impossible de me connecter à internet

Marsh Posté le 13-10-2005 à 08:28:07

Bonjour,

Voilà 8 mois que mon ordinateur est infecté par des virus !

Au départ, j'ai eu une transformation de l'image de mon bureau avec un écran bleu et une inscription en grosses lettres. J'ai réussi à l'enlever, mais depuis, tout est parti dans tous les sens.

J'ai tenté tout ce qui m'est venu à l'esprit (mais mes compétences laissent à désirer...), j'ai installé plusieurs antivirus et anti-spyware ( a2personal, cleanup, cwshredder, fixblast, flowprotector2005, fxsasser, pestpatrol, stinger, viruskeeper, winsockxpfix, recemment la demo de kaspersky, spybot, adaware,...), fait des scans, j'ai installé Firefox entre temps, mais rien n'y a fait puisque 1 mois après l'infection de mon ordinateur , il m'est devenu impossible de me connecter à internet : après composition du numéro par le modem adsl, j'ai le message suivant " accès refusé, votre mot de passe ou identifiant n'est pas valide sur le domaine".

J'ai également une fenêtre qui s'ouvre de façon intempestive disant qu'une connexion est requise à partir de a-d-ware (écrit toujours de façons différentes ex : ad-ware, a-d-w-a-r-e, etc.), avec un bouton "numéroter".

Ma connexion adsl n'a pas de problème puisque j'arrive à me connecter depuis mon ordinateur portable avec le même mot de passe et identifiant (c'est pour ça que j'ai attendu si longtemps avant de m'occuper à nouveau de ce problème qui commençait à me déprimer sacrément ! ). je me suis dit que j'avais encore une chance d'échapper à un formatage superdestructeur !

Pouvez-vous m'aider svp ?

Merci d'avance.

Reply

Marsh Posté le 13-10-2005 à 08:28:07

Reply

Marsh Posté le 13-10-2005 à 09:21:48

Essaye hijackthis, et post ton rapport sur des sites ou des robots analyse le tout...
Sinon, si ça te dérange pas trop, format et met un firewall avant de te connecté au net...

Reply

Marsh Posté le 13-10-2005 à 09:56:06

Je conseillerais le formatage aussi... Je sais que c'est chiant et je sais que ce genre de problèmes ca peut se résoudre, mais au vu de ton système, tu ferais mieux de partir sur des bases propres

Reply

Marsh Posté le 13-10-2005 à 10:16:40

Oula !

D'abord, merci pour vos réponses

Ben le problème c'est que je souhaiterais vraiment éviter le formatage... Peut-être y a-t-il encore des solutions avant le grand saut ?...

Est- ce que je peux poster un rapport d'hijackthis ici ou faut-il aller sur d'autres forums ?

Merci merci merci

Reply

Marsh Posté le 13-10-2005 à 10:39:24

tu postes ici c'est fait pour

meme si ton log fait 500 km de long on s'en fout on va te nettoyer tout ca

---------------
Les CSS c'est bon mangez-en

Reply

Marsh Posté le 13-10-2005 à 11:02:29

Ouais, mais essaye d'abord avec les robots, ça gueule pas mal à cause de ces rapports... packe c vrai que c chiant à lire

Reply

Marsh Posté le 13-10-2005 à 13:58:23

Chouette ! Merci beaucoup

J'espère vraiment que quelqu'un va pouvoir me donner un coup de patte parce que formater ma machine, ça m'embêterait beaucoup beaucoup (bon, je me répète, j'lai déjà dit ça ! ).

J'ai fait deux scan avec hijackthis : un en mode normal, et un en mode sans échec.

Mode Normal

Logfile of HijackThis v1.99.1
Scan saved at 12:53:34, on 13/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUpKiller\PopUpKiller.EXE
O4 - HKLM\..\Run: [SpybotSnD] "H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\Cli\LOCALS~1\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://imin.cvf.fr/imin_data/ocx/MDM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/ [...] canner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/5 [...] taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 5352180660
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/ [...] gleNav.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a936.g.akamai.net/7/936/537 [...] scan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v [...] b27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\r06u0aj9edo.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

----------

Mode sans échec

Logfile of HijackThis v1.99.1
Scan saved at 13:09:45, on 13/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUpKiller\PopUpKiller.EXE
O4 - HKLM\..\Run: [SpybotSnD] "H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\Cli\LOCALS~1\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://imin.cvf.fr/imin_data/ocx/MDM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/ [...] canner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/5 [...] taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 5352180660
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/ [...] gleNav.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a936.g.akamai.net/7/936/537 [...] scan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v [...] b27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: Fonts - C:\WINDOWS\system32\n28o0cl3efq.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Voilà. Il y a quelque chose qui cloche ?

Merci encore d'accepter de passer un peu de temps sur mon log.

Reply

Marsh Posté le 13-10-2005 à 16:46:09

Sinon, j'ai déjà essayé plusieurs fois avec un robot.

J'ai supprimé les entrées marquées comme dangereuse (point d'exclamation rouge), mais elles sont parfois revenues plus tard, et ma connexion ne fonctionne toujours pas.

Quant aux entrées marquées d'un point d'interrogation, je ne les ai pas toutes supprimées car je n'en connais pas toujours le sens (j'ai peur de supprimer des choses valables).

Par contre, je me posais la question sur l'entrée 020 de mon log : ce n'est pas le même rapport en mode normal et en mode sans échec.

En plus de ça, je viens de refaire un scan en mode normal, et, alors que sur le log que j'ai publié ici est inscrit :
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\r06u0aj9edo.dll (ligne dite inconnue par le robot),
il est inscrit sur celui que je viens de faire :
020 - Winlogon Notify : NetCache - C:\Windows\system32\j6l4lg3q16.dll

Est-ce normal ? :??:

Reply

Marsh Posté le 13-10-2005 à 20:01:02

Comprends pô... :spamafote:

Reply

Marsh Posté le 13-10-2005 à 20:43:01

J'hésite à t'aider, car avec les "conseils" qui t'ont été donnés, je ne sais pas ce que tu as pu faire (autrement dit "fixer" ) avec hijackThis.

Je vois que par exemple, tu n'as pas de lignes O17.

Dans un premier temps, fais ceci ( programme et log peuvent transiter via une disquette ou une clé USB) :

Télécharge ce fichier.
Mets-le sur ton bureau.
Dézippe-le sur ton bureau.
Double-clique l2mfix.bat et choisis l'option 1 (et entrée).
Laisse-le travailler qq minutes et copie/colle le log final ici (ENTIER !).

Ps : surtout, ne clique pas encore l'option 2..ni aucun autre fichier de l2mfix!!!

Reply

Marsh Posté le 13-10-2005 à 20:43:01

Reply

Marsh Posté le 13-10-2005 à 21:28:58

Merci de ta réponse Acrobaze ,

Voici mon log final sous l2mfix :

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\i006lads1d06.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{FD3966F4-823B-4130-A168-7488F0686860}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de proprits du fichier multimdia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de scurit NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des proprits de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de scurit DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donnes endommages de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets rseau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension icne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de scurit des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions rseau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions rseau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interprteur de commandes pour l'environnement d'excution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donnes Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tches planifies"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tches et menu Dmarrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Excuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du tlchargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet intgr de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Bote d'entre de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalise MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Paramtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de dmarrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="numrateur d'applications installes"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de rsum (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{709DF35C-5F36-49C7-9A41-D2482AB73418}"=""
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{878E42FC-D08E-4126-A495-3B10ADAB8713}"=""
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chane"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chane"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{709DF35C-5F36-49C7-9A41-D2482AB73418}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{709DF35C-5F36-49C7-9A41-D2482AB73418}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{709DF35C-5F36-49C7-9A41-D2482AB73418}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{709DF35C-5F36-49C7-9A41-D2482AB73418}\InprocServer32]
@="C:\\WINDOWS\\system32\\moiole32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{878E42FC-D08E-4126-A495-3B10ADAB8713}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{878E42FC-D08E-4126-A495-3B10ADAB8713}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{878E42FC-D08E-4126-A495-3B10ADAB8713}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{878E42FC-D08E-4126-A495-3B10ADAB8713}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
agvpack.dll Sun 9 Oct 2005 19:09:08 ..S.R 223 378 218,14 K
atsldpc.dll Wed 21 Sep 2005 12:05:26 ..S.R 225 452 220,17 K
cimocx.dll Sun 21 Aug 2005 21:46:52 ..S.R 224 593 219,33 K
dfmsrpcn.dll Tue 20 Sep 2005 18:40:42 ..S.R 223 927 218,68 K
dhimg010.dll Wed 5 Oct 2005 8:47:32 ..S.R 223 087 217,86 K
dtmsadsn.dll Mon 1 Aug 2005 10:20:10 ..S.R 224 624 219,36 K
fuifs.dll Tue 19 Jul 2005 10:38:52 ..S.R 222 956 217,73 K
i006la~1.dll Thu 13 Oct 2005 13:14:06 ..S.R 224 931 219,66 K
icssam.dll Wed 5 Oct 2005 8:21:04 ..S.R 224 889 219,62 K
k0260a~1.dll Tue 6 Sep 2005 11:07:38 ..S.R 223 537 218,30 K
kh1394.dll Mon 10 Oct 2005 13:07:20 ..S.R 225 708 220,42 K
kqdest.dll Wed 12 Oct 2005 10:16:10 ..S.R 223 442 218,20 K
ksrberos.dll Wed 20 Jul 2005 10:38:12 ..S.R 225 715 220,42 K
kvdro.dll Tue 26 Jul 2005 10:43:18 ..S.R 224 489 219,23 K
lp_meta.dll Mon 18 Jul 2005 12:54:56 ..S.R 225 715 220,42 K
mar2cenu.dll Tue 27 Sep 2005 20:13:10 ..S.R 226 102 220,80 K
masystem.dll Thu 21 Jul 2005 14:36:44 ..S.R 222 885 217,66 K
mhang.dll Wed 5 Oct 2005 10:04:22 ..S.R 223 378 218,14 K
mhc40u.dll Tue 11 Oct 2005 9:03:12 ..S.R 223 135 217,90 K
mhvcrt10.dll Thu 13 Oct 2005 8:44:22 ..S.R 225 891 220,59 K
moiole32.dll Thu 13 Oct 2005 19:52:36 ..S.R 224 931 219,66 K
mpvcp50.dll Mon 10 Oct 2005 9:15:26 ..S.R 224 027 218,77 K
msrmsg.dll Wed 12 Oct 2005 9:19:16 ..S.R 223 135 217,90 K
mvl_hp.dll Sun 7 Aug 2005 12:04:22 ..S.R 223 926 218,68 K
mvtvgs.dll Sat 30 Jul 2005 12:50:40 ..S.R 223 926 218,68 K
nerspt.dll Mon 3 Oct 2005 13:29:44 ..S.R 223 166 217,93 K
newrsnl.dll Thu 13 Oct 2005 13:05:04 ..S.R 224 931 219,66 K
nqrszhc.dll Sun 21 Aug 2005 21:59:50 ..S.R 225 338 220,05 K
pipusd.dll Thu 13 Oct 2005 8:37:22 ..S.R 224 931 219,66 K
pycdvlp.dll Wed 5 Oct 2005 12:12:38 ..S.R 223 606 218,36 K
q8nu0i~1.dll Thu 13 Oct 2005 19:52:36 ..S.R 225 889 220,59 K
rar20.dll Sun 2 Oct 2005 9:13:48 ..S.R 225 452 220,17 K
rmgapi.dll Tue 20 Sep 2005 16:57:36 ..S.R 222 917 217,69 K
spardssp.dll Tue 11 Oct 2005 10:06:02 ..S.R 223 442 218,20 K
tfpmon.dll Fri 29 Jul 2005 16:41:44 ..S.R 222 885 217,66 K
uqnp.dll Thu 13 Oct 2005 8:22:02 ..S.R 223 442 218,20 K
vn4fr32.dll Tue 4 Oct 2005 16:51:32 ..S.R 224 833 219,56 K
vn6stkit.dll Tue 6 Sep 2005 11:07:38 ..S.R 222 917 217,69 K
wjvcore.dll Thu 13 Oct 2005 13:16:06 ..S.R 222 926 217,70 K
wyi.dll Wed 12 Oct 2005 10:21:12 ..S.R 223 513 218,27 K

