julien_oyh
-
Compteur de contenus
7 -
Inscription
-
Dernière visite
julien_oyh's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Analyse Hijack this svp
julien_oyh a répondu à un(e) sujet de julien_oyh dans Analyses et éradication malwares
C'est bon, je me suis débrouillé ! Alors voici le report de LM2FIX L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\i8600ijme8oa0.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{99D5BF70-4EB2-E487-FB3E-57A10BE191A4}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}"="Mobile Device" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" "{4C427AF8-553C-4B45-9944-F3076E9EFD72}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4C427AF8-553C-4B45-9944-F3076E9EFD72}] @="" [HKEY_CLASSES_ROOT\CLSID\{4C427AF8-553C-4B45-9944-F3076E9EFD72}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4C427AF8-553C-4B45-9944-F3076E9EFD72}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4C427AF8-553C-4B45-9944-F3076E9EFD72}\InprocServer32] @="C:\\WINDOWS\\system32\\sghcinst.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ bassmod.dll Tue 16 May 2006 18:10:58 A.... 34 308 33,50 K browseui.dll Sat 4 Mar 2006 5:34:58 A.... 1 023 488 999,50 K cdfview.dll Sat 4 Mar 2006 5:34:58 A.... 152 064 148,50 K danim.dll Sat 4 Mar 2006 5:34:58 A.... 1 056 768 1,01 M dxtrans.dll Sat 4 Mar 2006 5:34:58 A.... 205 312 200,50 K extmgr.dll Sat 4 Mar 2006 5:34:58 ..... 55 808 54,50 K i8600i~1.dll Tue 16 May 2006 16:56:18 ..S.R 233 560 228,09 K iepeers.dll Sat 4 Mar 2006 5:34:58 A.... 251 392 245,50 K inetcomm.dll Fri 17 Mar 2006 11:11:46 A.... 679 424 663,50 K inseng.dll Sat 4 Mar 2006 5:34:58 A.... 96 768 94,50 K l0n4la~1.dll Tue 16 May 2006 19:35:44 ..S.R 235 534 230,01 K msdtcprx.dll Wed 1 Mar 2006 21:43:50 A.... 426 496 416,50 K msdtctm.dll Wed 1 Mar 2006 21:43:50 A.... 956 416 934,00 K msdtcuiu.dll Wed 1 Mar 2006 21:43:52 A.... 161 280 157,50 K mshtml.dll Thu 23 Mar 2006 22:35:42 A.... 3 074 560 2,93 M mshtmled.dll Sat 4 Mar 2006 5:35:00 A.... 448 512 438,00 K msrating.dll Sat 4 Mar 2006 5:35:00 A.... 146 432 143,00 K mstime.dll Sat 4 Mar 2006 5:35:02 A.... 532 480 520,00 K mtxclu.dll Wed 1 Mar 2006 21:43:52 A.... 66 560 65,00 K mtxoci.dll Wed 1 Mar 2006 21:43:52 A.... 91 136 89,00 K p64ulg~1.dll Tue 16 May 2006 18:05:06 ..S.R 234 380 228,89 K pncrt.dll Tue 4 Apr 2006 11:12:54 A.... 278 528 272,00 K pndx5016.dll Tue 4 Apr 2006 11:12:56 A.... 6 656 6,50 K pndx5032.dll Tue 4 Apr 2006 11:12:56 A.... 5 632 5,50 K pngfilt.dll Sat 4 Mar 2006 5:35:02 A.... 39 424 38,50 K rmoc3260.dll Tue 4 Apr 2006 11:13:08 A.... 176 167 172,04 K sghcinst.dll Wed 17 May 2006 11:57:34 ..S.R 233 560 228,09 K shdocvw.dll Thu 30 Mar 2006 11:26:12 A.... 1 492 992 1,42 M shell32.dll Fri 17 Mar 2006 6:07:40 A.... 8 508 416 8,11 M shlwapi.dll Sat 4 Mar 2006 5:35:02 A.... 474 624 463,50 K urlmon.dll Sat 18 Mar 2006 13:09:54 A.... 615 424 601,00 K wininet.dll Sat 4 Mar 2006 5:35:02 A.... 662 528 647,00 K wmp.dll Fri 10 Mar 2006 6:09:14 A.... 5 533 696 5,28 M xolehlp.dll Wed 1 Mar 2006 21:43:52 A.... 11 776 11,50 K xpsp3res.dll Thu 30 Mar 2006 3:16:46 A.... 17 920 17,50 K 35 items found: 35 files (4 H/S), 0 directories. Total of file sizes: 28 220 021 bytes 26,91 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Wed 17 May 2006 11:57:50 A.... 234 464 228,97 K 1 item found: 1 file, 0 directories. Total of file sizes: 234 464 bytes 228,97 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle Disque Dur Le num‚ro de s‚rie du volume est 284B-A200 R‚pertoire de C:\WINDOWS\System32 17/05/2006 11:57 233ÿ560 sghcinst.dll 16/05/2006 19:35 235ÿ534 l0n4la5q1d.dll 16/05/2006 18:05 234ÿ380 p64ulgh9164.dll 16/05/2006 16:56 233ÿ560 i8600ijme8oa0.dll 15/05/2006 19:06 <REP> dllcache 11/04/2006 22:20 <REP> Microsoft 4 fichier(s) 937ÿ034 octets 2 R‚p(s) 5ÿ335ÿ056ÿ384 octets libres Et le Hijack (dans le doute ...) Logfile of HijackThis v1.99.1 Scan saved at 12:27:03, on 17/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://offyourhead.free.fr/internet.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04145c0885590b...RdxIE601_fr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144687320175 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\en2sl1f71.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe MERCI !! -
Analyse Hijack this svp
julien_oyh a répondu à un(e) sujet de julien_oyh dans Analyses et éradication malwares
GROS GROS SOUCIS, J'ai donc relancé Lm2fix et fait la manip #2. En revanche au redemarrage j'arrive à l'écran d'administration de Windows (celui qui s'affiche quand il y a plusieurs utilisateurs différents de déclarés, ou que l'on rentre un mot de passe, choses que je n'ai jamais fait). Le nom d'utilisateur est LM2FIX et il me demande un mot de passe ... Bref je ne peux plus acceder à windows... -
Analyse Hijack this svp
