Aller au contenu

alane

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    463

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

 Type de contenu 

Tout ce qui a été posté par alane

  1. alane
    bonjour depuis quelque temps je reçois tous les jours des messages en anglais vente de montre ,viagra etc je bloque l'expediteur à chaque fois mais d'autres arrivent j'ai passe tout les outils de nettoyage(ewido,spybot,adaware,c cleaner ,nav) y'a il un moyen de bloquer efficacement ces messages merci
  2. alane

    plus de son resolu

    alane a répondu à un(e) sujet de alane dans Software

    salut j'ai reussi à desactiver le son de la carte mere j'avais pas vu l'emplacement j'ai reinstalle ma carte et ça marche merci de votre aide @+
  3. alane

    plus de son resolu

    alane a répondu à un(e) sujet de alane dans Software

    oui je n'y connais pas grand chose mais j'ai desactive reseau integre j'ai pas trouve d'indication sur le son
  4. alane

    plus de son resolu

    alane a posté un sujet dans Software

    bonjour en voulant installer une carte son je n'ai plus rien j'ai desinstalle la carte son mais je n'ai meme plus le son integre de ma carte mere j'ai fait une restaurationet je suis alle voir dans le panneau de configuration tout semble normal le gestoinnaire de peripherique ne m'indique rien mes encientes fonctionnent sur ma tv j'ai verifie les branchements je ne sis plus quoi faire à part tout reinstaller xp si quelq'un peut m'aider merci
  5. alane

    compte utilisateur

    alane a répondu à un(e) sujet de alane dans Software

    bonjour c'est norton antivirus qui fait des siennes j'ai cree un compte restreint et un fichier s'est cree dans "docoment et settings" j'ai supprime le fichier et j'ai plus de message merci
  6. alane

    compte utilisateur

    alane a posté un sujet dans Software

    bonjour je viens d'ouvrir un compte restreint(avant j'avais seulement le compte administrateur) lorsque j'ouvre le compte restreint il ya une alerte de script malveillant si je clique sur arreter ce script ça va comment faire pour ne plus voir ce message merci
  7. alane

    alimentation tour

    alane a répondu à un(e) sujet de alane dans Hardware

    merci donc il est preferable d'amener la vieille alimentation pour comparer merci
  8. alane

    alimentation tour

    alane a posté un sujet dans Hardware

    bonjour une question bete est ce que les alimentations pour tour sont standard au nivaeu de l'emcombrement? merci
  9. alane