40 items found: 40 files (40 H/S), 0 directories.
Total of file sizes: 8 967 967 bytes 8,55 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 5C6A-0570

Rpertoire de C:\WINDOWS\System32

13/10/2005 19:52 224ÿ931 moiole32.dll
13/10/2005 19:52 225ÿ889 q8nu0i59e8.dll
13/10/2005 13:16 222ÿ926 wjvcore.dll
13/10/2005 13:14 224ÿ931 i006lads1d06.dll
13/10/2005 13:05 224ÿ931 newrsnl.dll
13/10/2005 08:44 225ÿ891 Mhvcrt10.dll
13/10/2005 08:37 224ÿ931 pipusd.dll
13/10/2005 08:22 223ÿ442 uqnp.dll
12/10/2005 10:21 223ÿ513 wyi.dll
12/10/2005 10:16 223ÿ442 kqdest.dll
12/10/2005 09:19 223ÿ135 msrmsg.dll
11/10/2005 10:06 223ÿ442 spardssp.dll
11/10/2005 09:03 223ÿ135 mhc40u.dll
10/10/2005 13:07 225ÿ708 kh1394.dll
10/10/2005 09:15 224ÿ027 mpvcp50.dll
09/10/2005 19:09 223ÿ378 agvpack.dll
05/10/2005 12:12 223ÿ606 pycDvlp.dll
05/10/2005 10:04 223ÿ378 mhang.dll
05/10/2005 08:47 223ÿ087 dhImg010.dll
05/10/2005 08:21 224ÿ889 iCssam.dll
04/10/2005 17:14 <REP> dllcache
04/10/2005 16:51 224ÿ833 vn4fr32.dll
03/10/2005 13:29 223ÿ166 nerspt.dll
02/10/2005 09:13 225ÿ452 rar20.dll
27/09/2005 20:13 226ÿ102 mar2cenu.dll
21/09/2005 12:05 225ÿ452 atsldpc.dll
20/09/2005 18:40 223ÿ927 dfmsrpcn.dll
20/09/2005 16:57 222ÿ917 rmgapi.dll
06/09/2005 11:07 222ÿ917 VN6STKIT.DLL
06/09/2005 11:07 223ÿ537 k0260afsed260.dll
21/08/2005 21:59 225ÿ338 nqrszhc.dll
21/08/2005 21:46 224ÿ593 cImocx.dll
07/08/2005 12:04 223ÿ926 mvl_hp.dll
01/08/2005 10:20 224ÿ624 dtmsadsn.dll
30/07/2005 12:50 223ÿ926 mvtvgs.dll
29/07/2005 16:41 222ÿ885 tfpmon.dll
26/07/2005 10:43 224ÿ489 kvdro.dll
21/07/2005 14:36 222ÿ885 masystem.dll
20/07/2005 10:38 225ÿ715 ksrberos.dll
19/07/2005 10:38 222ÿ956 fuifs.dll
18/07/2005 12:54 225ÿ715 lp_meta.dll
07/07/2005 11:34 224ÿ783 kidhu1.dll
05/07/2005 11:26 223ÿ882 mic42loc.dll
03/07/2005 08:53 223ÿ559 PABDLG.DLL
02/07/2005 20:11 223ÿ991 dftmsft.dll
30/06/2005 12:37 223ÿ559 mhpmspsv.dll
29/06/2005 13:37 222ÿ611 bjdispl.dll
28/06/2005 12:07 223ÿ559 ahmparse.dll
25/06/2005 11:35 222ÿ611 mmxbde40.dll
24/06/2005 09:56 223ÿ246 jvmd400.dll
23/06/2005 16:00 222ÿ611 kqdfr.dll
23/06/2005 09:44 226ÿ218 udrdpa.dll
22/06/2005 18:57 222ÿ932 nvtman.dll
17/06/2005 09:11 226ÿ218 dnmrtp.dll
16/06/2005 10:19 224ÿ848 oijsel.dll
15/06/2005 10:54 222ÿ994 durgui.dll
14/06/2005 10:50 224ÿ907 wgssvc.dll
13/06/2005 10:36 223ÿ027 mvrt.dll
12/06/2005 09:54 226ÿ239 kodgkl.dll
09/06/2005 14:23 225ÿ854 qidit.dll
09/06/2005 10:34 225ÿ854 vcfilter.dll
09/06/2005 10:34 226ÿ208 k4no0e53eh.dll
08/06/2005 16:54 224ÿ530 SCWValid.dll
08/06/2005 11:22 223ÿ112 dlserial.dll
07/06/2005 19:50 224ÿ936 ckyptnet.dll
07/06/2005 14:02 223ÿ049 kxdhu1.dll
06/06/2005 16:14 225ÿ741 dkvacm.dll
06/06/2005 15:13 225ÿ652 mpise.dll
04/06/2005 13:43 225ÿ376 nkmkcert.dll
31/05/2005 20:29 222ÿ754 JAIT500.DLL
29/05/2005 20:34 225ÿ376 is41_qc.dll
03/05/2005 18:23 223ÿ808 mjvfw32.dll
01/05/2005 09:00 225ÿ278 hqui.dll
30/04/2005 22:02 223ÿ808 osecli.dll
30/04/2005 21:56 223ÿ808 UJZIP32.DLL
30/04/2005 21:56 224ÿ725 jtju0719e.dll
28/04/2005 12:26 224ÿ490 pfpusb.dll
27/04/2005 12:15 223ÿ808 mgi.dll
26/04/2005 16:26 223ÿ735 iC06lgds1606.dll
26/04/2005 12:43 225ÿ590 etpsrv.dll
26/04/2005 07:52 223ÿ735 Pyeng50.dll
25/04/2005 21:31 223ÿ521 natlogon.dll
25/04/2005 12:23 223ÿ214 wypdinfo.dll
25/04/2005 08:15 225ÿ336 pfbase.dll
24/04/2005 22:08 224ÿ716 kddhela2.dll
24/04/2005 09:13 224ÿ252 dp32gt.dll
23/04/2005 21:07 223ÿ898 damap.dll
23/04/2005 08:32 223ÿ325 ESIFLN62.DLL
22/04/2005 12:22 223ÿ096 imetcplc.dll
22/04/2005 07:37 224ÿ947 mdapsspc.dll
21/04/2005 17:28 223ÿ201 wmninet.dll
21/04/2005 12:21 223ÿ112 kpdhu.dll
21/04/2005 08:02 224ÿ546 cDrds.dll
20/04/2005 16:22 223ÿ159 senike.dll
20/04/2005 12:11 224ÿ710 mhl_mtf.dll
20/04/2005 07:37 222ÿ995 sdrmdll.dll
19/04/2005 17:16 224ÿ818 wlcsapi.dll
19/04/2005 12:11 223ÿ088 macoree.dll
19/04/2005 07:26 225ÿ750 RB3228_8.dll
18/04/2005 10:27 224ÿ411 wnaservc.dll
17/04/2005 20:08 222ÿ979 wtsdmoe.dll
15/04/2005 17:49 224ÿ411 uudmxfrm.dll
15/04/2005 14:58 222ÿ979 kxdaze.dll
15/04/2005 12:42 224ÿ910 mxrui.dll
15/04/2005 07:02 223ÿ150 pacAdimg.dll
14/04/2005 18:51 225ÿ971 rxutetab.dll
14/04/2005 12:47 224ÿ242 wwdap32.dll
14/04/2005 06:59 223ÿ497 EBBAPI.dll
13/04/2005 16:23 222ÿ783 nfwrszht.dll
13/04/2005 12:01 225ÿ889 lycalsec.dll
13/04/2005 07:18 224ÿ066 ail.dll
12/04/2005 17:29 225ÿ889 cnmpatUI.dll
12/04/2005 12:30 224ÿ066 newks.dll
12/04/2005 07:01 223ÿ306 JAAD500.DLL
11/04/2005 21:00 225ÿ241 mebsync.dll
11/04/2005 18:25 223ÿ306 dmmsadsn.dll
11/04/2005 18:09 222ÿ573 cgbcatex.dll
10/04/2005 21:53 226ÿ170 dgmrtp.dll
20/03/2005 19:17 222ÿ573 nutman.dll
19/03/2005 11:06 226ÿ170 kvdne.dll
18/03/2005 18:35 225ÿ393 bVtt.dll
16/03/2005 15:19 224ÿ553 mwdtcuiu.dll
07/03/2005 09:11 223ÿ120 EXIFLN61.DLL
05/03/2005 21:19 223ÿ120 dggest.dll
05/03/2005 21:19 224ÿ163 gp40l3hm1.dll
04/03/2005 15:14 223ÿ866 SuerraNW.DLL
28/02/2005 19:35 223ÿ120 kjdhela2.dll
27/02/2005 11:11 225ÿ236 mgvcrt.dll
26/02/2005 11:26 225ÿ118 JLAR500.DLL
20/02/2005 10:42 225ÿ845 wfnvocon.dll
19/02/2005 13:19 225ÿ118 csmuid.dll
17/02/2005 10:02 224ÿ434 khdest.dll
12/02/2005 12:19 225ÿ118 dhmsadsn.dll
11/02/2005 17:25 224ÿ434 awrsvc.dll
09/02/2005 20:51 222ÿ857 kudcr.dll
09/02/2005 10:21 222ÿ614 li_messagetext.dll
08/02/2005 10:22 225ÿ909 jt4q07h5e.dll
08/02/2005 09:55 225ÿ909 mdxml.dll
07/02/2005 22:56 225ÿ238 tNpi32.dll
04/02/2005 19:25 225ÿ223 sireamci.dll
03/02/2005 18:32 224ÿ157 mQpi32.dll
02/02/2005 14:22 224ÿ157 m6280gfue6280.dll
02/02/2005 14:05 224ÿ051 hr8m05l1e.dll
26/01/2005 23:29 224ÿ051 ctc.dll
23/01/2005 13:54 223ÿ522 DK240.dll
23/01/2005 12:21 223ÿ522 tcolhelp.dll
22/01/2005 16:54 222ÿ698 fp4q03h5e.dll
20/01/2005 11:30 224ÿ364 vuwwdm32.dll
20/01/2005 10:18 224ÿ645 dn8201loe.dll
19/01/2005 10:26 224ÿ364 boowser.dll
18/01/2005 16:05 223ÿ099 iwcvid.dll
17/01/2005 11:13 222ÿ481 lw_meta.dll
14/01/2005 22:59 225ÿ040 i606lgds1606.dll
13/01/2005 11:53 225ÿ040 adicap.dll
13/01/2005 09:40 225ÿ040 mhawt.dll
12/01/2005 11:13 223ÿ039 ijetppui.dll
11/01/2005 14:59 223ÿ041 mgcomput.dll
11/01/2005 10:15 222ÿ392 l86o0ij3e8o.dll
11/01/2005 09:30 223ÿ191 r66ulgj916o.dll
09/01/2005 13:24 224ÿ142 mmqm.dll
08/01/2005 12:26 223ÿ061 JZN1500.DLL
08/01/2005 12:22 225ÿ783 vdhelper.dll
08/01/2005 10:48 224ÿ531 ottext32.dll
07/01/2005 20:08 223ÿ135 sjssetup.dll
07/01/2005 12:52 225ÿ017 fdntsub.dll
07/01/2005 10:39 225ÿ411 qkdit.dll
06/01/2005 11:42 225ÿ017 mmrt.dll
20/12/2004 15:22 10ÿ856 KGyGaAvL.sys
20/12/2004 15:22 56 F7641CF80D.sys
13/11/2003 12:16 14ÿ848 Thumbs.db
169 fichier(s) 37ÿ245ÿ394 octets
1 Rp(s) 4ÿ162ÿ076ÿ672 octets libres