julien_oyh a répondu à un(e) sujet de julien_oyh dans Analyses et éradication malwares
après cette bonen mission voici les rapport. RAPPORT DE EWIDIO --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 18:04:20, 16/05/2006 + Somme de contrôle: EF8981AB + Résultats du scan: [748] C:\WINDOWS\system32\westream.dll -> Adware.Look2Me : Nettoyer et sauvegarder :mozilla.10:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.11:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.12:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.13:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.14:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.15:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.16:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.18:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.19:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.20:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.21:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.22:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.35:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder :mozilla.81:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.82:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.83:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.84:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.85:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.86:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.87:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.88:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.89:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.90:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.91:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.92:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.93:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.94:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.95:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.96:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.97:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.98:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.99:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.100:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.101:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.102:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.103:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.104:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.105:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.106:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.107:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.108:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder :mozilla.114:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder :mozilla.127:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.128:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.129:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.130:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.139:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.140:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.141:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.142:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.143:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.144:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.145:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.146:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.147:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.148:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.149:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.157:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.159:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.160:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.161:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder :mozilla.170:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.171:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.185:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder :mozilla.186:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder :mozilla.200:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder :mozilla.201:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder :mozilla.203:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder :mozilla.207:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.212:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.213:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.214:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.215:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.216:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.217:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.219:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder :mozilla.220:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder :mozilla.230:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder :mozilla.252:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Overture : Nettoyer et sauvegarder :mozilla.253:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Overture : Nettoyer et sauvegarder :mozilla.299:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Enhance : Nettoyer et sauvegarder :mozilla.355:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.357:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.358:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.359:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.361:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.362:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.364:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.365:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Overture : Nettoyer et sauvegarder :mozilla.379:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder :mozilla.394:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder :mozilla.395:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder :mozilla.396:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder :mozilla.402:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder :mozilla.403:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder :mozilla.404:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder :mozilla.405:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder :mozilla.446:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.447:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.448:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.449:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.457:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder :mozilla.458:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder :mozilla.473:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.474:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.475:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.476:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.477:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.478:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.479:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.480:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.481:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.482:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.501:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.502:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.503:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.506:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.507:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.535:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder :mozilla.540:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder :mozilla.541:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder :mozilla.542:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder :mozilla.545:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.546:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.547:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.572:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder :mozilla.573:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder :mozilla.615:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder :mozilla.627:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Clickbank : Nettoyer et sauvegarder :mozilla.628:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder :mozilla.631:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.633:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Realtracker : Nettoyer et sauvegarder :mozilla.635:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.636:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.641:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.668:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder :mozilla.669:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder :mozilla.670:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder :mozilla.671:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder :mozilla.672:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder :mozilla.687:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder :mozilla.688:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder :mozilla.689:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder :mozilla.690:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder :mozilla.698:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder :mozilla.699:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder :mozilla.703:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder :mozilla.708:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder :mozilla.709:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder :mozilla.734:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Nettoyer et sauvegarder :mozilla.735:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Nettoyer et sauvegarder :mozilla.736:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Nettoyer et sauvegarder :mozilla.737:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Nettoyer et sauvegarder :mozilla.751:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyer et sauvegarder :mozilla.765:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder :mozilla.768:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Searchingbooth : Nettoyer et sauvegarder :mozilla.770:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.771:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.772:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.773:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.792:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder :mozilla.793:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder :mozilla.794:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder :mozilla.795:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder :mozilla.801:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder :mozilla.865:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder :mozilla.924:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder :mozilla.925:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder :mozilla.930:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder :mozilla.931:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder :mozilla.933:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.938:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder :mozilla.939:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\5yrd7agi.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\backup.zip/dlls/g4040edqeh0e0.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\backup.zip/dlls/guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\backup.zip/dlls/irj0l51m1.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\backup.zip/dlls/lv4209hoe.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\backup.zip/dlls/lvn0095me.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\backup.zip/dlls/m6nqlg5516.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\backup.zip/dlls/mwiwave.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\backup.zip/dlls/nntcfgx.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\backup.zip/dlls/q686lgls16q6.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\dlls\g4040edqeh0e0.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\dlls\guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\dlls\irj0l51m1.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\dlls\lv4209hoe.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\dlls\lvn0095me.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\dlls\m6nqlg5516.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\dlls\mwiwave.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\dlls\nntcfgx.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Bureau\l2mfix\dlls\q686lgls16q6.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\[email protected][2].txt -> TrackingCookie.Bestoffersnetworks : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@paypopup[2].txt -> TrackingCookie.Paypopup : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Clubdicecasino : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@casinopays[1].txt -> TrackingCookie.Casinopays : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Casinopays : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@linksynergy[1].txt -> TrackingCookie.Linksynergy : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@revenue[1].txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@targetnet[1].txt -> TrackingCookie.Targetnet : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@trafficmp[2].txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@zedo[2].txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\temp.fr7375 -> Adware.Look2Me : Nettoyer et sauvegarder C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\RECYCLER\S-1-5-21-1275210071-507921405-1343024091-500\Dc8.exe -> Proxy.Agent.jo : Nettoyer et sauvegarder C:\WINDOWS\system\svchost.dll -> Proxy.Agent.jo : Nettoyer et sauvegarder C:\WINDOWS\system\winlogon.dll -> Proxy.Small.ed : Nettoyer et sauvegarder C:\WINDOWS\system32\lvr2099oe.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\westream.dll -> Adware.Look2Me : Nettoyer et sauvegarder ::Fin du rapport RAPPORT DE HIJACK THIS Logfile of HijackThis v1.99.1 Scan saved at 18:09:18, on 16/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://offyourhead.free.fr/internet.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04145c0885590b...RdxIE601_fr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144687320175 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\i8600ijme8oa0.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe en tout cas je sais que ma mission n'est pas encore terminée car quelques pop up se sont ouvertes le temps que je rédige ce message ... Merci d'avance -