    disque dur

    alane a répondu à un(e) sujet de alane dans Conseils matériel - Achats & Ventes

    salut merci pour vos reponses,ouais 2 c'est mieux A+
  10. alane
    bonjour est il vrai qu'il est preferable d'avoir 2 disques dur plutot q'un gros niveau rapidite merci
  11. alane
    bonjour à premiere vu ça à l'air d'aller j'ai passe spybot qui m'a supprime winantivirus pro 20006 chose qu'il ne faisait pas avant merci de ton aide @+
  12. alane
    excuse j'ai fait le scan ewido(que des cookies) je viens de virer keyboard 231 merci est ce bon?
  13. alane
    rappo VundoFix V4.2.84 Checking Java version... Sun Java not detected Scan started at 18:10:58 02/07/2006 Listing files found while scanning.... C:\WINDOWS\system32\stutv.bak1 C:\WINDOWS\system32\stutv.bak2 C:\WINDOWS\system32\stutv.tmp C:\WINDOWS\system32\stutv.ini C:\WINDOWS\system32\stutv.ini2 C:\WINDOWS\system32\vtuts.dll C:\WINDOWS\system32\stutv.ini2 C:\WINDOWS\system32\stutv.bak2 C:\WINDOWS\system32\stutv.tmp C:\WINDOWS\system32\stutv.ini C:\WINDOWS\system32\stutv.ini2 C:\WINDOWS\system32\vtuts.dll Attempting to delete C:\WINDOWS\system32\stutv.bak1 C:\WINDOWS\system32\stutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\stutv.bak2 C:\WINDOWS\system32\stutv.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\stutv.tmp C:\WINDOWS\system32\stutv.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\stutv.ini C:\WINDOWS\system32\stutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\stutv.ini2 C:\WINDOWS\system32\stutv.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\vtuts.dll C:\WINDOWS\system32\vtuts.dll Has been deleted! Performing Repairs to the registry. Done! rt vudo rapport panda Incident Status Location Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard231.dat Adware:adware/ist.istbar Not disinfected Windows Registry Adware:adware/ncase Not disinfected Windows Registry Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@errorsafe[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@www.errorsafe[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@xiti[1].txt Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
  14. alane
    voici les 2 rapports C:\WINDOWS\System32\stutv.ini2 C:\WINDOWS\System32\nvapps.xml C:\WINDOWS\System32\wpa.dbl C:\WINDOWS\System32\stutv.ini C:\WINDOWS\System32\stutv.tmp C:\WINDOWS\System32\PerfStringBackup.INI C:\WINDOWS\System32\perfh00C.dat C:\WINDOWS\System32\perfh009.dat C:\WINDOWS\System32\perfc00C.dat C:\WINDOWS\System32\perfc009.dat C:\WINDOWS\System32\mapisvc.inf C:\WINDOWS\System32\stutv.bak2 C:\WINDOWS\System32\LuResult.txt C:\WINDOWS\System32\stutv.bak1 C:\WINDOWS\System32\vtuts.dll C:\WINDOWS\System32\wintsu.exe C:\WINDOWS\System32\WgaLogon.dll C:\WINDOWS\System32\LegitCheckControl.dll C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\System32\MRT.exe C:\WINDOWS\System32\avsda.dll C:\WINDOWS\System32\jgpl400.dll C:\WINDOWS\System32\jgdw400.dll C:\WINDOWS\System32\shdocvw.dll C:\WINDOWS\System32\nscompat.tlb Le volume dans le lecteur C s'appelle HP_PAVILION Le num‚ro de s‚rie du volume est 7846-9FBD R‚pertoire de C:\Program Files 02/07/2006 15:46 <REP> . 02/07/2006 15:46 <REP> .. 