Reply

Marsh Posté le 13-10-2005 à 22:43:26

Bon, tu vas faire deux choses :

1- Lance HijackThis -> config -> misc tools -> backups
Tu dois avoir la liste de ce que tu as fixé.
Sélectionne les lignes O17 et clique "Restore". (une par une, je pense)

2- Tu as une énorme infection Vx2. Donc enchaîne avec ceci :

- Ferme tes applications, il va y avoir un reboot.
- Tu double-cliques l2mfix.bat et cette fois-ci, tu choisis l'option 2 (taper 2 et entrée). Ne t'inquiète pas si le bureau ou les icônes disparaissent un instant. C'est normal.
Pareil, il y aura un fichier texte à la fin.

- Copie/colle ce fichier texte et un nouvel HijackThis, pour finir.

Reply

Marsh Posté le 14-10-2005 à 07:25:46

Merci Acrobaze,

je me suis précipitée sur mon ordi pour lancer hijackthis, et... Malheur !... Je n'ai aucun fichier 017 dans les backups : j'ai des 01, 04, 09, 015, 016, 020, R1.

Dois-je quand même procéder à la deuxième partie de ta proposition ?

Reply

Marsh Posté le 14-10-2005 à 17:58:03

Bonjour,

Oui, ce sontdeux choses indépendantes. On verra ce que donne l'ordi une fois débarrassé des fichiers Vx2. Lance la seconde partie, oui.

Reply

Marsh Posté le 14-10-2005 à 19:57:58

Oula !! Je viens de faire l'option 2, mon ordi a rebooté, et là, au démarrage, j'ai une fenêtre de l'éditeur de registre qui dit " impossible d'exporter backdregs\709DF35C-5F36-49C7-9A416D2482AB73418.reg : erreur d'ouverture du fichier. Il pourrait y avoir une erreur de disque ou de fichier système" !!

Reply

Marsh Posté le 14-10-2005 à 19:59:48

Bon, j'ai cliqué OK, j'ai eu un deuxième message, et là, il fait un scan. J'ai bien flippé là ! :sweat:

Reply

Marsh Posté le 14-10-2005 à 20:00:57

Il a du travail....

Reply

Marsh Posté le 14-10-2005 à 20:08:26

Merci encore Acrobaze et les autres aussi de passer un peu de temps sur mon pb

Voici le log de l2mfix :

Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1076 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1128 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\adicap.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\agvpack.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\ahmparse.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\ail.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\atsldpc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\awrsvc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\bjdispl.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\boowser.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\bVtt.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\cDrds.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\cgbcatex.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\cImocx.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\ckyptnet.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\cnmpatUI.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\csmuid.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\ctc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\damap.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dfmsrpcn.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dftmsft.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dggest.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dgmrtp.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dhImg010.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dhmsadsn.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\DK240.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dkvacm.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dlserial.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dmmsadsn.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dn8201loe.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dnmrtp.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dp32gt.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\dtmsadsn.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\durgui.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\EBBAPI.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\ESIFLN62.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\etpsrv.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\EXIFLN61.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\fdntsub.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\fp4q03h5e.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\fuifs.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\gp40l3hm1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\hqui.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\hr8m05l1e.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\i606lgds1606.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\iC06lgds1606.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\iCssam.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\ijetppui.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\imetcplc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\is41_qc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\iwcvid.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\j22qlcf51f2.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\JAAD500.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\JAIT500.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\JLAR500.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\jt4q07h5e.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\jtju0719e.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\jvmd400.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\JZN1500.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\k0260afsed260.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\k4no0e53eh.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kddhela2.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kh1394.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\khdest.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kidhu1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kjdhela2.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kodgkl.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kpdhu.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kqdest.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kqdfr.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\ksrberos.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kudcr.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kvdne.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kvdro.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kxdaze.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\kxdhu1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\l86o0ij3e8o.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\li_messagetext.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\lp_meta.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\lw_meta.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\lycalsec.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\m6280gfue6280.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\macoree.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mar2cenu.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\masystem.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mdapsspc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mdxml.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mebsync.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mgcomput.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mgi.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mgvcrt.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mhang.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mhawt.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mhc40u.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mhl_mtf.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mhpmspsv.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\Mhvcrt10.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mic42loc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mjoa.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mjvfw32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mmqm.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mmrt.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mmxbde40.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\moiole32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mpise.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mpvcp50.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mQpi32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\msrmsg.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mvl_hp.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mvrt.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mvtvgs.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mwdtcuiu.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\mxrui.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\n6p40g7qe6.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\natlogon.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\nerspt.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\newks.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\newrsnl.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\nfwrszht.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\nkmkcert.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\nqrszhc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\nutman.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\nvtman.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\oijsel.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\osecli.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\ottext32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\PABDLG.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\pacAdimg.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\pfbase.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\pfpusb.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\pipusd.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\pycDvlp.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\Pyeng50.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\qidit.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\qkdit.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\r66ulgj916o.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\rar20.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\RB3228_8.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\rmgapi.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\rxutetab.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\SCWValid.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\sdrmdll.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\senike.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\sireamci.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\sjssetup.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\spardssp.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\SuerraNW.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\tcolhelp.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\tfpmon.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\tNpi32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\udrdpa.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\UJZIP32.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\uqnp.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\uudmxfrm.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\vcfilter.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\vdhelper.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\vn4fr32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\VN6STKIT.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\vuwwdm32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\wfnvocon.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\wgssvc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\wjvcore.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\wlcsapi.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\wmninet.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\wnaservc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\wtsdmoe.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\wwdap32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\wyi.dll
1 fichier(s) copi(s).
Backing Up: C:\WINDOWS\system32\wypdinfo.dll
1 fichier(s) copi(s).
deleting: C:\WINDOWS\system32\adicap.dll
Successfully Deleted: C:\WINDOWS\system32\adicap.dll
deleting: C:\WINDOWS\system32\agvpack.dll
Successfully Deleted: C:\WINDOWS\system32\agvpack.dll
deleting: C:\WINDOWS\system32\ahmparse.dll
Successfully Deleted: C:\WINDOWS\system32\ahmparse.dll
deleting: C:\WINDOWS\system32\ail.dll
Successfully Deleted: C:\WINDOWS\system32\ail.dll
deleting: C:\WINDOWS\system32\atsldpc.dll
Successfully Deleted: C:\WINDOWS\system32\atsldpc.dll
deleting: C:\WINDOWS\system32\awrsvc.dll
Successfully Deleted: C:\WINDOWS\system32\awrsvc.dll
deleting: C:\WINDOWS\system32\bjdispl.dll
Successfully Deleted: C:\WINDOWS\system32\bjdispl.dll
deleting: C:\WINDOWS\system32\boowser.dll
Successfully Deleted: C:\WINDOWS\system32\boowser.dll
deleting: C:\WINDOWS\system32\bVtt.dll
Successfully Deleted: C:\WINDOWS\system32\bVtt.dll
deleting: C:\WINDOWS\system32\cDrds.dll
Successfully Deleted: C:\WINDOWS\system32\cDrds.dll
deleting: C:\WINDOWS\system32\cgbcatex.dll
Successfully Deleted: C:\WINDOWS\system32\cgbcatex.dll
deleting: C:\WINDOWS\system32\cImocx.dll
Successfully Deleted: C:\WINDOWS\system32\cImocx.dll
deleting: C:\WINDOWS\system32\ckyptnet.dll
Successfully Deleted: C:\WINDOWS\system32\ckyptnet.dll
deleting: C:\WINDOWS\system32\cnmpatUI.dll
Successfully Deleted: C:\WINDOWS\system32\cnmpatUI.dll
deleting: C:\WINDOWS\system32\csmuid.dll
Successfully Deleted: C:\WINDOWS\system32\csmuid.dll
deleting: C:\WINDOWS\system32\ctc.dll
Successfully Deleted: C:\WINDOWS\system32\ctc.dll
deleting: C:\WINDOWS\system32\damap.dll
Successfully Deleted: C:\WINDOWS\system32\damap.dll
deleting: C:\WINDOWS\system32\dfmsrpcn.dll
Successfully Deleted: C:\WINDOWS\system32\dfmsrpcn.dll
deleting: C:\WINDOWS\system32\dftmsft.dll
Successfully Deleted: C:\WINDOWS\system32\dftmsft.dll
deleting: C:\WINDOWS\system32\dggest.dll
Successfully Deleted: C:\WINDOWS\system32\dggest.dll
deleting: C:\WINDOWS\system32\dgmrtp.dll
Successfully Deleted: C:\WINDOWS\system32\dgmrtp.dll
deleting: C:\WINDOWS\system32\dhImg010.dll
Successfully Deleted: C:\WINDOWS\system32\dhImg010.dll
deleting: C:\WINDOWS\system32\dhmsadsn.dll
Successfully Deleted: C:\WINDOWS\system32\dhmsadsn.dll
deleting: C:\WINDOWS\system32\DK240.dll
Successfully Deleted: C:\WINDOWS\system32\DK240.dll
deleting: C:\WINDOWS\system32\dkvacm.dll
Successfully Deleted: C:\WINDOWS\system32\dkvacm.dll
deleting: C:\WINDOWS\system32\dlserial.dll
Successfully Deleted: C:\WINDOWS\system32\dlserial.dll
deleting: C:\WINDOWS\system32\dmmsadsn.dll
Successfully Deleted: C:\WINDOWS\system32\dmmsadsn.dll
deleting: C:\WINDOWS\system32\dn8201loe.dll
Successfully Deleted: C:\WINDOWS\system32\dn8201loe.dll
deleting: C:\WINDOWS\system32\dnmrtp.dll
Successfully Deleted: C:\WINDOWS\system32\dnmrtp.dll
deleting: C:\WINDOWS\system32\dp32gt.dll