Analyse Hijack this svp
julien_oyh a répondu à un(e) sujet de julien_oyh dans Analyses et éradication malwares
Oups .... Le voici Logfile of HijackThis v1.99.1 Scan saved at 16:07:34, on 16/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\DOCUME~1\ADMINI~1\MESDOC~1\ECURIT~1\netdde.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\SpyBro\SpyBro.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\??mantec\n?tdde.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://offyourhead.free.fr/internet.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WindowsUpdateS] C:\WINDOWS\System\winlogon.exe /s O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WindowsUpdateR] C:\WINDOWS\System\regserv.exe /s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe O4 - HKLM\..\Run: [w0014d2c.dll] RUNDLL32.EXE w0014d2c.dll,I2 0005382c00014d2c O4 - HKLM\..\Run: [Microsoft ® Windows DLL Loader] C:\WINDOWS\dll\rundll32.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Eeat] "C:\DOCUME~1\ADMINI~1\MESDOC~1\ECURIT~1\netdde.exe" -vt ndrv O4 - HKCU\..\Run: [spyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Wndvl] C:\WINDOWS\??mantec\n?tdde.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04145c0885590b...RdxIE601_fr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144687320175 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\s4pu0e79eh.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Windows DLL Loader (RunDll32) - Unknown owner - C:\WINDOWS\dll\rundll32.exe (file missing) O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing) O23 - Service: Windows Security Service (WindowsSecurity) - Unknown owner - C:\WINDOWS\secure.exe (file missing) -
Analyse Hijack this svp
julien_oyh a répondu à un(e) sujet de julien_oyh dans Analyses et éradication malwares
j'ai fait la manip et voici le log.txt affiché à l'écran L2mfix 051206 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Killing 'smss.exe' \SystemRoot\System32\smss.exe (588) Killing 'winlogon.exe' winlogon.exe (676) Killing 'explorer.exe' C:\WINDOWS\Explorer.EXE (536) Killing 'rundll32.exe' rundll32.exe "C:\WINDOWS\system32\guard.tmp",DllGetVersion (3712) Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). Deleting: C:\WINDOWS\system32\g4040edqeh0e0.dll Successfully Deleted: C:\WINDOWS\system32\g4040edqeh0e0.dll Deleting: C:\WINDOWS\system32\irj0l51m1.dll Successfully Deleted: C:\WINDOWS\system32\irj0l51m1.dll Deleting: C:\WINDOWS\system32\lv4209hoe.dll Successfully Deleted: C:\WINDOWS\system32\lv4209hoe.dll Deleting: C:\WINDOWS\system32\lvn0095me.dll Successfully Deleted: C:\WINDOWS\system32\lvn0095me.dll Deleting: C:\WINDOWS\system32\m6nqlg5516.dll Successfully Deleted: C:\WINDOWS\system32\m6nqlg5516.dll Deleting: C:\WINDOWS\system32\mwiwave.dll Successfully Deleted: C:\WINDOWS\system32\mwiwave.dll Deleting: C:\WINDOWS\system32\nntcfgx.dll Successfully Deleted: C:\WINDOWS\system32\nntcfgx.dll Deleting: C:\WINDOWS\system32\q686lgls16q6.dll Successfully Deleted: C:\WINDOWS\system32\q686lgls16q6.dll Deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp msg11?.dll 0 fichier(s) copi‚(s). Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\s4pu0e79eh.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\g4040edqeh0e0.dll C:\WINDOWS\system32\irj0l51m1.dll C:\WINDOWS\system32\lv4209hoe.dll C:\WINDOWS\system32\lvn0095me.dll C:\WINDOWS\system32\m6nqlg5516.dll C:\WINDOWS\system32\mwiwave.dll C:\WINDOWS\system32\nntcfgx.dll C:\WINDOWS\system32\q686lgls16q6.dll C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}\InprocServer32] @="C:\\WINDOWS\\system32\\oubccp32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4682A0DF-F2AC-4113-9C23-088278F000FA}] @="" [HKEY_CLASSES_ROOT\CLSID\{4682A0DF-F2AC-4113-9C23-088278F000FA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4682A0DF-F2AC-4113-9C23-088278F000FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4682A0DF-F2AC-4113-9C23-088278F000FA}\InprocServer32] @="C:\\WINDOWS\\system32\\wjerrFRA.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}] @="" [HKEY_CLASSES_ROOT\CLSID\{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}\InprocServer32] @="C:\\WINDOWS\\system32\\kmdusl.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AC923931-6C46-409B-B5CA-C4628F091CF0}] @="" [HKEY_CLASSES_ROOT\CLSID\{AC923931-6C46-409B-B5CA-C4628F091CF0}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AC923931-6C46-409B-B5CA-C4628F091CF0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AC923931-6C46-409B-B5CA-C4628F091CF0}\InprocServer32] @="C:\\WINDOWS\\system32\\ddtrans.