Se connecter avec
S'enregistrer | Connectez-vous
Votre question

Ouverture intempestive de pages internet

Dernière réponse : dans Sécurité et virus
Partagez
20 Octobre 2005 23:51:28

Depuis hier je n'arrête pas d'avoir des ouvertures de pages internet à intervalles réguliers... c'est très pénible
Logfile of HijackThis v1.99.1
Scan saved at 23:50:50, on 20/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Documents and Settings\JC\Mes documents\IE6\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [mFCVesOB2] C:\WINDOWS\qtwhf.exe
O4 - HKLM\..\Run: [bqbar] C:\WINDOWS\bqbar.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .VOB: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2....
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/i...
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\q2ps0c77ef.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Merci d'avance de votre aide

Autres pages sur : ouverture intempestive pages internet

21 Octobre 2005 07:29:37

Un peu d'aide SVP
21 Octobre 2005 10:10:59

bonjour coche ses lignes en mode sans echec

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about :blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM\..\Run: [mFCVesOB2] C:\WINDOWS\qtwhf.exe
O4 - HKLM\..\Run: [bqbar] C:\WINDOWS\bqbar.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .VOB: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

supprime les fichier suivent en t assurent avoir acces au fichier cacher
C:\WINDOWS\qtwhf.exe
C:\WINDOWS\bqbar.exe

redemarre et reposte un log
Contenus similaires
Pas de réponse à votre question ? Demandez !
21 Octobre 2005 10:12:09

Bonjour,

Tu as une infection VX2.Look2Me très coriace.
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\q2ps0c77ef.dll
(la DLL infectieuse change de nom à chaque démarrage)
Normalement le prog l2mfix.exe le supprime.

1/ Télécharge l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install

2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste le rapport.

3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal !
Enfin poste le rapport obtenu.

-----------------------------

Ensuite :

1/ Télécharge et installe CCleaner

2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

3/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about :blank
R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)

O4 - HKLM\..\Run: [mFCVesOB2] C:\WINDOWS\qtwhf.exe
O4 - HKLM\..\Run: [bqbar] C:\WINDOWS\bqbar.exe

la ligne O20 - Winlogon Notify: si encore présente

O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
--> si tu connais pas

4/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)

5/ ensuite supprime les fichiers et/ou dossiers suivants si présents :

C:\WINDOWS\qtwhf.exe
C:\WINDOWS\bqbar.exe
C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\ --> supprime ce dossier si tu connais pas

6/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage

7/ Redémarre normalement et poste un nouveau rapport HijackThis.


EDIT : bonjour alessio
t'as été plus rapide que moi ! Cela dit il faut virer l'infection Look2Me ;-)
21 Octobre 2005 21:18:26

