bonjor
j'ai un virus c'est a dire que j'ai des fenetres imtenpestiv qui souve toute les 30 seconde pouver vous m'aider a les elever definitivement?
merci a tous
-->achete un anti virus ou telecharge en 1 gratuit....
ta un truc dans le crane qui s'apelle un cerveau utilise le de tps en tps ca fais pas de mal...
Salut,
ultrakas comment sais-tu qu'il a un anti-virus ou pas ?? donc va savoir qui a un cerveau dans l'histoire... à méditer
:-P
---------------
Pour racho59 fait ca :
Poste un log HijackThis.
Télécharge le, puis met le dans un dossier dédié ou sur le bureau.
Ensuite, lance le, appuie sur Do a system scan a save a logfile, et donne nous le résultat du scan
www.infos-du-net.com/telecharger/HijackThis.html
MERCI BIEN PARLER BOB
Logfile of HijackThis v1.99.1
Scan saved at 18:15:37, on 29/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\lvn8095ue.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
Voila aide moi please
Salut,
Tu as une infection de type Look2me
Imprime ces instructions, ou colle les dans un fichier texte.
Regarde bien les trois indications en bas, avant de commencer la procédure.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
. Ferme toutes les fenêtres actives.
. Lance l'outil Look2Me-Destroyer.exe.
. Coche Run this program as a task
. Un message s'affichera :
"Look2Me-Destroyer will close and re-open in approximately 10 seconds"-> OK
. Il se relancera après les 10 secondes, puis appuie sur le bouton Scan for L2M.
. Les icônes de ton Bureau vont disparaître.
. Le scan termine, clique sur Remove L2M
. Un nouveau message Done Scanning apparaîtra, clique sur OK.
. Suivi de Done removing infected files! Look2Me-Destroyer will now shutdown your computer -> OK.
. Ton PC va s’éteindre.
. Démarre ton PC normalement.
. Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt ,ainsi qu'un rapport HijackThis.
1/ Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
2/ Si tu reçois un message de ton firewall disant que l'outil tente d'accéder à l'internet : Accepte ou desactive ton firewall
3/ Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/n [...] WINSCK.OCX
look 2 me destroyer ne se redemarre pas meme apres avoir redemarer le pc que doi je fair?
1/Télécharge L2Mfix
http://www.atribune.org/downloads/l2mfix.exe
Mets-le sur ton bureau.
Lance l’application
Clic sur Accept, ensuite sur Install
2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Puis Option 1, Entrée
Poste le 1er rapport.
3/ Ouvre le dossier l2mfix puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche
L’ordinateur va redemarrer
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, ouvre le dossier l2mfix et lance un second.bat
4/ Poste un log HJT.
il n'y est pas sur le lien l2mfix 
ha enfin sa marche au debut il voulai pas telecharger merci
L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en8sl1l71.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9901B88D-F9A9-0ED7-DC49-639FA5529814}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"="CopyToCD shell extension"
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{52c68510-09a0-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{26DB6053-123B-41ED-A734-AB82F92AB25B}"=""
"{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}\InprocServer32]
@="C:\\WINDOWS\\system32\\jksd400.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
agifil32.dll Wed 29 Mar 2006 1:43:50 ..S.R 235 926 230,39 K
cscammgr.dll Wed 29 Mar 2006 1:50:42 ..S.R 236 210 230,67 K
divx.dll Mon 6 Feb 2006 21:41:52 ..... 574 976 561,50 K
dpl100.dll Mon 6 Feb 2006 21:42:02 A.... 86 016 84,00 K
dpu10.dll Mon 6 Feb 2006 21:42:00 A.... 294 912 288,00 K
dpu11.dll Mon 6 Feb 2006 21:42:00 A.... 294 912 288,00 K
dpugui10.dll Sat 21 Jan 2006 0:46:10 A.... 53 248 52,00 K
dpugui11.dll Mon 6 Feb 2006 21:42:02 A.... 593 920 580,00 K
dpus11.dll Mon 6 Feb 2006 21:42:00 A.... 339 968 332,00 K
dpv11.dll Mon 6 Feb 2006 21:42:00 A.... 57 344 56,00 K
dtu100.dll Mon 6 Feb 2006 21:42:02 A.... 200 704 196,00 K
jksd400.dll Wed 29 Mar 2006 18:42:00 ..S.R 236 006 230,47 K
libdivx.dll Sat 21 Jan 2006 0:46:36 A.... 1 044 480 1020,00 K
oajsel.dll Wed 29 Mar 2006 1:41:12 ..S.R 234 554 229,05 K
pncrt.dll Fri 17 Mar 2006 2:24:18 A.... 278 528 272,00 K
pndx5016.dll Fri 17 Mar 2006 2:24:18 A.... 6 656 6,50 K
pndx5032.dll Fri 17 Mar 2006 2:24:18 A.... 5 632 5,50 K
px.dll Sat 21 Jan 2006 0:46:34 ..... 372 736 364,00 K
pxdrv.dll Sat 21 Jan 2006 0:46:34 ..... 421 888 412,00 K
pxmas.dll Sat 21 Jan 2006 0:46:34 ..... 172 032 168,00 K
pxwave.dll Sat 21 Jan 2006 0:46:34 ..... 339 968 332,00 K
qt-dx331.dll Sat 21 Jan 2006 0:46:12 A.... 3 596 288 3,43 M
rmoc3260.dll Fri 17 Mar 2006 2:24:22 A.... 176 167 172,04 K
ssldivx.dll Sat 21 Jan 2006 0:46:36 A.... 200 704 196,00 K
unicows.dll Sat 21 Jan 2006 0:46:36 A.... 245 408 239,66 K
vxblock.dll Sat 21 Jan 2006 0:46:34 ..... 28 672 28,00 K
xvidcore.dll Fri 30 Dec 2005 21:10:30 A.... 761 856 744,00 K
xvidvfw.dll Fri 30 Dec 2005 21:18:26 A.... 180 224 176,00 K
28 items found: 28 files (4 H/S), 0 directories.