02/02/2006 10:44 <REP> Adobe 01/07/2006 13:26 <REP> AntiVir PersonalEdition Classic 02/07/2006 15:26 <REP> backups 02/01/2002 01:23 <REP> BackWeb 12/05/2006 17:52 <REP> CCleaner 04/03/2006 12:27 <REP> CCleaner(2) 28/01/2006 15:15 <REP> Creative 28/01/2006 15:18 <REP> DivX 02/01/2002 00:46 <REP> DLA 04/06/2006 09:38 <REP> Eraser 02/07/2006 15:07 <REP> ewido anti-malware 01/07/2006 11:18 <REP> Fichiers communs 15/06/2006 16:26 <REP> Google 28/01/2006 16:36 <REP> Hewlett-Packard 07/06/2006 13:42 <REP> hijackthis ok 12/03/2006 17:47 218ÿ112 HijackThis.exe 02/07/2006 15:46 2ÿ961 hijackthis.log 02/01/2002 01:23 <REP> hp center 28/01/2006 15:15 <REP> InterActual 15/06/2006 14:05 <REP> Internet Explorer 28/01/2006 15:15 <REP> InterVideo 01/07/2006 09:35 <REP> Lavasoft 17/03/2006 17:40 <REP> Logitech 07/06/2006 17:09 <REP> Messenger 28/01/2006 16:29 <REP> MeuhMeuhTV 02/01/2002 10:43 <REP> microsoft frontpage 12/02/2006 18:52 <REP> Microsoft Office 07/06/2006 17:09 <REP> Microsoft Picture It! 7 07/06/2006 17:09 <REP> Microsoft Works 28/01/2006 14:57 <REP> Microsoft Works Suite 2003 07/06/2006 17:09 <REP> Movie Maker 02/01/2002 10:39 <REP> MSN Gaming Zone 07/06/2006 17:09 <REP> NetMeeting 16/04/2006 17:46 <REP> Outlook Express 28/01/2006 08:38 <REP> Pinnacle 02/07/2006 08:28 <REP> Power IE 30/06/2006 16:35 <REP> RamBoost XP 07/06/2006 17:09 <REP> ReadIris 27/02/2006 17:37 <REP> RecordNow 07/06/2006 17:10 <REP> RegCompact 20/05/2006 17:43 <REP> RegSupreme Pro 02/01/2002 01:19 <REP> Services en ligne 28/01/2006 15:33 <REP> Shareaza 02/01/2002 01:05 <REP> Sonic 04/06/2006 09:01 <REP> Spybot - Search & Destroy 02/01/2002 00:46 <REP> VERITAS Software 27/05/2006 19:07 <REP> Windows 26/05/2006 17:53 <REP> Windows Media Player 02/07/2006 08:46 <REP> Windows NT 07/06/2006 17:10 <REP> WinRAR 02/01/2002 10:43 <REP> xerox 12/05/2006 17:52 <REP> Yahoo! 2 fichier(s) 221ÿ073 octets 52 R‚p(s) 48ÿ284ÿ291ÿ072 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le num‚ro de s‚rie du volume est 7846-9FBD R‚pertoire de C:\Program Files\fichiers communs 01/07/2006 11:18 <REP> . 01/07/2006 11:18 <REP> .. 02/02/2006 10:08 <REP> Adobe 28/01/2006 15:02 <REP> Designer 17/03/2006 17:40 <REP> FotoWire 28/01/2006 16:37 <REP> Hewlett-Packard 14/05/2006 17:00 <REP> InstallShield 28/01/2006 15:16 <REP> InterVideo 17/03/2006 17:39 <REP> Logitech 28/01/2006 15:02 <REP> Microsoft Shared 02/01/2002 10:41 <REP> MSSoap 16/05/2006 18:29 <REP> PhilipsMM 03/06/2006 20:55 <REP> Services 02/01/2002 10:35 <REP> SpeechEngines 01/07/2006 11:22 <REP> Symantec Shared 16/04/2006 17:46 <REP> System 0 fichier(s) 0 octets 16 R‚p(s) 48ÿ284ÿ286ÿ976 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le num‚ro de s‚rie du volume est 7846-9FBD R‚pertoire de C:\ c:\Documents and Settings\Administrateur\Local Settings\Temp\VIES5516\INS9XMSI.EXE c:\Documents and Settings\Administrateur\Local Settings\Temp\VIES5516\INSNTMSI.EXE c:\Documents and Settings\Administrateur\Local Settings\Temp\VIES5516\Setup.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\VIES5516\UM\INS9XMSI.EXE c:\Documents and Settings\Administrateur\Local Settings\Temp\VIES5516\UM\INSNTMSI.EXE c:\Documents and Settings\Administrateur\Local Settings\Temp\VIES5516\UM\Setup.