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4FD5F451-3C18-4568-9AD2-39FF48924B8F}] @="" [HKEY_CLASSES_ROOT\CLSID\{4FD5F451-3C18-4568-9AD2-39FF48924B8F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4FD5F451-3C18-4568-9AD2-39FF48924B8F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4FD5F451-3C18-4568-9AD2-39FF48924B8F}\InprocServer32] @="C:\\WINDOWS\\system32\\desapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}] @="" [HKEY_CLASSES_ROOT\CLSID\{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}\InprocServer32] @="C:\\WINDOWS\\system32\\rocdll.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{376880B9-2B0B-43DE-A330-84720BDFBB4F}] @="" [HKEY_CLASSES_ROOT\CLSID\{376880B9-2B0B-43DE-A330-84720BDFBB4F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{376880B9-2B0B-43DE-A330-84720BDFBB4F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{376880B9-2B0B-43DE-A330-84720BDFBB4F}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}] @="" [HKEY_CLASSES_ROOT\CLSID\{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}\InprocServer32] @="C:\\WINDOWS\\system32\\dssynth.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}] @="" [HKEY_CLASSES_ROOT\CLSID\{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}\InprocServer32] @="C:\\WINDOWS\\system32\\ctmaddin.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}] @="" [HKEY_CLASSES_ROOT\CLSID\{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}\InprocServer32] @="C:\\WINDOWS\\system32\\jidw400.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}] @="" [HKEY_CLASSES_ROOT\CLSID\{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}"=- "{0A8FD195-8FC3-4F9E-A5CB-EA4F9C9BBC42}"=- "{4682A0DF-F2AC-4113-9C23-088278F000FA}"=- "{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}"=- "{AC923931-6C46-409B-B5CA-C4628F091CF0}"=- "{4FD5F451-3C18-4568-9AD2-39FF48924B8F}"=- "{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}"=- "{376880B9-2B0B-43DE-A330-84720BDFBB4F}"=- "{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}"=- "{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}"=- "{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}"=- "{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}"=- [-HKEY_CLASSES_ROOT\CLSID\{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}] [-HKEY_CLASSES_ROOT\CLSID\{0A8FD195-8FC3-4F9E-A5CB-EA4F9C9BBC42}] [-HKEY_CLASSES_ROOT\CLSID\{4682A0DF-F2AC-4113-9C23-088278F000FA}] [-HKEY_CLASSES_ROOT\CLSID\{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}] [-HKEY_CLASSES_ROOT\CLSID\{AC923931-6C46-409B-B5CA-C4628F091CF0}] [-HKEY_CLASSES_ROOT\CLSID\{4FD5F451-3C18-4568-9AD2-39FF48924B8F}] [-HKEY_CLASSES_ROOT\CLSID\{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}] [-HKEY_CLASSES_ROOT\CLSID\{376880B9-2B0B-43DE-A330-84720BDFBB4F}] [-HKEY_CLASSES_ROOT\CLSID\{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}] [-HKEY_CLASSES_ROOT\CLSID\{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}] [-HKEY_CLASSES_ROOT\CLSID\{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}] [-HKEY_CLASSES_ROOT\CLSID\{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/g4040edqeh0e0.dll (164 bytes security) (deflated 6%) adding: dlls/guard.tmp (164 bytes security) (deflated 4%) adding: dlls/irj0l51m1.dll (164 bytes security) (deflated 6%) adding: dlls/lv4209hoe.dll (164 bytes security) (deflated 6%) adding: dlls/lvn0095me.dll (164 bytes security) (deflated 6%) adding: dlls/m6nqlg5516.dll (164 bytes security) (deflated 6%) adding: dlls/mwiwave.dll (164 bytes security) (deflated 4%) adding: dlls/nntcfgx.dll (164 bytes security) (deflated 5%) adding: dlls/q686lgls16q6.dll (164 bytes security) (deflated 5%) adding: backregs/14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF.reg (212 bytes security) (deflated 70%) adding: backregs/376880B9-2B0B-43DE-A330-84720BDFBB4F.reg (212 bytes security) (deflated 70%) adding: backregs/4682A0DF-F2AC-4113-9C23-088278F000FA.reg (212 bytes security) (deflated 70%) adding: backregs/4FD5F451-3C18-4568-9AD2-39FF48924B8F.reg (212 bytes security) (deflated 70%) adding: backregs/5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8.reg (212 bytes security) (deflated 70%) adding: backregs/5C6F36B2-0942-4D6A-86F9-951EE5F27AB1.reg (212 bytes security) (deflated 70%) adding: backregs/AC923931-6C46-409B-B5CA-C4628F091CF0.reg (212 bytes security) (deflated 70%) adding: backregs/AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4.reg (212 bytes security) (deflated 70%) adding: backregs/CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B.reg (212 bytes security) (deflated 69%) adding: backregs/D4E258F5-C0B6-4FD2-9E10-368F433D1F94.reg (212 bytes security) (deflated 70%) adding: backregs/E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5.reg (212 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 87%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) -
