adding: dlls/ikpeers.dll (164 bytes security) (deflated 5%)
adding: dlls/itaksie.dll (164 bytes security) (deflated 5%)
adding: dlls/k0260afsed260.dll (164 bytes security) (deflated 5%)
adding: dlls/ktn2l75o1.dll (164 bytes security) (deflated 5%)
adding: dlls/lvn8095ue.dll (164 bytes security) (deflated 4%)
adding: dlls/m2lslc371f.dll (164 bytes security) (deflated 5%)
adding: dlls/mhdocs.dll (164 bytes security) (deflated 4%)
adding: dlls/mkrepl40.dll (164 bytes security) (deflated 5%)
adding: dlls/n6p40g7qe6.dll (164 bytes security) (deflated 5%)
adding: dlls/o0rola931d.dll (164 bytes security) (deflated 4%)
adding: dlls/o484lelq1hqe.dll (164 bytes security) (deflated 5%)
adding: dlls/p4p60e7seh.dll (164 bytes security) (deflated 5%)
adding: dlls/smcsccp.dll (164 bytes security) (deflated 5%)
adding: dlls/spldivx.dll (164 bytes security) (deflated 4%)
adding: dlls/sporage.dll (164 bytes security) (deflated 5%)
adding: dlls/tintsvrp.dll (164 bytes security) (deflated 5%)
Bonjour.
Stp, poste un nouveau rapport HijackThis.
VOILA Logfile of HijackThis v1.99.1
Scan saved at 11:42:58, on 11/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Oums\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
JESPER KE SA MARCHE
;-) ;-) ;-)
Salut.
Une petite correction:
Relance un scan HijackThis, clique sur "Do a system scan only" et coche les lignes ci-dessous :
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS
Ferme toutes les fenêtres sauf HijackThis et "Fix Checked".
Reposte un log HJT à titre de vérification.
Logfile of HijackThis v1.99.1
Scan saved at 14:17:55, on 11/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Oums\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Maintenant il y a un ecran bleu ki s affiche on me disan si s c la premiere fois redemarre ou sinon c un pilote ou la carte video defaillante fo faire kOI ????????????????????????????
ok, ton rapport ne conporte plus rien d'infectieux.
Cepedant quelques remarques:
* Le P2P est le meilleur moyen de choper des malwares
* Mets ton wondows à jour.
* Installe un pare-feu et un anti-virus (il en existe des gratuits qui font largement l'affaire)
L'écran bleu est un "effet secondaire" de SmitfraudFix. il suffit de remettre ton fond d'écran comme d'habitude.
Non C n'est pas par rapoort au fond d ecran mais tous les 2h environ un Ecran bleu apparait il me dis ke un pilote est defaillant est en bas il ya vidage de la memoire et je suis obliger de couper l alimentation est la remetre pour redemarrer l ordi fo tro kon m aide pleaseeeeeeeeeeeee :-x :-x :-x
Il y a 364 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