Merci de votre aide.
Ci-joint le poste suite à l'option 1 de L2mfix.exe

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NetCache]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\e8200ifme82a0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9059BE90-9C3B-B827-F918-8DAD7EBD2E9F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{B446400D-0030-457b-8F64-422A19605186}"="Logitech Gallery"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}"=""
"{0764EDA1-6074-41B0-8AFC-05425F44CD57}"=""
"{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}"=""
"{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\iofgnt5.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0764EDA1-6074-41B0-8AFC-05425F44CD57}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0764EDA1-6074-41B0-8AFC-05425F44CD57}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0764EDA1-6074-41B0-8AFC-05425F44CD57}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0764EDA1-6074-41B0-8AFC-05425F44CD57}\InprocServer32]
@="C:\\WINDOWS\\system32\\mkhtml.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}\InprocServer32]
@="C:\\WINDOWS\\system32\\mvjtes40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}\InprocServer32]
@="C:\\WINDOWS\\system32\\pIutoenr.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
cmdlin~1.dll Sun 24 Jul 2005 11:23:12 A.... 43 520 42,50 K
e8200i~1.dll Fri 21 Oct 2005 14:44:02 ..S.R 234 944 229,44 K
efsnaspi.dll Wed 19 Oct 2005 23:30:22 A.... 45 056 44,00 K
gpj6l3~1.dll Fri 21 Oct 2005 12:46:04 ..S.R 236 529 230,98 K
iofgnt5.dll Wed 19 Oct 2005 23:28:54 ..... 234 272 228,78 K
k4620e~1.dll Fri 21 Oct 2005 8:37:34 ..S.R 235 180 229,67 K
kddsf.dll Fri 21 Oct 2005 21:10:20 ..S.R 234 944 229,44 K
kt4sl7~1.dll Fri 21 Oct 2005 21:12:30 ..S.R 236 691 231,14 K
ktn6l7~1.dll Fri 21 Oct 2005 7:25:44 ..S.R 234 272 228,78 K
m246lc~1.dll Fri 21 Oct 2005 14:47:02 ..S.R 234 916 229,41 K
mkhtml.dll Fri 21 Oct 2005 8:37:34 ..S.R 234 916 229,41 K
muc40u.dll Fri 21 Oct 2005 8:16:20 ..S.R 234 916 229,41 K
mvjtes40.dll Thu 20 Oct 2005 1:02:50 ..S.R 234 916 229,41 K
piutoenr.dll Fri 21 Oct 2005 21:12:30 ..S.R 234 944 229,44 K
sintf16.dll Wed 21 Sep 2005 18:16:00 A.... 12 067 11,78 K
sintf32.dll Wed 21 Sep 2005 18:16:00 A.... 17 212 16,81 K
sintfnt.dll Wed 21 Sep 2005 18:16:00 A.... 21 840 21,33 K
ufrlbva.dll Wed 19 Oct 2005 23:40:10 ..S.R 234 272 228,78 K

18 items found: 18 files (12 H/S), 0 directories.
Total of file sizes: 3 195 407 bytes 3,05 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est F09C-896B

R‚pertoire de C:\WINDOWS\System32

21/10/2005 21:12 234ÿ944 pIutoenr.dll
21/10/2005 21:12 236ÿ691 kt4sl7h71.dll
21/10/2005 21:10 234ÿ944 kddsf.dll
21/10/2005 14:47 234ÿ916 m246lchs1f46.dll
21/10/2005 14:44 234ÿ944 e8200ifme82a0.dll
21/10/2005 12:46 236ÿ529 gpj6l31s1.dll
21/10/2005 08:37 234ÿ916 mkhtml.dll
21/10/2005 08:37 235ÿ180 k4620ejoehoc0.dll
21/10/2005 08:16 234ÿ916 muc40u.dll
21/10/2005 07:25 234ÿ272 ktn6l75s1.dll
20/10/2005 01:02 234ÿ916 mvjtes40.dll
19/10/2005 23:40 234ÿ272 ufrlbva.dll
17/09/2005 00:20 <REP> dllcache
26/02/2005 10:16 12ÿ288 Thumbs.db
07/10/2004 22:51 <REP> Microsoft
05/01/2002 04:40 487ÿ424 msvcp70.dll
05/01/2002 04:37 344ÿ064 msvcr70.dll
15 fichier(s) 3ÿ665ÿ216 octets
2 R‚p(s) 3ÿ352ÿ989ÿ696 octets libres
21 Octobre 2005 21:30:18

Après l'option, il y a eu redémarrage mais pas disparition des icônes ???
Ci-joint le rapport.