Successfully Deleted: C:\WINDOWS\system32\dp32gt.dll
deleting: C:\WINDOWS\system32\dtmsadsn.dll
Successfully Deleted: C:\WINDOWS\system32\dtmsadsn.dll
deleting: C:\WINDOWS\system32\durgui.dll
Successfully Deleted: C:\WINDOWS\system32\durgui.dll
deleting: C:\WINDOWS\system32\EBBAPI.dll
Successfully Deleted: C:\WINDOWS\system32\EBBAPI.dll
deleting: C:\WINDOWS\system32\ESIFLN62.DLL
Successfully Deleted: C:\WINDOWS\system32\ESIFLN62.DLL
deleting: C:\WINDOWS\system32\etpsrv.dll
Successfully Deleted: C:\WINDOWS\system32\etpsrv.dll
deleting: C:\WINDOWS\system32\EXIFLN61.DLL
Successfully Deleted: C:\WINDOWS\system32\EXIFLN61.DLL
deleting: C:\WINDOWS\system32\fdntsub.dll
Successfully Deleted: C:\WINDOWS\system32\fdntsub.dll
deleting: C:\WINDOWS\system32\fp4q03h5e.dll
Successfully Deleted: C:\WINDOWS\system32\fp4q03h5e.dll
deleting: C:\WINDOWS\system32\fuifs.dll
Successfully Deleted: C:\WINDOWS\system32\fuifs.dll
deleting: C:\WINDOWS\system32\gp40l3hm1.dll
Successfully Deleted: C:\WINDOWS\system32\gp40l3hm1.dll
deleting: C:\WINDOWS\system32\hqui.dll
Successfully Deleted: C:\WINDOWS\system32\hqui.dll
deleting: C:\WINDOWS\system32\hr8m05l1e.dll
Successfully Deleted: C:\WINDOWS\system32\hr8m05l1e.dll
deleting: C:\WINDOWS\system32\i606lgds1606.dll
Successfully Deleted: C:\WINDOWS\system32\i606lgds1606.dll
deleting: C:\WINDOWS\system32\iC06lgds1606.dll
Successfully Deleted: C:\WINDOWS\system32\iC06lgds1606.dll
deleting: C:\WINDOWS\system32\iCssam.dll
Successfully Deleted: C:\WINDOWS\system32\iCssam.dll
deleting: C:\WINDOWS\system32\ijetppui.dll
Successfully Deleted: C:\WINDOWS\system32\ijetppui.dll
deleting: C:\WINDOWS\system32\imetcplc.dll
Successfully Deleted: C:\WINDOWS\system32\imetcplc.dll
deleting: C:\WINDOWS\system32\is41_qc.dll
Successfully Deleted: C:\WINDOWS\system32\is41_qc.dll
deleting: C:\WINDOWS\system32\iwcvid.dll
Successfully Deleted: C:\WINDOWS\system32\iwcvid.dll
deleting: C:\WINDOWS\system32\j22qlcf51f2.dll
Successfully Deleted: C:\WINDOWS\system32\j22qlcf51f2.dll
deleting: C:\WINDOWS\system32\JAAD500.DLL
Successfully Deleted: C:\WINDOWS\system32\JAAD500.DLL
deleting: C:\WINDOWS\system32\JAIT500.DLL
Successfully Deleted: C:\WINDOWS\system32\JAIT500.DLL
deleting: C:\WINDOWS\system32\JLAR500.DLL
Successfully Deleted: C:\WINDOWS\system32\JLAR500.DLL
deleting: C:\WINDOWS\system32\jt4q07h5e.dll
Successfully Deleted: C:\WINDOWS\system32\jt4q07h5e.dll
deleting: C:\WINDOWS\system32\jtju0719e.dll
Successfully Deleted: C:\WINDOWS\system32\jtju0719e.dll
deleting: C:\WINDOWS\system32\jvmd400.dll
Successfully Deleted: C:\WINDOWS\system32\jvmd400.dll
deleting: C:\WINDOWS\system32\JZN1500.DLL
Successfully Deleted: C:\WINDOWS\system32\JZN1500.DLL
deleting: C:\WINDOWS\system32\k0260afsed260.dll
Successfully Deleted: C:\WINDOWS\system32\k0260afsed260.dll
deleting: C:\WINDOWS\system32\k4no0e53eh.dll
Successfully Deleted: C:\WINDOWS\system32\k4no0e53eh.dll
deleting: C:\WINDOWS\system32\kddhela2.dll
Successfully Deleted: C:\WINDOWS\system32\kddhela2.dll
deleting: C:\WINDOWS\system32\kh1394.dll
Successfully Deleted: C:\WINDOWS\system32\kh1394.dll
deleting: C:\WINDOWS\system32\khdest.dll
Successfully Deleted: C:\WINDOWS\system32\khdest.dll
deleting: C:\WINDOWS\system32\kidhu1.dll
Successfully Deleted: C:\WINDOWS\system32\kidhu1.dll
deleting: C:\WINDOWS\system32\kjdhela2.dll
Successfully Deleted: C:\WINDOWS\system32\kjdhela2.dll
deleting: C:\WINDOWS\system32\kodgkl.dll
Successfully Deleted: C:\WINDOWS\system32\kodgkl.dll
deleting: C:\WINDOWS\system32\kpdhu.dll
Successfully Deleted: C:\WINDOWS\system32\kpdhu.dll
deleting: C:\WINDOWS\system32\kqdest.dll
Successfully Deleted: C:\WINDOWS\system32\kqdest.dll
deleting: C:\WINDOWS\system32\kqdfr.dll
Successfully Deleted: C:\WINDOWS\system32\kqdfr.dll
deleting: C:\WINDOWS\system32\ksrberos.dll
Successfully Deleted: C:\WINDOWS\system32\ksrberos.dll
deleting: C:\WINDOWS\system32\kudcr.dll
Successfully Deleted: C:\WINDOWS\system32\kudcr.dll
deleting: C:\WINDOWS\system32\kvdne.dll
Successfully Deleted: C:\WINDOWS\system32\kvdne.dll
deleting: C:\WINDOWS\system32\kvdro.dll
Successfully Deleted: C:\WINDOWS\system32\kvdro.dll
deleting: C:\WINDOWS\system32\kxdaze.dll
Successfully Deleted: C:\WINDOWS\system32\kxdaze.dll
deleting: C:\WINDOWS\system32\kxdhu1.dll
Successfully Deleted: C:\WINDOWS\system32\kxdhu1.dll
deleting: C:\WINDOWS\system32\l86o0ij3e8o.dll
Successfully Deleted: C:\WINDOWS\system32\l86o0ij3e8o.dll
deleting: C:\WINDOWS\system32\li_messagetext.dll
Successfully Deleted: C:\WINDOWS\system32\li_messagetext.dll
deleting: C:\WINDOWS\system32\lp_meta.dll
Successfully Deleted: C:\WINDOWS\system32\lp_meta.dll
deleting: C:\WINDOWS\system32\lw_meta.dll
Successfully Deleted: C:\WINDOWS\system32\lw_meta.dll
deleting: C:\WINDOWS\system32\lycalsec.dll
Successfully Deleted: C:\WINDOWS\system32\lycalsec.dll
deleting: C:\WINDOWS\system32\m6280gfue6280.dll
Successfully Deleted: C:\WINDOWS\system32\m6280gfue6280.dll
deleting: C:\WINDOWS\system32\macoree.dll
Successfully Deleted: C:\WINDOWS\system32\macoree.dll
deleting: C:\WINDOWS\system32\mar2cenu.dll
Successfully Deleted: C:\WINDOWS\system32\mar2cenu.dll
deleting: C:\WINDOWS\system32\masystem.dll
Successfully Deleted: C:\WINDOWS\system32\masystem.dll
deleting: C:\WINDOWS\system32\mdapsspc.dll
Successfully Deleted: C:\WINDOWS\system32\mdapsspc.dll
deleting: C:\WINDOWS\system32\mdxml.dll
Successfully Deleted: C:\WINDOWS\system32\mdxml.dll
deleting: C:\WINDOWS\system32\mebsync.dll
Successfully Deleted: C:\WINDOWS\system32\mebsync.dll
deleting: C:\WINDOWS\system32\mgcomput.dll
Successfully Deleted: C:\WINDOWS\system32\mgcomput.dll
deleting: C:\WINDOWS\system32\mgi.dll
Successfully Deleted: C:\WINDOWS\system32\mgi.dll
deleting: C:\WINDOWS\system32\mgvcrt.dll
Successfully Deleted: C:\WINDOWS\system32\mgvcrt.dll
deleting: C:\WINDOWS\system32\mhang.dll
Successfully Deleted: C:\WINDOWS\system32\mhang.dll
deleting: C:\WINDOWS\system32\mhawt.dll
Successfully Deleted: C:\WINDOWS\system32\mhawt.dll
deleting: C:\WINDOWS\system32\mhc40u.dll
Successfully Deleted: C:\WINDOWS\system32\mhc40u.dll
deleting: C:\WINDOWS\system32\mhl_mtf.dll
Successfully Deleted: C:\WINDOWS\system32\mhl_mtf.dll
deleting: C:\WINDOWS\system32\mhpmspsv.dll
Successfully Deleted: C:\WINDOWS\system32\mhpmspsv.dll
deleting: C:\WINDOWS\system32\Mhvcrt10.dll
Successfully Deleted: C:\WINDOWS\system32\Mhvcrt10.dll
deleting: C:\WINDOWS\system32\mic42loc.dll
Successfully Deleted: C:\WINDOWS\system32\mic42loc.dll
deleting: C:\WINDOWS\system32\mjoa.dll
Successfully Deleted: C:\WINDOWS\system32\mjoa.dll
deleting: C:\WINDOWS\system32\mjvfw32.dll
Successfully Deleted: C:\WINDOWS\system32\mjvfw32.dll
deleting: C:\WINDOWS\system32\mmqm.dll
Successfully Deleted: C:\WINDOWS\system32\mmqm.dll
deleting: C:\WINDOWS\system32\mmrt.dll
Successfully Deleted: C:\WINDOWS\system32\mmrt.dll
deleting: C:\WINDOWS\system32\mmxbde40.dll
Successfully Deleted: C:\WINDOWS\system32\mmxbde40.dll
deleting: C:\WINDOWS\system32\moiole32.dll
Successfully Deleted: C:\WINDOWS\system32\moiole32.dll
deleting: C:\WINDOWS\system32\mpise.dll
Successfully Deleted: C:\WINDOWS\system32\mpise.dll
deleting: C:\WINDOWS\system32\mpvcp50.dll
Successfully Deleted: C:\WINDOWS\system32\mpvcp50.dll
deleting: C:\WINDOWS\system32\mQpi32.dll
Successfully Deleted: C:\WINDOWS\system32\mQpi32.dll
deleting: C:\WINDOWS\system32\msrmsg.dll
Successfully Deleted: C:\WINDOWS\system32\msrmsg.dll
deleting: C:\WINDOWS\system32\mvl_hp.dll
Successfully Deleted: C:\WINDOWS\system32\mvl_hp.dll
deleting: C:\WINDOWS\system32\mvrt.dll
Successfully Deleted: C:\WINDOWS\system32\mvrt.dll
deleting: C:\WINDOWS\system32\mvtvgs.dll
Successfully Deleted: C:\WINDOWS\system32\mvtvgs.dll
deleting: C:\WINDOWS\system32\mwdtcuiu.dll
Successfully Deleted: C:\WINDOWS\system32\mwdtcuiu.dll
deleting: C:\WINDOWS\system32\mxrui.dll
Successfully Deleted: C:\WINDOWS\system32\mxrui.dll
deleting: C:\WINDOWS\system32\n6p40g7qe6.dll
Successfully Deleted: C:\WINDOWS\system32\n6p40g7qe6.dll
deleting: C:\WINDOWS\system32\natlogon.dll
Successfully Deleted: C:\WINDOWS\system32\natlogon.dll
deleting: C:\WINDOWS\system32\nerspt.dll
Successfully Deleted: C:\WINDOWS\system32\nerspt.dll
deleting: C:\WINDOWS\system32\newks.dll
Successfully Deleted: C:\WINDOWS\system32\newks.dll
deleting: C:\WINDOWS\system32\newrsnl.dll
Successfully Deleted: C:\WINDOWS\system32\newrsnl.dll
deleting: C:\WINDOWS\system32\nfwrszht.dll
Successfully Deleted: C:\WINDOWS\system32\nfwrszht.dll
deleting: C:\WINDOWS\system32\nkmkcert.dll
Successfully Deleted: C:\WINDOWS\system32\nkmkcert.dll
deleting: C:\WINDOWS\system32\nqrszhc.dll
Successfully Deleted: C:\WINDOWS\system32\nqrszhc.dll
deleting: C:\WINDOWS\system32\nutman.dll
Successfully Deleted: C:\WINDOWS\system32\nutman.dll
deleting: C:\WINDOWS\system32\nvtman.dll
Successfully Deleted: C:\WINDOWS\system32\nvtman.dll
deleting: C:\WINDOWS\system32\oijsel.dll
Successfully Deleted: C:\WINDOWS\system32\oijsel.dll
deleting: C:\WINDOWS\system32\osecli.dll
Successfully Deleted: C:\WINDOWS\system32\osecli.dll
deleting: C:\WINDOWS\system32\ottext32.dll
Successfully Deleted: C:\WINDOWS\system32\ottext32.dll
deleting: C:\WINDOWS\system32\PABDLG.DLL
Successfully Deleted: C:\WINDOWS\system32\PABDLG.DLL
deleting: C:\WINDOWS\system32\pacAdimg.dll
Successfully Deleted: C:\WINDOWS\system32\pacAdimg.dll
deleting: C:\WINDOWS\system32\pfbase.dll
Successfully Deleted: C:\WINDOWS\system32\pfbase.dll
deleting: C:\WINDOWS\system32\pfpusb.dll
Successfully Deleted: C:\WINDOWS\system32\pfpusb.dll
deleting: C:\WINDOWS\system32\pipusd.dll
Successfully Deleted: C:\WINDOWS\system32\pipusd.dll
deleting: C:\WINDOWS\system32\pycDvlp.dll
Successfully Deleted: C:\WINDOWS\system32\pycDvlp.dll
deleting: C:\WINDOWS\system32\Pyeng50.dll
Successfully Deleted: C:\WINDOWS\system32\Pyeng50.dll
deleting: C:\WINDOWS\system32\qidit.dll
Successfully Deleted: C:\WINDOWS\system32\qidit.dll
deleting: C:\WINDOWS\system32\qkdit.dll
Successfully Deleted: C:\WINDOWS\system32\qkdit.dll
deleting: C:\WINDOWS\system32\r66ulgj916o.dll
Successfully Deleted: C:\WINDOWS\system32\r66ulgj916o.dll
deleting: C:\WINDOWS\system32\rar20.dll
Successfully Deleted: C:\WINDOWS\system32\rar20.dll
deleting: C:\WINDOWS\system32\RB3228_8.dll
Successfully Deleted: C:\WINDOWS\system32\RB3228_8.dll
deleting: C:\WINDOWS\system32\rmgapi.dll
Successfully Deleted: C:\WINDOWS\system32\rmgapi.dll
deleting: C:\WINDOWS\system32\rxutetab.dll
Successfully Deleted: C:\WINDOWS\system32\rxutetab.dll
deleting: C:\WINDOWS\system32\SCWValid.dll
Successfully Deleted: C:\WINDOWS\system32\SCWValid.dll
deleting: C:\WINDOWS\system32\sdrmdll.dll
Successfully Deleted: C:\WINDOWS\system32\sdrmdll.dll
deleting: C:\WINDOWS\system32\senike.dll
Successfully Deleted: C:\WINDOWS\system32\senike.dll
deleting: C:\WINDOWS\system32\sireamci.dll
Successfully Deleted: C:\WINDOWS\system32\sireamci.dll
deleting: C:\WINDOWS\system32\sjssetup.dll
Successfully Deleted: C:\WINDOWS\system32\sjssetup.dll
deleting: C:\WINDOWS\system32\spardssp.dll
Successfully Deleted: C:\WINDOWS\system32\spardssp.dll
deleting: C:\WINDOWS\system32\SuerraNW.DLL
Successfully Deleted: C:\WINDOWS\system32\SuerraNW.DLL
deleting: C:\WINDOWS\system32\tcolhelp.dll
Successfully Deleted: C:\WINDOWS\system32\tcolhelp.dll
deleting: C:\WINDOWS\system32\tfpmon.dll
Successfully Deleted: C:\WINDOWS\system32\tfpmon.dll
deleting: C:\WINDOWS\system32\tNpi32.dll
Successfully Deleted: C:\WINDOWS\system32\tNpi32.dll
deleting: C:\WINDOWS\system32\udrdpa.dll
Successfully Deleted: C:\WINDOWS\system32\udrdpa.dll
deleting: C:\WINDOWS\system32\UJZIP32.DLL
Successfully Deleted: C:\WINDOWS\system32\UJZIP32.DLL
deleting: C:\WINDOWS\system32\uqnp.dll
Successfully Deleted: C:\WINDOWS\system32\uqnp.dll
deleting: C:\WINDOWS\system32\uudmxfrm.dll
Successfully Deleted: C:\WINDOWS\system32\uudmxfrm.dll
deleting: C:\WINDOWS\system32\vcfilter.dll
Successfully Deleted: C:\WINDOWS\system32\vcfilter.dll
deleting: C:\WINDOWS\system32\vdhelper.dll
Successfully Deleted: C:\WINDOWS\system32\vdhelper.dll
deleting: C:\WINDOWS\system32\vn4fr32.dll
Successfully Deleted: C:\WINDOWS\system32\vn4fr32.dll
deleting: C:\WINDOWS\system32\VN6STKIT.DLL
Successfully Deleted: C:\WINDOWS\system32\VN6STKIT.DLL
deleting: C:\WINDOWS\system32\vuwwdm32.dll
Successfully Deleted: C:\WINDOWS\system32\vuwwdm32.dll
deleting: C:\WINDOWS\system32\wfnvocon.dll
Successfully Deleted: C:\WINDOWS\system32\wfnvocon.dll
deleting: C:\WINDOWS\system32\wgssvc.dll
Successfully Deleted: C:\WINDOWS\system32\wgssvc.dll
deleting: C:\WINDOWS\system32\wjvcore.dll
Successfully Deleted: C:\WINDOWS\system32\wjvcore.dll
deleting: C:\WINDOWS\system32\wlcsapi.dll
Successfully Deleted: C:\WINDOWS\system32\wlcsapi.dll
deleting: C:\WINDOWS\system32\wmninet.dll
Successfully Deleted: C:\WINDOWS\system32\wmninet.dll
deleting: C:\WINDOWS\system32\wnaservc.dll
Successfully Deleted: C:\WINDOWS\system32\wnaservc.dll
deleting: C:\WINDOWS\system32\wtsdmoe.dll
Successfully Deleted: C:\WINDOWS\system32\wtsdmoe.dll
deleting: C:\WINDOWS\system32\wwdap32.dll
Successfully Deleted: C:\WINDOWS\system32\wwdap32.dll
deleting: C:\WINDOWS\system32\wyi.dll
Successfully Deleted: C:\WINDOWS\system32\wyi.dll
deleting: C:\WINDOWS\system32\wypdinfo.dll
Successfully Deleted: C:\WINDOWS\system32\wypdinfo.dll