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\VIES55BC\INS9XMSI.EXE c:\Documents and Settings\Administrateur\Local Settings\Temp\VIES55BC\INSNTMSI.EXE c:\Documents and Settings\Administrateur\Local Settings\Temp\VIES55BC\Setup.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\_one4all_\OEM-Limited-ShowShifter-Setup.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\avcenter.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\avcmd.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\avconfig.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\avesvc.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\avgnt.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\avguard.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\avmailc.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\AVMCDLG.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\avnotify.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\avscan.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\guardgui.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\licmgr.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\preupd.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\sched.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\setup.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\UPGRADE\basic\update.exe c:\Documents and Settings\Default User\Local Settings\Temp\VIES5516\INS9XMSI.EXE c:\Documents and Settings\Default User\Local Settings\Temp\VIES5516\INSNTMSI.EXE c:\Documents and Settings\Default User\Local Settings\Temp\VIES5516\Setup.exe c:\Documents and Settings\Default User\Local Settings\Temp\VIES5516\UM\INS9XMSI.EXE c:\Documents and Settings\Default User\Local Settings\Temp\VIES5516\UM\INSNTMSI.EXE c:\Documents and Settings\Default User\Local Settings\Temp\VIES5516\UM\Setup.exe c:\Documents and Settings\Default User\Local Settings\Temp\VIES55BC\INS9XMSI.EXE c:\Documents and Settings\Default User\Local Settings\Temp\VIES55BC\INSNTMSI.EXE c:\Documents and Settings\Default User\Local Settings\Temp\VIES55BC\Setup.exe c:\Documents and Settings\Default User\Local Settings\Temp\_one4all_\OEM-Limited-ShowShifter-Setup.exe c:\Documents and Settings\Propri‚taire\Application Data\Microsoft\Installer\{AF7C627C-F354-4FF1-8450-398C806B436E}\_3d366f1d.exe c:\Documents and Settings\Propri‚taire\Application Data\Microsoft\Installer\{AF7C627C-F354-4FF1-8450-398C806B436E}\_4bde371b.exe c:\Documents and Settings\Propri‚taire\Bureau\blbeta.exe c:\Documents and Settings\Propri‚taire\Bureau\chercher\LFiles.exe c:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix\Process.exe c:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe c:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix\restart.exe c:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe c:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe SmitFraudFix v2.65 Rapport fait à 17:43:25,37, 02/07/2006 Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  15. alane
    voila le rapport hitjackthis Logfile of HijackThis v1.99.1 Scan saved at 15:46:06, on 02/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/ F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe et bilbeta 07/02/06 15:42:43 [info]: BlackLight Engine 1.0.42 initialized 07/02/06 15:42:43 [info]: OS: 5.1 build 2600 (Service Pack 2) 07/02/06 15:42:43 [Note]: 7019 4 07/02/06 15:42:43 [Note]: 7005 0 07/02/06 15:42:45 [Note]: 7006 0 07/02/06 15:42:45 [Note]: 7011 1876 07/02/06 15:42:45 [Note]: 7026 0 07/02/06 15:42:45 [Note]: 7026 0 07/02/06 15:42:50 [Note]: FSRAW library version 1.7.1019 07/02/06 15:45:50 [Note]: 7007 0