Analyse Hijack this svp
julien_oyh a répondu à un(e) sujet de julien_oyh dans Analyses et éradication malwares
Merci Bruce lee pour ta réponse rapide ! voici le report demandé @ bientôt L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\s4pu0e79eh.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{42292FF9-1D83-A465-3E8B-72961650C26E}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}"="" "{0A8FD195-8FC3-4F9E-A5CB-EA4F9C9BBC42}"="" "{4682A0DF-F2AC-4113-9C23-088278F000FA}"="" "{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}"="" "{AC923931-6C46-409B-B5CA-C4628F091CF0}"="" "{4FD5F451-3C18-4568-9AD2-39FF48924B8F}"="" "{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}"="" "{376880B9-2B0B-43DE-A330-84720BDFBB4F}"="" "{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}"="" "{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}"="" "{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}"="" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}"="" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}"="Mobile Device" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CFCF0E6A-32D7-4CE3-916E-78F8C1233B4B}\InprocServer32] @="C:\\WINDOWS\\system32\\oubccp32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4682A0DF-F2AC-4113-9C23-088278F000FA}] @="" [HKEY_CLASSES_ROOT\CLSID\{4682A0DF-F2AC-4113-9C23-088278F000FA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4682A0DF-F2AC-4113-9C23-088278F000FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4682A0DF-F2AC-4113-9C23-088278F000FA}\InprocServer32] @="C:\\WINDOWS\\system32\\wjerrFRA.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}] @="" [HKEY_CLASSES_ROOT\CLSID\{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E6B5D024-F4C8-4CF9-B3BC-887FD4F523D5}\InprocServer32] @="C:\\WINDOWS\\system32\\kmdusl.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AC923931-6C46-409B-B5CA-C4628F091CF0}] @="" [HKEY_CLASSES_ROOT\CLSID\{AC923931-6C46-409B-B5CA-C4628F091CF0}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AC923931-6C46-409B-B5CA-C4628F091CF0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AC923931-6C46-409B-B5CA-C4628F091CF0}\InprocServer32] @="C:\\WINDOWS\\system32\\ddtrans.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4FD5F451-3C18-4568-9AD2-39FF48924B8F}] @="" [HKEY_CLASSES_ROOT\CLSID\{4FD5F451-3C18-4568-9AD2-39FF48924B8F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4FD5F451-3C18-4568-9AD2-39FF48924B8F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4FD5F451-3C18-4568-9AD2-39FF48924B8F}\InprocServer32] @="C:\\WINDOWS\\system32\\desapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}] @="" [HKEY_CLASSES_ROOT\CLSID\{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D4E258F5-C0B6-4FD2-9E10-368F433D1F94}\InprocServer32] @="C:\\WINDOWS\\system32\\rocdll.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{376880B9-2B0B-43DE-A330-84720BDFBB4F}] @="" [HKEY_CLASSES_ROOT\CLSID\{376880B9-2B0B-43DE-A330-84720BDFBB4F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{376880B9-2B0B-43DE-A330-84720BDFBB4F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{376880B9-2B0B-43DE-A330-84720BDFBB4F}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}] @="" [HKEY_CLASSES_ROOT\CLSID\{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{14231B8C-6EDC-4AAA-9D1B-D9A126ED9EBF}\InprocServer32] @="C:\\WINDOWS\\system32\\dssynth.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}] @="" [HKEY_CLASSES_ROOT\CLSID\{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AF1BF508-BA4B-42D6-B9AF-C79445BDE2B4}\InprocServer32] @="C:\\WINDOWS\\system32\\ctmaddin.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}] @="" [HKEY_CLASSES_ROOT\CLSID\{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{5C6F36B2-0942-4D6A-86F9-951EE5F27AB1}\InprocServer32] @="C:\\WINDOWS\\system32\\jidw400.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}] @="" [HKEY_CLASSES_ROOT\CLSID\{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{5BDDFEFB-8C89-47D5-9D55-C94EEECED8D8}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ browseui.dll Sat 4 Mar 2006 5:34:58 A.... 1 023 488 999,50 K cdfview.dll Sat 4 Mar 2006 5:34:58 A.... 152 064 148,50 K danim.dll Sat 4 Mar 2006 5:34:58 A.... 1 056 768 1,01 M dxtrans.dll Sat 4 Mar 2006 5:34:58 A.... 205 312 200,50 K extmgr.dll Sat 4 Mar 2006 5:34:58 ..... 