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: adicap.dll (188 bytes security) (deflated 4%)
adding: agvpack.dll (188 bytes security) (deflated 4%)
adding: ahmparse.dll (188 bytes security) (deflated 4%)
adding: ail.dll (188 bytes security) (deflated 4%)
adding: atsldpc.dll (188 bytes security) (deflated 5%)
adding: awrsvc.dll (188 bytes security) (deflated 4%)
adding: bjdispl.dll (188 bytes security) (deflated 3%)
adding: boowser.dll (188 bytes security) (deflated 4%)
adding: bVtt.dll (188 bytes security) (deflated 5%)
adding: cDrds.dll (188 bytes security) (deflated 4%)
adding: cgbcatex.dll (188 bytes security) (deflated 3%)
adding: cImocx.dll (188 bytes security) (deflated 4%)
adding: ckyptnet.dll (188 bytes security) (deflated 4%)
adding: cnmpatUI.dll (188 bytes security) (deflated 5%)
adding: csmuid.dll (188 bytes security) (deflated 4%)
adding: ctc.dll (188 bytes security) (deflated 4%)
adding: damap.dll (188 bytes security) (deflated 4%)
adding: dfmsrpcn.dll (188 bytes security) (deflated 4%)
adding: dftmsft.dll (188 bytes security) (deflated 4%)
adding: dggest.dll (188 bytes security) (deflated 4%)
adding: dgmrtp.dll (188 bytes security) (deflated 5%)
adding: dhImg010.dll (188 bytes security) (deflated 4%)
adding: dhmsadsn.dll (188 bytes security) (deflated 4%)
adding: DK240.dll (188 bytes security) (deflated 4%)
adding: dkvacm.dll (188 bytes security) (deflated 5%)
adding: dlserial.dll (188 bytes security) (deflated 4%)
adding: dmmsadsn.dll (188 bytes security) (deflated 4%)
adding: dn8201loe.dll (188 bytes security) (deflated 4%)
adding: dnmrtp.dll (188 bytes security) (deflated 5%)
adding: dp32gt.dll (188 bytes security) (deflated 4%)
adding: dtmsadsn.dll (188 bytes security) (deflated 4%)
adding: durgui.dll (188 bytes security) (deflated 4%)
adding: EBBAPI.dll (188 bytes security) (deflated 4%)
adding: ESIFLN62.DLL (188 bytes security) (deflated 4%)
adding: etpsrv.dll (188 bytes security) (deflated 5%)
adding: EXIFLN61.DLL (188 bytes security) (deflated 4%)
adding: fdntsub.dll (188 bytes security) (deflated 4%)
adding: fp4q03h5e.dll (188 bytes security) (deflated 3%)
adding: fuifs.dll (188 bytes security) (deflated 4%)
adding: gp40l3hm1.dll (188 bytes security) (deflated 4%)
adding: hqui.dll (188 bytes security) (deflated 5%)
adding: hr8m05l1e.dll (188 bytes security) (deflated 4%)
adding: i606lgds1606.dll (188 bytes security) (deflated 4%)
adding: iC06lgds1606.dll (188 bytes security) (deflated 4%)
adding: iCssam.dll (188 bytes security) (deflated 4%)
adding: ijetppui.dll (188 bytes security) (deflated 3%)
adding: imetcplc.dll (188 bytes security) (deflated 4%)
adding: is41_qc.dll (188 bytes security) (deflated 5%)
adding: iwcvid.dll (188 bytes security) (deflated 3%)
adding: j22qlcf51f2.dll (188 bytes security) (deflated 4%)
adding: JAAD500.DLL (188 bytes security) (deflated 4%)
adding: JAIT500.DLL (188 bytes security) (deflated 3%)
adding: JLAR500.DLL (188 bytes security) (deflated 4%)
adding: jt4q07h5e.dll (188 bytes security) (deflated 5%)
adding: jtju0719e.dll (188 bytes security) (deflated 4%)
adding: jvmd400.dll (188 bytes security) (deflated 4%)
adding: JZN1500.DLL (188 bytes security) (deflated 3%)
adding: k0260afsed260.dll (188 bytes security) (deflated 4%)
adding: k4no0e53eh.dll (188 bytes security) (deflated 5%)
adding: kddhela2.dll (188 bytes security) (deflated 4%)
adding: kh1394.dll (188 bytes security) (deflated 5%)
adding: khdest.dll (188 bytes security) (deflated 4%)
adding: kidhu1.dll (188 bytes security) (deflated 4%)
adding: kjdhela2.dll (188 bytes security) (deflated 4%)
adding: kodgkl.dll (188 bytes security) (deflated 5%)
adding: kpdhu.dll (188 bytes security) (deflated 4%)
adding: kqdest.dll (188 bytes security) (deflated 4%)
adding: kqdfr.dll (188 bytes security) (deflated 3%)
adding: ksrberos.dll (188 bytes security) (deflated 5%)
adding: kudcr.dll (188 bytes security) (deflated 3%)
adding: kvdne.dll (188 bytes security) (deflated 5%)
adding: kvdro.dll (188 bytes security) (deflated 4%)
adding: kxdaze.dll (188 bytes security) (deflated 4%)
adding: kxdhu1.dll (188 bytes security) (deflated 4%)
adding: l86o0ij3e8o.dll (188 bytes security) (deflated 3%)
adding: li_messagetext.dll (188 bytes security) (deflated 3%)
adding: lp_meta.dll (188 bytes security) (deflated 5%)
adding: lw_meta.dll (188 bytes security) (deflated 3%)
adding: lycalsec.dll (188 bytes security) (deflated 5%)
adding: m6280gfue6280.dll (188 bytes security) (deflated 4%)
adding: macoree.dll (188 bytes security) (deflated 4%)
adding: mar2cenu.dll (188 bytes security) (deflated 5%)
adding: masystem.dll (188 bytes security) (deflated 4%)
adding: mdapsspc.dll (188 bytes security) (deflated 4%)
adding: mdxml.dll (188 bytes security) (deflated 5%)
adding: mebsync.dll (188 bytes security) (deflated 5%)
adding: mgcomput.dll (188 bytes security) (deflated 3%)
adding: mgi.dll (188 bytes security) (deflated 4%)
adding: mgvcrt.dll (188 bytes security) (deflated 4%)
adding: mhang.dll (188 bytes security) (deflated 4%)
adding: mhawt.dll (188 bytes security) (deflated 4%)
adding: mhc40u.dll (188 bytes security) (deflated 4%)
adding: mhl_mtf.dll (188 bytes security) (deflated 4%)
adding: mhpmspsv.dll (188 bytes security) (deflated 4%)
adding: Mhvcrt10.dll (188 bytes security) (deflated 5%)
adding: mic42loc.dll (188 bytes security) (deflated 4%)
adding: mjoa.dll (188 bytes security) (deflated 5%)
adding: mjvfw32.dll (188 bytes security) (deflated 4%)
adding: mmqm.dll (188 bytes security) (deflated 4%)
adding: mmrt.dll (188 bytes security) (deflated 4%)
adding: mmxbde40.dll (188 bytes security) (deflated 3%)
adding: moiole32.dll (188 bytes security) (deflated 4%)
adding: mpise.dll (188 bytes security) (deflated 5%)
adding: mpvcp50.dll (188 bytes security) (deflated 4%)
adding: mQpi32.dll (188 bytes security) (deflated 4%)
adding: msrmsg.dll (188 bytes security) (deflated 4%)
adding: mvl_hp.dll (188 bytes security) (deflated 4%)
adding: mvrt.dll (188 bytes security) (deflated 4%)
adding: mvtvgs.dll (188 bytes security) (deflated 4%)
adding: mwdtcuiu.dll (188 bytes security) (deflated 4%)
adding: mxrui.dll (188 bytes security) (deflated 4%)
adding: n6p40g7qe6.dll (188 bytes security) (deflated 4%)
adding: natlogon.dll (188 bytes security) (deflated 4%)
adding: nerspt.dll (188 bytes security) (deflated 4%)
adding: newks.dll (188 bytes security) (deflated 4%)
adding: newrsnl.dll (188 bytes security) (deflated 4%)
adding: nfwrszht.dll (188 bytes security) (deflated 3%)
adding: nkmkcert.dll (188 bytes security) (deflated 5%)
adding: nqrszhc.dll (188 bytes security) (deflated 5%)
adding: nutman.dll (188 bytes security) (deflated 3%)
adding: nvtman.dll (188 bytes security) (deflated 4%)
adding: oijsel.dll (188 bytes security) (deflated 4%)
adding: osecli.dll (188 bytes security) (deflated 4%)
adding: ottext32.dll (188 bytes security) (deflated 4%)
adding: PABDLG.DLL (188 bytes security) (deflated 4%)
adding: pacAdimg.dll (188 bytes security) (deflated 4%)
adding: pfbase.dll (188 bytes security) (deflated 5%)
adding: pfpusb.dll (188 bytes security) (deflated 4%)
adding: pipusd.dll (188 bytes security) (deflated 4%)
adding: pycDvlp.dll (188 bytes security) (deflated 4%)
adding: Pyeng50.dll (188 bytes security) (deflated 4%)
adding: qidit.dll (188 bytes security) (deflated 5%)
adding: qkdit.dll (188 bytes security) (deflated 4%)
adding: r66ulgj916o.dll (188 bytes security) (deflated 4%)
adding: rar20.dll (188 bytes security) (deflated 5%)
adding: RB3228_8.dll (188 bytes security) (deflated 5%)
adding: rmgapi.dll (188 bytes security) (deflated 4%)
adding: rxutetab.dll (188 bytes security) (deflated 5%)
adding: SCWValid.dll (188 bytes security) (deflated 4%)
adding: sdrmdll.dll (188 bytes security) (deflated 4%)
adding: senike.dll (188 bytes security) (deflated 4%)
adding: sireamci.dll (188 bytes security) (deflated 4%)
adding: sjssetup.dll (188 bytes security) (deflated 3%)
adding: spardssp.dll (188 bytes security) (deflated 4%)
adding: SuerraNW.DLL (188 bytes security) (deflated 4%)
adding: tcolhelp.dll (188 bytes security) (deflated 4%)
adding: tfpmon.dll (188 bytes security) (deflated 4%)
adding: tNpi32.dll (188 bytes security) (deflated 4%)
adding: udrdpa.dll (188 bytes security) (deflated 5%)
adding: UJZIP32.DLL (188 bytes security) (deflated 4%)
adding: uqnp.dll (188 bytes security) (deflated 4%)
adding: uudmxfrm.dll (188 bytes security) (deflated 4%)
adding: vcfilter.dll (188 bytes security) (deflated 5%)
adding: vdhelper.dll (188 bytes security) (deflated 5%)
adding: vn4fr32.dll (188 bytes security) (deflated 4%)
adding: VN6STKIT.DLL (188 bytes security) (deflated 4%)
adding: vuwwdm32.dll (188 bytes security) (deflated 4%)
adding: wfnvocon.dll (188 bytes security) (deflated 5%)
adding: wgssvc.dll (188 bytes security) (deflated 4%)
adding: wjvcore.dll (188 bytes security) (deflated 4%)
adding: wlcsapi.dll (188 bytes security) (deflated 4%)
adding: wmninet.dll (188 bytes security) (deflated 4%)
adding: wnaservc.dll (188 bytes security) (deflated 4%)
adding: wtsdmoe.dll (188 bytes security) (deflated 4%)
adding: wwdap32.dll (188 bytes security) (deflated 4%)
adding: wyi.dll (188 bytes security) (deflated 4%)
adding: wypdinfo.dll (188 bytes security) (deflated 4%)
adding: np.tmp (188 bytes security) (stored 0%)
adding: clear.reg (188 bytes security) (deflated 36%)
adding: desktop.ini (188 bytes security) (deflated 15%)
adding: BDELog.txt (188 bytes security) (deflated 8%)
adding: lo2.txt (188 bytes security) (deflated 91%)
adding: test.txt (188 bytes security) (deflated 86%)
adding: test2.txt (188 bytes security) (deflated 16%)
adding: test3.txt (188 bytes security) (deflated 16%)
adding: test5.txt (188 bytes security) (deflated 16%)
adding: wonderlog.txt (188 bytes security) (deflated 96%)
adding: xfind.txt (188 bytes security) (deflated 82%)
adding: xscan.txt (188 bytes security) (deflated 93%)