L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9059BE90-9C3B-B827-F918-8DAD7EBD2E9F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{B446400D-0030-457b-8F64-422A19605186}"="Logitech Gallery"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}"=""
"{0764EDA1-6074-41B0-8AFC-05425F44CD57}"=""
"{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}"=""
"{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\iofgnt5.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0764EDA1-6074-41B0-8AFC-05425F44CD57}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0764EDA1-6074-41B0-8AFC-05425F44CD57}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0764EDA1-6074-41B0-8AFC-05425F44CD57}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0764EDA1-6074-41B0-8AFC-05425F44CD57}\InprocServer32]
@="C:\\WINDOWS\\system32\\mkhtml.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}\InprocServer32]
@="C:\\WINDOWS\\system32\\mvjtes40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}\InprocServer32]
@="C:\\WINDOWS\\system32\\pIutoenr.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
cmdlin~1.dll Sun 24 Jul 2005 11:23:12 A.... 43 520 42,50 K
efsnaspi.dll Wed 19 Oct 2005 23:30:22 A.... 45 056 44,00 K
gpj6l3~1.dll Fri 21 Oct 2005 12:46:04 ..S.R 236 529 230,98 K
iofgnt5.dll Wed 19 Oct 2005 23:28:54 ..... 234 272 228,78 K
k4620e~1.dll Fri 21 Oct 2005 8:37:34 ..S.R 235 180 229,67 K
kddsf.dll Fri 21 Oct 2005 21:10:20 ..S.R 234 944 229,44 K
kt4sl7~1.dll Fri 21 Oct 2005 21:12:30 ..S.R 236 691 231,14 K
ktn6l7~1.dll Fri 21 Oct 2005 7:25:44 ..S.R 234 272 228,78 K
m246lc~1.dll Fri 21 Oct 2005 14:47:02 ..S.R 234 916 229,41 K
mkhtml.dll Fri 21 Oct 2005 8:37:34 ..S.R 234 916 229,41 K
mtcbase.dll Fri 21 Oct 2005 21:24:46 ..S.R 234 944 229,44 K
muc40u.dll Fri 21 Oct 2005 8:16:20 ..S.R 234 916 229,41 K
mvjtes40.dll Thu 20 Oct 2005 1:02:50 ..S.R 234 916 229,41 K
piutoenr.dll Fri 21 Oct 2005 21:12:30 ..S.R 234 944 229,44 K
sintf16.dll Wed 21 Sep 2005 18:16:00 A.... 12 067 11,78 K
sintf32.dll Wed 21 Sep 2005 18:16:00 A.... 17 212 16,81 K
sintfnt.dll Wed 21 Sep 2005 18:16:00 A.... 21 840 21,33 K
ufrlbva.dll Wed 19 Oct 2005 23:40:10 ..S.R 234 272 228,78 K

18 items found: 18 files (12 H/S), 0 directories.
Total of file sizes: 3 195 407 bytes 3,05 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Fri 21 Oct 2005 21:19:30 ..S.R 234 944 229,44 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 234 944 bytes 229,44 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est F09C-896B

R‚pertoire de C:\WINDOWS\System32

21/10/2005 21:24 234ÿ944 mtcbase.dll
21/10/2005 21:19 234ÿ944 guard.tmp
21/10/2005 21:12 234ÿ944 pIutoenr.dll
21/10/2005 21:12 236ÿ691 kt4sl7h71.dll
21/10/2005 21:10 234ÿ944 kddsf.dll
21/10/2005 14:47 234ÿ916 m246lchs1f46.dll
21/10/2005 12:46 236ÿ529 gpj6l31s1.dll
21/10/2005 08:37 234ÿ916 mkhtml.dll
21/10/2005 08:37 235ÿ180 k4620ejoehoc0.dll
21/10/2005 08:16 234ÿ916 muc40u.dll
21/10/2005 07:25 234ÿ272 ktn6l75s1.dll
20/10/2005 01:02 234ÿ916 mvjtes40.dll
19/10/2005 23:40 234ÿ272 ufrlbva.dll
17/09/2005 00:20 <REP> dllcache
26/02/2005 10:16 12ÿ288 Thumbs.db
07/10/2004 22:51 <REP> Microsoft
05/01/2002 04:40 487ÿ424 msvcp70.dll
05/01/2002 04:37 344ÿ064 msvcr70.dll
16 fichier(s) 3ÿ900ÿ160 octets
2 R‚p(s) 3ÿ350ÿ884ÿ352 octets libres
21 Octobre 2005 21:45:47

Ci-joint le rapport final de Hijackthis...
Malheureusement, il y a toujours des fenêtres qui s'ouvrent de manière intempestive....