Total of file sizes: 11 269 935 bytes 10,75 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C86A-34E9
R‚pertoire de C:\WINDOWS\System32
29/03/2006 19:12 <REP> ..
29/03/2006 19:12 <REP> .
29/03/2006 18:41 236ÿ006 jksd400.dll
29/03/2006 18:41 236ÿ661 hrn6055se.dll
29/03/2006 14:16 236ÿ006 en8sl1l71.dll
29/03/2006 01:50 236ÿ210 CsCamMgr.dll
29/03/2006 01:43 235ÿ926 agifil32.dll
29/03/2006 01:41 234ÿ554 oajsel.dll
15/11/2005 06:16 <REP> Microsoft
6 fichier(s) 1ÿ415ÿ363 octets
3 R‚p(s) 200ÿ956ÿ710ÿ912 octets libres
L2mfix 032106
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 616 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Killing PID 852 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 584 'explorer.exe'
Killing PID 584 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1908 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\agifil32.dll
Successfully Deleted: C:\WINDOWS\system32\agifil32.dll
Deleting: C:\WINDOWS\system32\CsCamMgr.dll
Successfully Deleted: C:\WINDOWS\system32\CsCamMgr.dll
Deleting: C:\WINDOWS\system32\en8sl1l71.dll
Successfully Deleted: C:\WINDOWS\system32\en8sl1l71.dll
Deleting: C:\WINDOWS\system32\hrn6055se.dll
Successfully Deleted: C:\WINDOWS\system32\hrn6055se.dll
Deleting: C:\WINDOWS\system32\jksd400.dll
Successfully Deleted: C:\WINDOWS\system32\jksd400.dll
Deleting: C:\WINDOWS\system32\oajsel.dll
Successfully Deleted: C:\WINDOWS\system32\oajsel.dll
msg11?.dll
0 fichier(s) copi‚(s).
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en8sl1l71.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\agifil32.dll
C:\WINDOWS\system32\CsCamMgr.dll
C:\WINDOWS\system32\en8sl1l71.dll
C:\WINDOWS\system32\hrn6055se.dll
C:\WINDOWS\system32\jksd400.dll
C:\WINDOWS\system32\oajsel.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}\InprocServer32]
@="C:\\WINDOWS\\system32\\jksd400.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{26DB6053-123B-41ED-A734-AB82F92AB25B}"=-
"{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}"=-
[-HKEY_CLASSES_ROOT\CLSID\{26DB6053-123B-41ED-A734-AB82F92AB25B}]
[-HKEY_CLASSES_ROOT\CLSID\{6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/agifil32.dll (164 bytes security) (deflated 5%)
adding: dlls/CsCamMgr.dll (164 bytes security) (deflated 5%)
adding: dlls/en8sl1l71.dll (164 bytes security) (deflated 5%)
adding: dlls/hrn6055se.dll (164 bytes security) (deflated 5%)
adding: dlls/jksd400.dll (164 bytes security) (deflated 5%)
adding: dlls/oajsel.dll (164 bytes security) (deflated 4%)
adding: backregs/6E889F67-4F44-4DB4-ADBF-1ECCF6E2725B.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 63%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Et voila mon log hijackthis je te remercie en attente de ta reponce Logfile of HijackThis v1.99.1
Scan saved at 19:27:05, on 29/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\en8sl1l71.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
Que doije fair?
Lance HJT coche puis fixe cette ligne
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\en8sl1l71.dll (file missing)
As-tu encore des problemes ?
non plus aucun probleme je te remercie pour ton aide c'est sympathique de ta part...
Bonjour,
Je rencontre les mêmes problèmes avec des fenêtres intempestives qui s'ouvrent constamment sur mon PC concernant la sécurité de mon PC.
Je vous donne le résultat de mon scan..
J'attends avec impatience votre réponse et vous remercie par avance de votre aide..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:54, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\audrey\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/ [...] meHost.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5291 bytes
Il y a 2311 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