  16. alane
    bonjour depuis quelques jours lorsque je vais sur internet apparait une fenetreme proposant d'installer winantivirus pro 2006 je n'arrive pas avoir d'ou ça viens j'ai procede au nettoyage de mon pc(comme indique dans la procedure en mode sans echec) suis alle dans le registre et j'ai supprime la ligne winantivirus mais ça reviens si quelqu'un sait merci
  17. alane
    non apparament ça va merci pour ton aide à bientot car je suis un bidoulleur
  18. alane
    salut je crois que ça va mon pc est + rapide merci pour tout
  19. alane
    salut j'ai mis du temmps à repondre mais je bosse le matin de 4heures à midi ceci dit j'ai viré la dll scanne avec ewido(j'ai oublie de sauvegarde le rapport mais y'a rien)je joins le log hijackthis Logfile of HijackThis v1.99.1 Scan saved at 16:15:00, on 06/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
  20. alane
    rien de deceleJotti's malware scan 2.99-TRANSITION_TO_3.00-R1 File to upload & scan: Service Service load: 0% 100% File: ping.dll Status: OK MD5 c55738c167ccee9acf67f42b4a29afc5 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing Powered by Disclaimer This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service. Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita. Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware. Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample. Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all. Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, and some people who prefer to remain anonymous... many thanks to all! Statistics Last file scanned at least one scanner reported something about: A0003126.eXE, detected by: Scanner Malware name AntiVir Trojan/Drop.MultiJoiner.13.B.154 ArcaVir Trojan.Dropper.Multijoiner.13.B Avast Win32:MultiJoiner AVG Antivirus Dropper.Mjoiner.T BitDefender GenPack:Backdoor.Hupigon.AG ClamAV X Dr.Web Trojan.MulDrop.613 F-Prot Antivirus X Fortinet W32/MultiJoiner.B!tr Kaspersky Anti-Virus Trojan-Dropper.Win32.MultiJoiner.13.b NOD32 Win32/TrojanDropper.MultiJoiner.13.B Norman Virus Control W32/MultiJoiner_13.B UNA X VirusBuster Trojan.DR.MultiJoiner.D VBA32 TrojanDropper.Win32.MultiJoiner.13.b You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives We are not affiliated with any third parties that conduct tests using this service. Frequently asked questions - Feedback - Privacy policy Page generated by JTPL Copyright © 2004-2005 Jordi Bosveld <jotti@jotti.org>
  21. alane
    voila un nouveau log Logfile of HijackThis v1.99.1 Scan saved at 16:47:31, on 05/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\netdde.dll C:\WINDOWS\system32\ping.dll O20 - Winlogon Notify: BITS - C:\WINDOWS\ O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe merci si on trouve pas je reinstallerai mais j'aimerais bien savoir d'ou ça viens
  22. alane
    bonjour je crois bien que je vais etre oblige de reinstaller windows etant donne que je ne trouve pas de solution
  23. alane