Logfile of HijackThis v1.99.1
Scan saved at 21:40:51, on 21/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Documents and Settings\JC\Mes documents\IE6\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2....
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/i...
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/spsp29953.01n...
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

21 Octobre 2005 21:56:20

alors l'infection VX2.Look2Me semble être éradiquée.

je ne vois plus rien d'infectieux dans le rapport HJT
juste ceci à fixer :
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/spsp29953.01n...

les fenêtres intempestives sont-elles des fenêtres genre message de windows ou des fenêtres Internet Explorer ?
21 Octobre 2005 21:58:34

Ce sont des fenêtres Internet explorer...
Elles s'ouvrent et se mettent au premier plan quelque soit l'application ouverte... C'est très pénible.
Merci de l'aide.
21 Octobre 2005 22:08:05

Le problème c'est que l'infection n'apparait pas dans le rapport HJT. :-?

essaie ceci :

1/ Télécharge ces prog (du moins ceux que t'as pas déjà !):
Ad-aware SE
Spybot Search and Destroy
ewido
installe-les et mets-les à jour

2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)

3/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage

4/ Lance un scan avec Ad-aware SE (à la fin du scan, clic sur Next puis clic droit dans la fenêtre et Select All Objects puis Next puis OK)
idem avec Spybot Search and Destroy (clic sur Corriger les problèmes à la fin du scan)
idem avec ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.

5/ Redémarre normalement et poste le rapport d'ewido.
22 Octobre 2005 00:51:06

J'ai fait 2 fois la manip.
Ewido m'a supprimé un paquet de problèmes y compris look2me.
Au deuxième passage adaware et spybot => aucune détection. Par contre Ewido à nouveau 3 fois look2me...
J'ai redémarré et j'ai toujours les pages qui s'ouvrent :-( :-( :-( (le plus souvent sur un site du style : www.searc-h.com
22 Octobre 2005 01:24:30

J'ai l'impression que le fichier l2mfix.exe ne fonctionne pas correctement notamment après le redémarrage... il n'y a pas de rapport à la fin...
Quand je refais l'option, à la fin les mêmes fichiers sont toujours identifiés....
22 Octobre 2005 09:10:44

Fais ceci :

Ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes devraient apparaître puis disparaître, c'est normal ! et un rapport devrait être généré.
>> Si après redémarrage les icônes ne disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat

Enfin poste le rapport obtenu.
22 Octobre 2005 09:57:44

- double post -
désolé
22 Octobre 2005 10:45:39

J'ai bien eu le rapport après le reboot bien que les icônes n'aient pas disparu
Ci-joint le rapport : (merci encore)

Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 832 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1152 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\__delete_on_reboot__ARQCpURes.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\pIutoenr.dll
1 fichier(s) copi‚(s).
deleting: C:\WINDOWS\system32\__delete_on_reboot__ARQCpURes.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__ARQCpURes.dll
deleting: C:\WINDOWS\system32\pIutoenr.dll
Successfully Deleted: C:\WINDOWS\system32\pIutoenr.dll


Zipping up files for submission:
adding: pIutoenr.dll (188 bytes security) (deflated 5%)
adding: __delete_on_reboot__ARQCpURes.dll (188 bytes security) (deflated 5%)
adding: clear.reg (188 bytes security) (deflated 51%)
adding: ATC4-5.INI (188 bytes security) (stored 0%)
adding: error.txt (188 bytes security) (deflated 54%)
adding: lo2.txt (188 bytes security) (deflated 63%)
adding: maison2.txt (188 bytes security) (deflated 66%)
adding: MDacLog.txt (188 bytes security) (deflated 94%)
adding: test.txt (188 bytes security) (deflated 28%)
adding: test2.txt (188 bytes security) (deflated 34%)
adding: test3.txt (188 bytes security) (deflated 34%)
adding: test5.txt (188 bytes security) (deflated 34%)
adding: tmp.txt (188 bytes security) (deflated 44%)
adding: xfind.txt (188 bytes security) (deflated 22%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