Restoring Registry Permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!

Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

Restoring Windows Update Certificates.:

deleting local copy: adicap.dll
deleting local copy: agvpack.dll
deleting local copy: ahmparse.dll
deleting local copy: ail.dll
deleting local copy: atsldpc.dll
deleting local copy: awrsvc.dll
deleting local copy: bjdispl.dll
deleting local copy: boowser.dll
deleting local copy: bVtt.dll
deleting local copy: cDrds.dll
deleting local copy: cgbcatex.dll
deleting local copy: cImocx.dll
deleting local copy: ckyptnet.dll
deleting local copy: cnmpatUI.dll
deleting local copy: csmuid.dll
deleting local copy: ctc.dll
deleting local copy: damap.dll
deleting local copy: dfmsrpcn.dll
deleting local copy: dftmsft.dll
deleting local copy: dggest.dll
deleting local copy: dgmrtp.dll
deleting local copy: dhImg010.dll
deleting local copy: dhmsadsn.dll
deleting local copy: DK240.dll
deleting local copy: dkvacm.dll
deleting local copy: dlserial.dll
deleting local copy: dmmsadsn.dll
deleting local copy: dn8201loe.dll
deleting local copy: dnmrtp.dll
deleting local copy: dp32gt.dll
deleting local copy: dtmsadsn.dll
deleting local copy: durgui.dll
deleting local copy: EBBAPI.dll
deleting local copy: ESIFLN62.DLL
deleting local copy: etpsrv.dll
deleting local copy: EXIFLN61.DLL
deleting local copy: fdntsub.dll
deleting local copy: fp4q03h5e.dll
deleting local copy: fuifs.dll
deleting local copy: gp40l3hm1.dll
deleting local copy: hqui.dll
deleting local copy: hr8m05l1e.dll
deleting local copy: i606lgds1606.dll
deleting local copy: iC06lgds1606.dll
deleting local copy: iCssam.dll
deleting local copy: ijetppui.dll
deleting local copy: imetcplc.dll
deleting local copy: is41_qc.dll
deleting local copy: iwcvid.dll
deleting local copy: j22qlcf51f2.dll
deleting local copy: JAAD500.DLL
deleting local copy: JAIT500.DLL
deleting local copy: JLAR500.DLL
deleting local copy: jt4q07h5e.dll
deleting local copy: jtju0719e.dll
deleting local copy: jvmd400.dll
deleting local copy: JZN1500.DLL
deleting local copy: k0260afsed260.dll
deleting local copy: k4no0e53eh.dll
deleting local copy: kddhela2.dll
deleting local copy: kh1394.dll
deleting local copy: khdest.dll
deleting local copy: kidhu1.dll
deleting local copy: kjdhela2.dll
deleting local copy: kodgkl.dll
deleting local copy: kpdhu.dll
deleting local copy: kqdest.dll
deleting local copy: kqdfr.dll
deleting local copy: ksrberos.dll
deleting local copy: kudcr.dll
deleting local copy: kvdne.dll
deleting local copy: kvdro.dll
deleting local copy: kxdaze.dll
deleting local copy: kxdhu1.dll
deleting local copy: l86o0ij3e8o.dll
deleting local copy: li_messagetext.dll
deleting local copy: lp_meta.dll
deleting local copy: lw_meta.dll
deleting local copy: lycalsec.dll
deleting local copy: m6280gfue6280.dll
deleting local copy: macoree.dll
deleting local copy: mar2cenu.dll
deleting local copy: masystem.dll
deleting local copy: mdapsspc.dll
deleting local copy: mdxml.dll
deleting local copy: mebsync.dll
deleting local copy: mgcomput.dll
deleting local copy: mgi.dll
deleting local copy: mgvcrt.dll
deleting local copy: mhang.dll
deleting local copy: mhawt.dll
deleting local copy: mhc40u.dll
deleting local copy: mhl_mtf.dll
deleting local copy: mhpmspsv.dll
deleting local copy: Mhvcrt10.dll
deleting local copy: mic42loc.dll
deleting local copy: mjoa.dll
deleting local copy: mjvfw32.dll
deleting local copy: mmqm.dll
deleting local copy: mmrt.dll
deleting local copy: mmxbde40.dll
deleting local copy: moiole32.dll
deleting local copy: mpise.dll
deleting local copy: mpvcp50.dll
deleting local copy: mQpi32.dll
deleting local copy: msrmsg.dll
deleting local copy: mvl_hp.dll
deleting local copy: mvrt.dll
deleting local copy: mvtvgs.dll
deleting local copy: mwdtcuiu.dll
deleting local copy: mxrui.dll
deleting local copy: n6p40g7qe6.dll
deleting local copy: natlogon.dll
deleting local copy: nerspt.dll
deleting local copy: newks.dll
deleting local copy: newrsnl.dll
deleting local copy: nfwrszht.dll
deleting local copy: nkmkcert.dll
deleting local copy: nqrszhc.dll
deleting local copy: nutman.dll
deleting local copy: nvtman.dll
deleting local copy: oijsel.dll
deleting local copy: osecli.dll
deleting local copy: ottext32.dll
deleting local copy: PABDLG.DLL
deleting local copy: pacAdimg.dll
deleting local copy: pfbase.dll
deleting local copy: pfpusb.dll
deleting local copy: pipusd.dll
deleting local copy: pycDvlp.dll
deleting local copy: Pyeng50.dll
deleting local copy: qidit.dll
deleting local copy: qkdit.dll
deleting local copy: r66ulgj916o.dll
deleting local copy: rar20.dll
deleting local copy: RB3228_8.dll
deleting local copy: rmgapi.dll
deleting local copy: rxutetab.dll
deleting local copy: SCWValid.dll
deleting local copy: sdrmdll.dll
deleting local copy: senike.dll
deleting local copy: sireamci.dll
deleting local copy: sjssetup.dll
deleting local copy: spardssp.dll
deleting local copy: SuerraNW.DLL
deleting local copy: tcolhelp.dll
deleting local copy: tfpmon.dll
deleting local copy: tNpi32.dll
deleting local copy: udrdpa.dll
deleting local copy: UJZIP32.DLL
deleting local copy: uqnp.dll
deleting local copy: uudmxfrm.dll
deleting local copy: vcfilter.dll
deleting local copy: vdhelper.dll
deleting local copy: vn4fr32.dll
deleting local copy: VN6STKIT.DLL
deleting local copy: vuwwdm32.dll
deleting local copy: wfnvocon.dll
deleting local copy: wgssvc.dll
deleting local copy: wjvcore.dll
deleting local copy: wlcsapi.dll
deleting local copy: wmninet.dll
deleting local copy: wnaservc.dll
deleting local copy: wtsdmoe.dll
deleting local copy: wwdap32.dll
deleting local copy: wyi.dll
deleting local copy: wypdinfo.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\adicap.dll
C:\WINDOWS\system32\agvpack.dll
C:\WINDOWS\system32\ahmparse.dll
C:\WINDOWS\system32\ail.dll
C:\WINDOWS\system32\atsldpc.dll
C:\WINDOWS\system32\awrsvc.dll
C:\WINDOWS\system32\bjdispl.dll
C:\WINDOWS\system32\boowser.dll
C:\WINDOWS\system32\bVtt.dll
C:\WINDOWS\system32\cDrds.dll
C:\WINDOWS\system32\cgbcatex.dll
C:\WINDOWS\system32\cImocx.dll
C:\WINDOWS\system32\ckyptnet.dll
C:\WINDOWS\system32\cnmpatUI.dll
C:\WINDOWS\system32\csmuid.dll
C:\WINDOWS\system32\ctc.dll
C:\WINDOWS\system32\damap.dll
C:\WINDOWS\system32\dfmsrpcn.dll
C:\WINDOWS\system32\dftmsft.dll
C:\WINDOWS\system32\dggest.dll
C:\WINDOWS\system32\dgmrtp.dll
C:\WINDOWS\system32\dhImg010.dll
C:\WINDOWS\system32\dhmsadsn.dll
C:\WINDOWS\system32\DK240.dll
C:\WINDOWS\system32\dkvacm.dll
C:\WINDOWS\system32\dlserial.dll
C:\WINDOWS\system32\dmmsadsn.dll
C:\WINDOWS\system32\dn8201loe.dll
C:\WINDOWS\system32\dnmrtp.dll
C:\WINDOWS\system32\dp32gt.dll
C:\WINDOWS\system32\dtmsadsn.dll
C:\WINDOWS\system32\durgui.dll
C:\WINDOWS\system32\EBBAPI.dll
C:\WINDOWS\system32\ESIFLN62.DLL
C:\WINDOWS\system32\etpsrv.dll
C:\WINDOWS\system32\EXIFLN61.DLL
C:\WINDOWS\system32\fdntsub.dll
C:\WINDOWS\system32\fp4q03h5e.dll
C:\WINDOWS\system32\fuifs.dll
C:\WINDOWS\system32\gp40l3hm1.dll
C:\WINDOWS\system32\hqui.dll
C:\WINDOWS\system32\hr8m05l1e.dll
C:\WINDOWS\system32\i606lgds1606.dll
C:\WINDOWS\system32\iC06lgds1606.dll
C:\WINDOWS\system32\iCssam.dll
C:\WINDOWS\system32\ijetppui.dll
C:\WINDOWS\system32\imetcplc.dll
C:\WINDOWS\system32\is41_qc.dll
C:\WINDOWS\system32\iwcvid.dll
C:\WINDOWS\system32\j22qlcf51f2.dll
C:\WINDOWS\system32\JAAD500.DLL
C:\WINDOWS\system32\JAIT500.DLL
C:\WINDOWS\system32\JLAR500.DLL
C:\WINDOWS\system32\jt4q07h5e.dll
C:\WINDOWS\system32\jtju0719e.dll
C:\WINDOWS\system32\jvmd400.dll
C:\WINDOWS\system32\JZN1500.DLL
C:\WINDOWS\system32\k0260afsed260.dll
C:\WINDOWS\system32\k4no0e53eh.dll
C:\WINDOWS\system32\kddhela2.dll
C:\WINDOWS\system32\kh1394.dll
C:\WINDOWS\system32\khdest.dll
C:\WINDOWS\system32\kidhu1.dll
C:\WINDOWS\system32\kjdhela2.dll
C:\WINDOWS\system32\kodgkl.dll
C:\WINDOWS\system32\kpdhu.dll
C:\WINDOWS\system32\kqdest.dll
C:\WINDOWS\system32\kqdfr.dll
C:\WINDOWS\system32\ksrberos.dll
C:\WINDOWS\system32\kudcr.dll
C:\WINDOWS\system32\kvdne.dll
C:\WINDOWS\system32\kvdro.dll
C:\WINDOWS\system32\kxdaze.dll
C:\WINDOWS\system32\kxdhu1.dll
C:\WINDOWS\system32\l86o0ij3e8o.dll
C:\WINDOWS\system32\li_messagetext.dll
C:\WINDOWS\system32\lp_meta.dll
C:\WINDOWS\system32\lw_meta.dll
C:\WINDOWS\system32\lycalsec.dll
C:\WINDOWS\system32\m6280gfue6280.dll
C:\WINDOWS\system32\macoree.dll
C:\WINDOWS\system32\mar2cenu.dll
C:\WINDOWS\system32\masystem.dll
C:\WINDOWS\system32\mdapsspc.dll
C:\WINDOWS\system32\mdxml.dll
C:\WINDOWS\system32\mebsync.dll
C:\WINDOWS\system32\mgcomput.dll
C:\WINDOWS\system32\mgi.dll
C:\WINDOWS\system32\mgvcrt.dll
C:\WINDOWS\system32\mhang.dll
C:\WINDOWS\system32\mhawt.dll
C:\WINDOWS\system32\mhc40u.dll
C:\WINDOWS\system32\mhl_mtf.dll
C:\WINDOWS\system32\mhpmspsv.dll
C:\WINDOWS\system32\Mhvcrt10.dll
C:\WINDOWS\system32\mic42loc.dll
C:\WINDOWS\system32\mjoa.dll
C:\WINDOWS\system32\mjvfw32.dll
C:\WINDOWS\system32\mmqm.dll
C:\WINDOWS\system32\mmrt.dll
C:\WINDOWS\system32\mmxbde40.dll
C:\WINDOWS\system32\moiole32.dll
C:\WINDOWS\system32\mpise.dll
C:\WINDOWS\system32\mpvcp50.dll
C:\WINDOWS\system32\mQpi32.dll
C:\WINDOWS\system32\msrmsg.dll
C:\WINDOWS\system32\mvl_hp.dll
C:\WINDOWS\system32\mvrt.dll
C:\WINDOWS\system32\mvtvgs.dll
C:\WINDOWS\system32\mwdtcuiu.dll
C:\WINDOWS\system32\mxrui.dll
C:\WINDOWS\system32\n6p40g7qe6.dll
C:\WINDOWS\system32\natlogon.dll
C:\WINDOWS\system32\nerspt.dll
C:\WINDOWS\system32\newks.dll
C:\WINDOWS\system32\newrsnl.dll
C:\WINDOWS\system32\nfwrszht.dll
C:\WINDOWS\system32\nkmkcert.dll
C:\WINDOWS\system32\nqrszhc.dll
C:\WINDOWS\system32\nutman.dll
C:\WINDOWS\system32\nvtman.dll
C:\WINDOWS\system32\oijsel.dll
C:\WINDOWS\system32\osecli.dll
C:\WINDOWS\system32\ottext32.dll
C:\WINDOWS\system32\PABDLG.DLL
C:\WINDOWS\system32\pacAdimg.dll
C:\WINDOWS\system32\pfbase.dll
C:\WINDOWS\system32\pfpusb.dll
C:\WINDOWS\system32\pipusd.dll
C:\WINDOWS\system32\pycDvlp.dll
C:\WINDOWS\system32\Pyeng50.dll
C:\WINDOWS\system32\qidit.dll
C:\WINDOWS\system32\qkdit.dll
C:\WINDOWS\system32\r66ulgj916o.dll
C:\WINDOWS\system32\rar20.dll
C:\WINDOWS\system32\RB3228_8.dll
C:\WINDOWS\system32\rmgapi.dll
C:\WINDOWS\system32\rxutetab.dll
C:\WINDOWS\system32\SCWValid.dll
C:\WINDOWS\system32\sdrmdll.dll
C:\WINDOWS\system32\senike.dll
C:\WINDOWS\system32\sireamci.dll
C:\WINDOWS\system32\sjssetup.dll
C:\WINDOWS\system32\spardssp.dll
C:\WINDOWS\system32\SuerraNW.DLL
C:\WINDOWS\system32\tcolhelp.dll
C:\WINDOWS\system32\tfpmon.dll
C:\WINDOWS\system32\tNpi32.dll
C:\WINDOWS\system32\udrdpa.dll
C:\WINDOWS\system32\UJZIP32.DLL
C:\WINDOWS\system32\uqnp.dll
C:\WINDOWS\system32\uudmxfrm.dll
C:\WINDOWS\system32\vcfilter.dll
C:\WINDOWS\system32\vdhelper.dll
C:\WINDOWS\system32\vn4fr32.dll
C:\WINDOWS\system32\VN6STKIT.DLL
C:\WINDOWS\system32\vuwwdm32.dll
C:\WINDOWS\system32\wfnvocon.dll
C:\WINDOWS\system32\wgssvc.dll
C:\WINDOWS\system32\wjvcore.dll
C:\WINDOWS\system32\wlcsapi.dll
C:\WINDOWS\system32\wmninet.dll
C:\WINDOWS\system32\wnaservc.dll
C:\WINDOWS\system32\wtsdmoe.dll
C:\WINDOWS\system32\wwdap32.dll
C:\WINDOWS\system32\wyi.dll
C:\WINDOWS\system32\wypdinfo.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{709DF35C-5F36-49C7-9A41-D2482AB73418}"=-
"{878E42FC-D08E-4126-A495-3B10ADAB8713}"=-
[-HKEY_CLASSES_ROOT\CLSID\{709DF35C-5F36-49C7-9A41-D2482AB73418}]
[-HKEY_CLASSES_ROOT\CLSID\{878E42FC-D08E-4126-A495-3B10ADAB8713}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{FD3966F4-823B-4130-A168-7488F0686860}</IDone>
<IDtwo>VT00</IDtwo>
<VERSION>200</VERSION>
****************************************************************************