    ok voici le rapport L2mfix 051206 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Killing 'smss.exe' \SystemRoot\System32\smss.exe (540) Killing 'winlogon.exe' winlogon.exe (796) Killing 'explorer.exe' C:\WINDOWS\Explorer.EXE (3428) Killing 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{0D6D4DEC-C006-4E85-98BE-99C6F5AC0D9E}"=- [-HKEY_CLASSES_ROOT\CLSID\{0D6D4DEC-C006-4E85-98BE-99C6F5AC0D9E}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/notibac.reg (140 bytes security) (deflated 88%)
  24. alane
    voila le rapportL2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{83BE8EF5-A7D8-2CD7-3E6E-5D7C2E98CA8D}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{ABC70703-32AF-11d4-90C4-D483A70F4825}"="CMenuExtender" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices" "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu" "{0D6D4DEC-C006-4E85-98BE-99C6F5AC0D9E}"="" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ asferror.dll Wed 10 May 2006 2:18:16 A.... 7 680 7,50 K audiodev.dll Wed 10 May 2006 2:51:14 A.... 269 824 263,50 K blackbox.dll Tue 9 May 2006 20:59:14 A.... 585 216 571,50 K cewmdm.dll Tue 9 May 2006 22:26:34 A.... 219 648 214,50 K drmv2clt.dll Tue 9 May 2006 21:00:02 A.... 1 350 656 1,29 M ehetw.dll Tue 9 May 2006 20:57:06 ..... 11 264 11,00 K inetcomm.dll Fri 17 Mar 2006 11:11:46 A.... 679 424 663,50 K laprxy.dll Tue 9 May 2006 22:26:32 A.... 9 728 9,50 K legitc~1.dll Wed 17 May 2006 11:23:38 ..... 579 888 566,30 K mfplat.dll Tue 9 May 2006 21:00:08 ..... 382 976 374,00 K mp43decd.dll Tue 9 May 2006 21:00:56 ..... 241 152 235,50 K mp43dmod.dll Tue 9 May 2006 22:26:34 ..... 4 096 4,00 K mp4sdecd.dll Tue 9 May 2006 21:00:58 ..... 299 520 292,50 K mp4sdmod.dll Tue 9 May 2006 22:26:34 ..... 4 096 4,00 K mpg4decd.dll Tue 9 May 2006 21:00:58 ..... 241 152 235,50 K mpg4dmod.dll Tue 9 May 2006 22:26:34 A.... 4 096 4,00 K msdelta.dll Tue 9 May 2006 20:45:20 ..... 304 640 297,50 K mshtml.dll Thu 23 Mar 2006 22:35:42 A.... 3 074 560 2,93 M msnetobj.dll Tue 9 May 2006 22:26:34 A.... 212 480 207,50 K mspmsnsv.dll Tue 9 May 2006 22:26:34 A.... 26 112 25,50 K mspmsp.dll Tue 9 May 2006 22:26:34 A.... 165 376 161,50 K msscp.dll Tue 9 May 2006 20:59:20 A.... 417 280 407,50 K mswmdm.dll Tue 9 May 2006 22:26:34 A.... 306 688 299,50 K netdde.dll Sat 3 Jun 2006 18:36:30 A.... 81 920 80,00 K ping.dll Sat 3 Jun 2006 19:47:50 A.... 81 920 80,00 K po1676~1.dll Tue 9 May 2006 20:58:48 ..... 188 928 184,50 K portab~1.dll Tue 9 May 2006 20:58:48 ..... 345 600 337,50 K portab~2.dll Tue 9 May 2006 20:58:48 ..... 101 376 99,00 K portab~3.dll Tue 9 May 2006 20:58:38 ..... 168 960 165,00 K portab~4.dll Tue 9 May 2006 20:58:50 ..... 103 424 101,00 K qasf.dll Tue 9 May 2006 22:26:34 A.... 201 728 197,00 K shdocvw.dll Thu 30 Mar 2006 11:26:12 A.... 1 492 992 1,42 M shell32.dll Fri 17 Mar 2006 6:07:40 A.... 8 508 416 8,11 M spmsg.dll Mon 3 Apr 2006 11:40:10 ..... 14 048 13,72 K urlmon.dll Sat 18 Mar 2006 13:09:54 A.... 615 424 601,00 K wdfapi.dll Tue 9 May 2006 22:26:34 A.... 4 096 4,00 K wmadmod.dll Tue 9 May 2006 22:26:34 A.... 705 024 688,50 K wmadmoe.dll Tue 9 May 2006 22:26:34 A.... 1 063 424 1,01 M wmasf.dll Tue 9 May 2006 22:26:34 A.... 221 696 216,50 K wmdmlog.dll Tue 9 May 2006 22:26:34 A.... 31 744 31,00 K wmdmps.dll Tue 9 May 2006 22:26:34 A.... 36 864 36,00 K wmdrmdev.dll Tue 9 May 2006 22:26:34 A.... 417 280 407,50 K wmdrmnet.dll Tue 9 May 2006 22:26:34 A.... 337 408 329,50 K wmdrmsdk.dll Tue 9 May 2006 20:59:34 ..... 