Restoring Windows Update Certificates.:

deleting local copy: __delete_on_reboot__ARQCpURes.dll
deleting local copy: pIutoenr.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\__delete_on_reboot__ARQCpURes.dll
C:\WINDOWS\system32\pIutoenr.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}"=-
"{0764EDA1-6074-41B0-8AFC-05425F44CD57}"=-
"{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}"=-
"{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}"=-
[-HKEY_CLASSES_ROOT\CLSID\{A1CB33D2-F903-49D1-9E1A-4BE23AC927FE}]
[-HKEY_CLASSES_ROOT\CLSID\{0764EDA1-6074-41B0-8AFC-05425F44CD57}]
[-HKEY_CLASSES_ROOT\CLSID\{64ABFC8D-B269-4277-8C05-FC29AF3E3C6D}]
[-HKEY_CLASSES_ROOT\CLSID\{ADA4345F-1CAB-4E5B-85F6-B5EB230C2D02}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
22 Octobre 2005 11:14:19

as-tu encore les fenêtres intempestives ?
22 Octobre 2005 14:54:01

Ca y est je crois que c'est enfin OK....
Merci encore !
22 Octobre 2005 15:43:10

ouf.
je t'avais prévenu que Look2Me était coriace. ;-)
22 Octobre 2005 20:40:52

Trop coriace...
Il est troujours là !!!
Et là je désespère !!!!
22 Octobre 2005 20:48:21

refais la manip option 2 avec L2MFIX
>> Si après redémarrage les icônes ne disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
22 Octobre 2005 21:41:32

j'ai un gros pb avec trojan vundo. Je ne sais pas comment l'enlever.
Logfile of HijackThis v1.99.1
Scan saved at 21:36:09, on 22/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\déglingos\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lequipe.fr/Football/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\ddaba.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Pilote Remocon.lnk = ?
O4 - Global Startup: VAIO Action Setup (Serveur).lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB
O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
22 Octobre 2005 21:53:47

Ca semble s'être bien passé avec l2mfix.exe.
Ci-joint le rapport après reboot.

Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 112 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1176 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (188 bytes security) (deflated 2%)
adding: ATC4-5.INI (188 bytes security) (stored 0%)
adding: error.txt (188 bytes security) (deflated 54%)
adding: lo2.txt (188 bytes security) (deflated 53%)
adding: log.txt (188 bytes security) (deflated 75%)
adding: maison2.txt (188 bytes security) (deflated 66%)
adding: MDacLog.txt (188 bytes security) (deflated 94%)
adding: test.txt (188 bytes security) (stored 0%)
adding: test2.txt (188 bytes security) (stored 0%)
adding: test3.txt (188 bytes security) (stored 0%)
adding: test5.txt (188 bytes security) (stored 0%)
adding: tmp.txt (188 bytes security) (deflated 44%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

Restoring Windows Update Certificates.:


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
22 Octobre 2005 22:03:51

Et les fenêtres continuent de s'ouvrir....
22 Octobre 2005 22:33:57

stp poste un nouveau rapport HJT pour voir...
22 Octobre 2005 23:14:56

Voilà le rapport :

Logfile of HijackThis v1.99.1
Scan saved at 23:14:12, on 22/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Documents and Settings\JC\Mes documents\IE6\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2....
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

23 Octobre 2005 02:55:09

Le problème est que l'infection n'apparaît pas dans le rapport HJT.

Fais un scan en ligne chez kaspersky et poste le rapport.
>> dans Configuration choisis Base virale étendue
>> et analyse le Poste de Travail

Fais un scan chez PestPatrol et poste le rapport.
23 Octobre 2005 19:18:49

ci-joint le rapport suite à kaspersky :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, October 23, 2005 17:03:27
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 23/10/2005
Kaspersky Anti-Virus database records: 146366
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan Statistics:
Total number of scanned objects: 93480
Number of viruses found: 4
Number of infected objects: 62
Number of suspicious objects: 0
Duration of the scan process: 3417 sec