Voici le log d'hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 20:02:55, on 14/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUpKiller\PopUpKiller.EXE
O4 - HKLM\..\Run: [SpybotSnD] "H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\Cli\LOCALS~1\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://imin.cvf.fr/imin_data/ocx/MDM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/ [...] canner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/5 [...] taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v

Reply

Marsh Posté le 14-10-2005 à 20:10:21

Zut le log d'hijackthis n'est pas entier...

Le revoici :

Logfile of HijackThis v1.99.1
Scan saved at 20:02:55, on 14/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUpKiller\PopUpKiller.EXE
O4 - HKLM\..\Run: [SpybotSnD] "H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\Cli\LOCALS~1\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://imin.cvf.fr/imin_data/ocx/MDM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/ [...] canner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/5 [...] taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 5352180660
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/ [...] gleNav.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a936.g.akamai.net/7/936/537 [...] scan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v [...] b27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Reply

Marsh Posté le 14-10-2005 à 21:15:24

Ok. Plus de Vx2.

Si tu ne peux toujours pas te connecter à internet, télécharge et lance ce programme.
Tel qu'indiqué.

Tiens-moi au courant.

Reply

Marsh Posté le 14-10-2005 à 23:15:48

Je n'arrive toujours pas à me connecter à internet : j'ai toujours le message "erreur 691", qui dit que mon mot de passe ou identifiant n'est pas valide sur le domaine.

J'ai utilisé le programme winsockxpfix et tout s'est déroulé comme sur les indications, mais toujours pas de connexion.

Par contre, tu m'as aidée à régler beaucoup de problèmes Acrobaze, parce que :

je n'ai plus la fenêtre qui s'ouvre de façon intempestive me disant qu'une connexion est requise à partir de ad-ware,

j'ai pu faire un nettoyage de disque avec l'outil de windows, ce qui m'était devenu impossible parce que ça "calait" peu après le début du scan,

j'avais un problème de corbeille qui est maintenant résolu [il m'était impossible de voir le contenu de la corbeille quand je l'ouvrait : il n'y avait rien dans la fenêtre même si la corbeille n'était pas vide. Par contre, l'icône "corbeille" du bureau contenait toujours des papiers, même quand je faisais "vider la corbeille". ]

En revanche, toujours pas d'internet. Que puis-je faire de plus ?

Je joins mon dernier log d'hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 23:02:46, on 14/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUpKiller\PopUpKiller.EXE
O4 - HKLM\..\Run: [SpybotSnD] "H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\Cli\LOCALS~1\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://imin.cvf.fr/imin_data/ocx/MDM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/ [...] canner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/5 [...] taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 5352180660
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/ [...] gleNav.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a936.g.akamai.net/7/936/537 [...] scan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v [...] b27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Mille merci pour ton aide.

Reply

Marsh Posté le 15-10-2005 à 10:35:46

Miraaaaaacle !

Ca y est, ça fonctionne ! J'envoie ce message depuis mon ordinateur fixe, ce que je n'ai pas pu faire depuis 8 mois !!!

J'ai tout simplement, après avoir fait toutes les manip d'Acrobaze, retapé mon identifiant et mot de passe de connexion, et enfin ! Ca y est !!

Acrobaze :ange: , merci merci merci, mille fois merci !!! Tu n'imagines pas le soulagement que tu as pu me procurer. Je ne sais même pas comment te remercier d'avoir pris le temps de m'aider, et de le faire si bien.

Je te tire mon chapeau pour ce geste. Je ne sais même pas comment te remercier, car je suis dans l'euphorie la plus totale :pt1cable: .

Tu m'enlève une énorme épine du pied (que dis-je une épine ? Une hallebarde !).

Alors encore merci, vraiment.

Caro :hello:

Reply

Marsh Posté le 15-10-2005 à 12:20:51

:hello:

Sorry it's in English !!!

Last week I had big problems with my Internet connections. The responsible was "Trojan.KillReg" :fou:
MS AntiSpyware should be able to find and fix it but if not there are many other programs - lots of info on the net, just put "killreg" into search box.
If anyone has problems with their net connections it may be a security issue rather than configuration. Download "WinsockFix.zip" and keep it somewhere so you can run it if you lose your connection, from here http://www.tacktech.com/display.cfm?ttid=257
It should restore you connection.

---------------
"There are ten types of person in the world; those who understand binary and those who don't"

Reply

Marsh Posté le 15-10-2005 à 12:38:34

caronish

Impeccable! Très content d'avoir pu t'aider.

Pour terminer, lance ce scan en ligne.
Il nettoiera les "restes" que l'on ne voit pas avec HJT, en particulier ton système de restauration.

Au passage, ce topic montre l'utilité d'HijackThis (Eh oui...il y en a qui en sont encore à le décrier...comme d'autres croient encore que la Terre est plate...) et surtout qu'une analyse par un "robot" n'est pas suffisante.

montymoquette

Thank you for your input. The file given to caronish is the same. Only, it's specially made for Windows Xp. Your link will be useful for W98, Me etc...

Reply

Marsh Posté le

Reply

impossible de me connecter à internet

Sujets relatifs:

Leave a Replay