55 808 54,50 K g4040e~1.dll Fri 12 May 2006 10:20:26 ..S.R 237 274 231,71 K iepeers.dll Sat 4 Mar 2006 5:34:58 A.... 251 392 245,50 K inetcomm.dll Fri 17 Mar 2006 11:11:46 A.... 679 424 663,50 K inseng.dll Sat 4 Mar 2006 5:34:58 A.... 96 768 94,50 K irj0l5~1.dll Fri 12 May 2006 10:49:00 ..S.R 237 274 231,71 K lv4209~1.dll Fri 12 May 2006 20:39:34 ..S.R 237 274 231,71 K lvn009~1.dll Wed 10 May 2006 10:18:42 ..S.R 237 274 231,71 K lvr209~1.dll Tue 16 May 2006 14:46:58 ..S.R 233 859 228,38 K m6nqlg~1.dll Thu 11 May 2006 10:20:28 ..S.R 237 274 231,71 K msdtcprx.dll Wed 1 Mar 2006 21:43:50 A.... 426 496 416,50 K msdtctm.dll Wed 1 Mar 2006 21:43:50 A.... 956 416 934,00 K msdtcuiu.dll Wed 1 Mar 2006 21:43:52 A.... 161 280 157,50 K mshtml.dll Thu 23 Mar 2006 22:35:42 A.... 3 074 560 2,93 M mshtmled.dll Sat 4 Mar 2006 5:35:00 A.... 448 512 438,00 K msrating.dll Sat 4 Mar 2006 5:35:00 A.... 146 432 143,00 K mstime.dll Sat 4 Mar 2006 5:35:02 A.... 532 480 520,00 K mtxclu.dll Wed 1 Mar 2006 21:43:52 A.... 66 560 65,00 K mtxoci.dll Wed 1 Mar 2006 21:43:52 A.... 91 136 89,00 K mwiwave.dll Tue 16 May 2006 10:19:56 ..S.R 233 560 228,09 K nntcfgx.dll Wed 19 Apr 2006 10:24:40 ..S.R 235 508 229,99 K pncrt.dll Tue 4 Apr 2006 11:12:54 A.... 278 528 272,00 K pndx5016.dll Tue 4 Apr 2006 11:12:56 A.... 6 656 6,50 K pndx5032.dll Tue 4 Apr 2006 11:12:56 A.... 5 632 5,50 K pngfilt.dll Sat 4 Mar 2006 5:35:02 A.... 39 424 38,50 K q686lg~1.dll Tue 9 May 2006 19:35:10 ..S.R 235 508 229,99 K rmoc3260.dll Tue 4 Apr 2006 11:13:08 A.... 176 167 172,04 K s4pu0e~1.dll Tue 16 May 2006 12:52:58 ..S.R 233 560 228,09 K shdocvw.dll Thu 30 Mar 2006 11:26:12 A.... 1 492 992 1,42 M shell32.dll Fri 17 Mar 2006 6:07:40 A.... 8 508 416 8,11 M shlwapi.dll Sat 4 Mar 2006 5:35:02 A.... 474 624 463,50 K urlmon.dll Sat 18 Mar 2006 13:09:54 A.... 615 424 601,00 K wininet.dll Sat 4 Mar 2006 5:35:02 A.... 662 528 647,00 K wmp.dll Fri 10 Mar 2006 6:09:14 A.... 5 533 696 5,28 M xolehlp.dll Wed 1 Mar 2006 21:43:52 A.... 11 776 11,50 K xpsp3res.dll Thu 30 Mar 2006 3:16:46 A.... 17 920 17,50 K 40 items found: 40 files (10 H/S), 0 directories. Total of file sizes: 29 607 044 bytes 28,23 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Tue 16 May 2006 14:53:58 ..S.R 233 560 228,09 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 233 560 bytes 228,09 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle Disque Dur Le num‚ro de s‚rie du volume est 284B-A200 R‚pertoire de C:\WINDOWS\System32 16/05/2006 14:53 233ÿ560 guard.tmp 16/05/2006 14:46 233ÿ859 lvr2099oe.dll 16/05/2006 12:52 233ÿ560 s4pu0e79eh.dll 16/05/2006 10:19 233ÿ560 mwiwave.dll 15/05/2006 19:06 <REP> dllcache 12/05/2006 20:39 237ÿ274 lv4209hoe.dll 12/05/2006 10:48 237ÿ274 irj0l51m1.dll 12/05/2006 10:20 237ÿ274 g4040edqeh0e0.dll 11/05/2006 10:20 237ÿ274 m6nqlg5516.dll 10/05/2006 10:18 237ÿ274 lvn0095me.dll 09/05/2006 19:35 235ÿ508 q686lgls16q6.dll 19/04/2006 10:24 235ÿ508 nntcfgx.dll 11/04/2006 22:20 <REP> Microsoft 11 fichier(s) 2ÿ591ÿ925 octets 2 R‚p(s) 4ÿ749ÿ971ÿ456 octets libres -
Bonjour, J'ai un gros soucis d'infection sur mon PC suite à une connection au net sans firewall. il leur aura suffit de 30 min... Alors depuis j'ai executé beaucoup d'antivirus, d'anti trojan et d'anti spyware, je ne ma rapelle plus de tous les noms mais notamment Adaware, Spybro, Spybot search and destroy, bit defender, a squared... Mon problème principal est l'ouverture de pop up toutes les 2 min environ, sachant que mon PC me sert au travail c'est très très génant. j'ai donc suivi le process de desinfection décrit dans un post de ce forum, et je vous poste comme demandé le rapport HiJack This ce dessous. merci d'avance pour tout conseil, là c'est chaud et mon UC est à 100% ... Logfile of HijackThis v1.99.1 Scan saved at 14:55:20, on 16/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\??mantec\n?tdde.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://offyourhead.free.fr/internet.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WindowsUpdateS] C:\WINDOWS\System\winlogon.exe /s O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WindowsUpdateR] C:\WINDOWS\System\regserv.exe /s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe O4 - HKLM\..\Run: [w0014d2c.dll] RUNDLL32.EXE w0014d2c.dll,I2 0005382c00014d2c O4 - HKLM\..\Run: [Microsoft ® Windows DLL Loader] C:\WINDOWS\dll\rundll32.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Eeat] "C:\DOCUME~1\ADMINI~1\MESDOC~1\ECURIT~1\netdde.exe" -vt ndrv O4 - HKCU\..\Run: [spyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Wndvl] C:\WINDOWS\??mantec\n?tdde.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04145c0885590b...RdxIE601_fr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144687320175 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\s4pu0e79eh.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Windows DLL Loader (RunDll32) - Unknown owner - C:\WINDOWS\dll\rundll32.exe (file missing) O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing) O23 - Service: Windows Security Service (WindowsSecurity) - Unknown owner - C:\WINDOWS\secure.exe (file missing) Merci !!