Infected Object Name - Virus Name
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED/information.zip/information.txt.exe Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED/information.zip Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 6b.262888df.2da42930@aol.com][Date Fri, 27 Aug 2004 14:49:48 +0200]/UNNAMED/swimmingpool.rtf.com Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 6b.262888df.2da42930@aol.com][Date Fri, 27 Aug 2004 14:49:48 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From edith.varet@wanadoo.fr][Date Sun, 29 Aug 2004 20:33:02 +0200]/UNNAMED/party.com Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From edith.varet@wanadoo.fr][Date Sun, 29 Aug 2004 20:33:02 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED/disco.zip/disco.htm.com Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED/disco.zip Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED/me.zip/me.htm.com Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED/me.zip Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED/nomoney.zip/nomoney.com Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED/nomoney.zip Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From benoit@ctonet.it][Date Tue, 14 Sep 2004 12:32:57 +0200]/UNNAMED/my_details.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From benoit@ctonet.it][Date Tue, 14 Sep 2004 12:32:57 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From inscription@salonmicroentreprises.com][Date Wed, 29 Sep 2004 11:34:15 +0200]/UNNAMED/your_details.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From inscription@salonmicroentreprises.com][Date Wed, 29 Sep 2004 11:34:15 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED/doc.txt.pif Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Éléments supprimés/10 Oct 2005 19:35 from amer@aol.com:Re: Your bill/your_bill.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Infected: Email-Worm.Win32.NetSky.aa
C:\WINDOWS\system32\efsnaspi.dll Infected: Trojan.Win32.Crypt.t
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED/doc.txt.pif Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED/doc.txt.pif Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED/doc.txt.pif Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED/information.zip/information.txt.exe Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED/information.zip Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From 6b.262888df.2da42930@aol.com][Date Fri, 27 Aug 2004 14:49:48 +0200]/UNNAMED/swimmingpool.rtf.com Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From 6b.262888df.2da42930@aol.com][Date Fri, 27 Aug 2004 14:49:48 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From edith.varet@wanadoo.fr][Date Sun, 29 Aug 2004 20:33:02 +0200]/UNNAMED/party.com Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From edith.varet@wanadoo.fr][Date Sun, 29 Aug 2004 20:33:02 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED/disco.zip/disco.htm.com Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED/disco.zip Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED/me.zip/me.htm.com Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED/me.zip Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED/nomoney.zip/nomoney.com Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED/nomoney.zip Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From benoit@ctonet.it][Date Tue, 14 Sep 2004 12:32:57 +0200]/UNNAMED/my_details.pif Infected: Email-Worm.Win32.NetSky.d
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From benoit@ctonet.it][Date Tue, 14 Sep 2004 12:32:57 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From inscription@salonmicroentreprises.com][Date Wed, 29 Sep 2004 11:34:15 +0200]/UNNAMED/your_details.pif Infected: Email-Worm.Win32.NetSky.d
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From inscription@salonmicroentreprises.com][Date Wed, 29 Sep 2004 11:34:15 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d
D:\Internet\Outlook Express\Éléments supprimés.dbx Infected: Email-Worm.Win32.NetSky.d

Scan process completed.
23 Octobre 2005 19:29:08

Pest patrol a détecté ceci :
abxtoolbar Browser Helper Object
Browser Helper Object "abxtoolbar" found in:
key "hkey_current_user \software\maxthon"
More Info
Adtech.de Tracking Cookie
Tracking Cookie "Adtech.de" found in:
Cookie "jc@adtech[2].txt" File "C:\Documents and Settings\JC\Cookies\jc@adtech[2].txt"
More Info
Bluestreak.com Tracking Cookie
Tracking Cookie "Bluestreak.com" found in:
Cookie "jc@bluestreak[2].txt" File "C:\Documents and Settings\JC\Cookies\jc@bluestreak[2].txt"
More Info
Com.com Tracking Cookie
Tracking Cookie "Com.com" found in:
Cookie "jc@com[2].txt" File "C:\Documents and Settings\JC\Cookies\jc@com[2].txt"
More Info
Revenue.net Tracking Cookie
Tracking Cookie "Revenue.net" found in:
Cookie "jc@revenue[1].txt" File "C:\Documents and Settings\JC\Cookies\jc@revenue[1].txt"
More Info
TrafficMarketplace Tracking Cookie
Tracking Cookie "TrafficMarketplace" found in:
Cookie "jc@trafficmp[1].txt" File "C:\Documents and Settings\JC\Cookies\jc@trafficmp[1].txt"
More Info
ISTbar Hijacker
Hijacker "ISTbar" found in:
File "C:\WINDOWS\alchem.ini"
More Info
ZenoSearch Adware
23 Octobre 2005 19:34:06