513 536 501,50 K wmerror.dll Wed 10 May 2006 2:19:26 A.... 260 608 254,50 K wmidx.dll Tue 9 May 2006 22:26:34 A.... 155 136 151,50 K wmnetmgr.dll Tue 9 May 2006 22:26:34 A.... 992 256 969,00 K wmp.dll Tue 9 May 2006 22:26:34 A.... 10 394 624 9,91 M wmpasf.dll Tue 9 May 2006 22:26:34 A.... 237 056 231,50 K wmpdxm.dll Tue 9 May 2006 22:26:34 A.... 301 056 294,00 K wmpeff~1.dll Tue 9 May 2006 22:26:34 ..... 433 152 423,00 K wmpencen.dll Tue 9 May 2006 22:26:34 A.... 1 641 472 1,56 M wmploc.dll Wed 10 May 2006 2:51:10 A.... 7 767 040 7,41 M wmpmde.dll Tue 9 May 2006 21:00:22 ..... 546 816 534,00 K wmpps.dll Tue 9 May 2006 22:26:34 ..... 135 680 132,50 K wmpshell.dll Wed 10 May 2006 2:19:42 A.... 97 792 95,50 K wmpsrcwp.dll Tue 9 May 2006 22:26:34 A.... 203 776 199,00 K wmsdmod.dll Tue 9 May 2006 22:26:34 A.... 4 096 4,00 K wmsdmoe2.dll Tue 9 May 2006 22:26:34 A.... 4 096 4,00 K wmspdmod.dll Tue 9 May 2006 22:26:34 A.... 564 736 551,50 K wmspdmoe.dll Tue 9 May 2006 22:26:34 A.... 1 280 000 1,22 M wmvadvd.dll Tue 9 May 2006 22:26:34 A.... 4 096 4,00 K wmvadve.dll Tue 9 May 2006 22:26:34 A.... 4 096 4,00 K wmvcore.dll Tue 9 May 2006 22:22:32 A.... 2 463 744 2,35 M wmvdecod.dll Tue 9 May 2006 21:01:06 ..... 1 463 808 1,39 M wmvdmod.dll Tue 9 May 2006 22:26:34 A.... 4 096 4,00 K wmvdmoe2.dll Tue 9 May 2006 22:26:34 A.... 4 096 4,00 K wmvencod.dll Tue 9 May 2006 21:00:58 ..... 1 455 616 1,39 M wmvsdecd.dll Tue 9 May 2006 21:01:06 ..... 1 359 360 1,29 M wmvsencd.dll Tue 9 May 2006 21:00:58 ..... 770 560 752,50 K wmvxencd.dll Tue 9 May 2006 21:00:56 ..... 636 928 622,00 K wpdconns.dll Tue 9 May 2006 20:58:40 A.... 35 840 35,00 K wpdmtp.dll Tue 9 May 2006 20:58:40 A.... 144 896 141,50 K wpdmtpus.dll Tue 9 May 2006 20:58:40 A.... 55 808 54,50 K wpdshext.dll Wed 10 May 2006 2:19:46 ..... 3 750 912 3,57 M wpdshs~1.dll Tue 9 May 2006 20:58:54 ..... 52 224 51,00 K wpdsp.dll Tue 9 May 2006 20:58:46 A.... 343 552 335,50 K wpdtrace.dll Tue 9 May 2006 20:58:38 A.... 13 312 13,00 K wpd_ci.dll Tue 9 May 2006 20:58:50 A.... 670 208 654,50 K wudfco~1.dll Tue 11 Apr 2006 14:30:44 ..... 93 752 91,55 K wudfpl~1.dll Tue 11 Apr 2006 14:26:44 ..... 158 208 154,50 K wudfsvc.dll Tue 11 Apr 2006 14:26:56 ..... 54 272 53,00 K wudfx.dll Tue 11 Apr 2006 14:27:18 ..... 304 640 297,50 K xpsp3res.dll Thu 30 Mar 2006 3:16:46 A.... 17 920 17,50 K 84 items found: 84 files, 0 directories. Total of file sizes: 63 514 696 bytes 60,57 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ set47b.tmp Tue 9 May 2006 22:26:34 A.... 221 696 216,50 K set489.tmp Tue 9 May 2006 22:22:32 A.... 2 463 744 2,35 M 2 items found: 2 files, 0 directories. Total of file sizes: 2 685 440 bytes 2,56 M ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle HP_PAVILION Le num‚ro de s‚rie du volume est 7846-9FBD R‚pertoire de C:\WINDOWS\System32 26/05/2006 17:53 <REP> dllcache 14/05/2006 17:35 13ÿ560 KGyGaAvL.sys 02/01/2002 06:24 <REP> Microsoft 1 fichier(s) 13ÿ560 octets 2 R‚p(s) 44ÿ314ÿ255ÿ360 octets libres
  25. alane
    c'est ce que j'ai fait justement
×
×
  • Créer...