Avec plus de détails :
abxtoolbar Browser Helper Object
Browser Helper Object "abxtoolbar" found in:
key "hkey_current_user \software\maxthon"
More Info
Adtech.de Tracking Cookie
Tracking Cookie "Adtech.de" found in:
Cookie "jc@adtech[2].txt" File "C:\Documents and Settings\JC\Cookies\jc@adtech[2].txt"
More Info
Bluestreak.com Tracking Cookie
Tracking Cookie "Bluestreak.com" found in:
Cookie "jc@bluestreak[2].txt" File "C:\Documents and Settings\JC\Cookies\jc@bluestreak[2].txt"
More Info
Com.com Tracking Cookie
Tracking Cookie "Com.com" found in:
Cookie "jc@com[2].txt" File "C:\Documents and Settings\JC\Cookies\jc@com[2].txt"
More Info
Revenue.net Tracking Cookie
Tracking Cookie "Revenue.net" found in:
Cookie "jc@revenue[1].txt" File "C:\Documents and Settings\JC\Cookies\jc@revenue[1].txt"
More Info
TrafficMarketplace Tracking Cookie
Tracking Cookie "TrafficMarketplace" found in:
Cookie "jc@trafficmp[1].txt" File "C:\Documents and Settings\JC\Cookies\jc@trafficmp[1].txt"
More Info
ISTbar Hijacker
Hijacker "ISTbar" found in:
File "C:\WINDOWS\alchem.ini"
More Info
ZenoSearch Adware
Adware "ZenoSearch" found in:
File "C:\WINDOWS\system32\msnav32.ax"

23 Octobre 2005 20:59:19

Ci-joint le rapport de kaspersky avec l'option étendue de la base des virus...
Apparemment il y a encore des virus : comment les supprimer ?

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, October 23, 2005 20:55:42
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 23/10/2005
Kaspersky Anti-Virus database records: 155828
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan Statistics:
Total number of scanned objects: 93796
Number of viruses found: 5
Number of infected objects: 66
Number of suspicious objects: 0
Duration of the scan process: 3385 sec

Infected Object Name - Virus Name
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED/information.zip/information.txt.exe Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED/information.zip Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 6b.262888df.2da42930@aol.com][Date Fri, 27 Aug 2004 14:49:48 +0200]/UNNAMED/swimmingpool.rtf.com Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 6b.262888df.2da42930@aol.com][Date Fri, 27 Aug 2004 14:49:48 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From edith.varet@wanadoo.fr][Date Sun, 29 Aug 2004 20:33:02 +0200]/UNNAMED/party.com Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From edith.varet@wanadoo.fr][Date Sun, 29 Aug 2004 20:33:02 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED/disco.zip/disco.htm.com Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED/disco.zip Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED/me.zip/me.htm.com Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED/me.zip Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED/nomoney.zip/nomoney.com Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED/nomoney.zip Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From benoit@ctonet.it][Date Tue, 14 Sep 2004 12:32:57 +0200]/UNNAMED/my_details.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From benoit@ctonet.it][Date Tue, 14 Sep 2004 12:32:57 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From inscription@salonmicroentreprises.com][Date Wed, 29 Sep 2004 11:34:15 +0200]/UNNAMED/your_details.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From inscription@salonmicroentreprises.com][Date Wed, 29 Sep 2004 11:34:15 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED/doc.txt.pif Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Identities\{7BCD6B0B-711B-4088-8A68-DD384364BE2D}\Microsoft\Outlook Express\Éléments supprimés.dbx Infected: Email-Worm.Win32.NetSky.b
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Éléments supprimés/10 Oct 2005 19:35 from amer@aol.com:Re: Your bill/your_bill.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Dossiers personnels/Boîte de réception/25 Jul 2005 07:00 from cderostand@venteprivee.com:Important/Notice.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Infected: Email-Worm.Win32.NetSky.aa
C:\WINDOWS\system32\efsnaspi.dll Infected: Trojan.Win32.Crypt.t
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED/doc.txt.pif Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED/doc.txt.pif Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED/doc.txt.pif Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx/[From aac_care@tx.acer.com][Date Fri, 27 Aug 2004 14:11:09 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Boîte de réception.dbx Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED/information.zip/information.txt.exe Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED/information.zip Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From sertekcare@sertek.com.tw][Date Fri, 27 Aug 2004 10:31:29 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From 6b.262888df.2da42930@aol.com][Date Fri, 27 Aug 2004 14:49:48 +0200]/UNNAMED/swimmingpool.rtf.com Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From 6b.262888df.2da42930@aol.com][Date Fri, 27 Aug 2004 14:49:48 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From edith.varet@wanadoo.fr][Date Sun, 29 Aug 2004 20:33:02 +0200]/UNNAMED/party.com Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From edith.varet@wanadoo.fr][Date Sun, 29 Aug 2004 20:33:02 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED/disco.zip/disco.htm.com Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED/disco.zip Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From tech_support@acerafrica.com][Date Sun, 29 Aug 2004 19:01:06 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED/me.zip/me.htm.com Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED/me.zip Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From cannem3@aol.com][Date Mon, 30 Aug 2004 09:52:50 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED/nomoney.zip/nomoney.com Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED/nomoney.zip Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From inet@microsoft.com][Date Tue, 31 Aug 2004 15:37:06 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From benoit@ctonet.it][Date Tue, 14 Sep 2004 12:32:57 +0200]/UNNAMED/my_details.pif Infected: Email-Worm.Win32.NetSky.d
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From benoit@ctonet.it][Date Tue, 14 Sep 2004 12:32:57 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From inscription@salonmicroentreprises.com][Date Wed, 29 Sep 2004 11:34:15 +0200]/UNNAMED/your_details.pif Infected: Email-Worm.Win32.NetSky.d
D:\Internet\Outlook Express\Éléments supprimés.dbx/[From inscription@salonmicroentreprises.com][Date Wed, 29 Sep 2004 11:34:15 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d
D:\Internet\Outlook Express\Éléments supprimés.dbx Infected: Email-Worm.Win32.NetSky.d
D:\Mes documents\Traduction\vnc-3.3.7-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c
D:\Mes documents\Traduction\vnc-3.3.7-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c
D:\Mes documents\Traduction\vnc-3.3.7-x86_win32.exe/data0004 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c
D:\Mes documents\Traduction\vnc-3.3.7-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c

Scan process completed.
24 Octobre 2005 00:40:02

Citation :
Apparemment il y a encore des virus : comment les supprimer ?

La plupart sont des emails dans les éléments supprimés de Outlook Express : donc vide ce dossier
Certains dans la Boîte de réception de Outlook (disque C:)  --> cherche-les et supprime-les
Certains dans la Boîte de réception de Outlook Express (disque D:)  --> cherche-les et supprime-les

et supprime C:\WINDOWS\system32\efsnaspi.dll
6 Février 2008 10:20:35

Bonjour, j'ai des pages internet qui s'ouvrent egalement, j'ai Windows Vista , et en fait c'est 2 pages qui s'ouvrent, une qui change a chaque fois, et l'autre, la page d'accueil.
Voici le log de HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:13:12, on 2/6/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
D:\Téléchargement Firefox\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&chan...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: dlbu_device - - C:\Windows\system32\dlbucoms.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Merci de votre aide, que faut il que je fasse?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS