Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
2122 connectés 

  FORUM HardWare.fr
  Windows & Software
  Sécurité

  aide pour VX2 betterinternet

 


 Mot :   Pseudo :  
 
Bas de page
Auteur Sujet :

aide pour VX2 betterinternet

n°1938877
vichenzo
Posté le 24-02-2005 à 18:45:01  profilanswer
 

Slt a tous
 
Je crois que je suis infecte par ce spyware et je n 'arrive pas en m en depatouiller. Adware, spybot, kaspersky ne le detecte pas.
en revanche pest patrol me le detecte ms ne pe le supprimer.
j'ai utilise VX2 finder et voila ce qu'il me dit:
 
Log for VX2.BetterInternet File Finder (msg126)
 
Files Found---
 
Additional Files---
 
Keys Under Notify---
AtiExtEvent
Extensions
Internet Settings
 
 
Guardian Key--- is called:  
Asynchronous 000
DllName  
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Shutdown WinShutdown
 
User Agent String---
{3094BAB4-1D30-49FA-933C-9E7387FC0112}  
 
ms je c pas ce qu'il faut faire et j'ai des processus en cours qui m'empeche d'effacer certains fichiers:
 
 Logfile of HijackThis v1.99.1
Scan saved at 18:38:15, on 24/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PestPatrol\CookiePatrol.exe
C:\Program Files\PestPatrol\PPMemCheck.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\vince\Bureau\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: PPControl.lnk = C:\Program Files\PestPatrol\PPControl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?li [...] lcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1103849146000.kit.arenagay. [...] xe012d.exe
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v [...] b33902.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7B7FDF7-4050-4323-949C-184D2E7D12EE}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: Extensions - C:\WINNT\system32\csmmdlg.dll
O20 - Winlogon Notify: Internet Settings - C:\WINNT\system32\t4r80e9ueh.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
 
 
Donc si qqun a une idee pour m'aider a  l enlever ca serait cool...merci :)  

mood
Publicité
Posté le 24-02-2005 à 18:45:01  profilanswer
 

n°1939291
lerouxbouh
Posté le 24-02-2005 à 23:10:51  profilanswer
 

www.hijackthis.de->analyseur de log hijack (robot, donc faut quand meme faire gaffe)
ensuite pour les spy ben essaie microsoft anti spy.

n°1939298
acrobaze
Posté le 24-02-2005 à 23:18:59  profilanswer
 

Télécharge ce fichier.  
 
Mets-le sur ton bureau.  
Dézippe-le sur ton bureau.  
Double-clique l2mfix.bat et choisis l'option 1 (et entrée).  
Laisse-le travailler qq minutes et copie/colle le log final ici.  
 
Ps : surtout, ne clique pas encore l'option 2..ni aucun autre fichier de l2mfix!!!


Message édité par acrobaze le 25-02-2005 à 12:35:09
n°1939388
vichenzo
Posté le 25-02-2005 à 03:34:38  profilanswer
 

ok voila le log :
 
L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\t4r80e9ueh.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\csmmdlg.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5C1931AA-37DC-4500-AD74-5AA24B32E2F4}"=""
 
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="Extension du Panneau de configuration PlusPack"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'interpr‚teur de commandes"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour les objets Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'interpr‚teur de commandes pour la compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension du shell d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau et accŠs … distance"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Dossier favori du shell"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="Poste de travail"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Porte-documents"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Raccourci vers le dossier"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Volume mont‚"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="Extension de la page de propri‚t‚s des fichiers"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="Page des types de fichiers"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Gestionnaire des types de fichiers MIME"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Service Copier vers Microsoft"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Service D‚placer vers Microsoft"
"{13709620-C279-11CE-A49E-444553540000}"="Service d'automatisation de l'interface"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menu D‚marrer"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Service SendTo Microsoft"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Service Nouvel objet Microsoft"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Ouvrir avec le gestionnaire de menu contextuel"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Afficher les extensions HTML du Panneau de configuration"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Extension de la page de propri‚t‚s des options des dossiers"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Application d'aide du systŠme pour le glisser-d‚placer"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Ajouter l'‚l‚ment de cryptage dans les menus contextuels de l'Explorateur"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Dossier Bureau"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Bande de menus"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Suivi du menu Shell"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Barre du Bureau"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Image miniature"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Extracteur de miniatures des filtres graphiques Office"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'application du shell"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menu Fichiers hors connexion"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Options du dossier Fichiers hors connexion"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b1 (beta test) Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b1 (beta test) DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b1 (beta test) Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b1 (beta test) Property Sheet Shell Extension"
"{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{ABDC51E3-008D-4EA1-82A9-5BC753EBF96F}"=""
"{CCCB47A6-7AF0-4DB1-8071-CB8035430034}"=""
"{C316EF3E-BB48-4B65-87A9-02807943545C}"=""
"{92D1B9DF-8875-4F4D-BD57-72BFBA82D288}"=""
"{5A8F33CF-245C-4179-AA90-6ACEBCC9B98E}"=""
"{B5C8468B-BB0B-46F2-90D1-AEA75FA157E4}"=""
"{50CBD633-07E7-4121-AF94-BE6952EBBAC8}"=""
"{AB54EEC7-CC21-4221-AD27-252CBF8ECC91}"=""
"{5B542752-BEAA-4AA3-836C-DAD93F87404D}"=""
"{3E8DDDCD-CF91-488B-9201-D8AC1E67B391}"=""
"{924AA4D2-FC85-490F-9E90-8E83FBDD13AA}"=""
"{8A04AEFD-B2B4-4037-86DE-6A2E46233B7F}"=""
"{16DEAD54-533D-4A9E-85B9-E991FCB56AE4}"=""
"{00128006-4550-49ED-B031-28117E8DC612}"=""
"{89ACB01C-FCF6-4032-B60E-9BBBB3FB7688}"=""
"{C39CA95F-B6B6-4B7A-B3D6-E47D74C29DE5}"=""
"{C1A1B82F-5AD1-4067-BFF3-4D2B2D2A6C08}"=""
"{9FFE8911-5810-41C0-AEC7-42E04E41FE44}"=""
"{9113C22E-FD57-48AD-B1C2-0F6D7A75F3FB}"=""
"{04E9777F-62F8-499C-9727-4FB9E3191543}"=""
"{E63E92B6-DE4C-4D44-9E04-5B68A274DD85}"=""
"{49285DCA-6CC7-4FEE-BF17-7FF5195142F7}"=""
"{36518101-49AC-42CB-8E4C-40C1F328A565}"="Rad2 Extension"
"{5380C14E-C0A1-4D66-87DB-5995E6FF4623}"="Rad Extension"
"{75B8D633-9021-442C-9EA4-FF4BE72CE20F}"="NRad2 Extension"
"{C6844A1E-2C59-415A-84B3-C6A458372779}"="RadType Extension"
"{D00900BC-23F7-4FD6-BFA2-8232112C5C49}"="NRad Extension"
"{D2FD83AE-994A-4D4B-9097-2C9E11ED85F0}"="RadClkr Extension"
"{7700EB62-DB7C-47AF-A092-04376CA1D24C}"="RadMnu Extension"
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"
"{D865CAF3-0659-49EE-9E60-16B87BC65DF9}"=""
"{FACC44FD-3425-472D-B6AC-83CD77021C6E}"=""
"{AA20FD6D-DF0A-4A63-93D5-99E16CCA989A}"=""
 
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{AB54EEC7-CC21-4221-AD27-252CBF8ECC91}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{AB54EEC7-CC21-4221-AD27-252CBF8ECC91}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{AB54EEC7-CC21-4221-AD27-252CBF8ECC91}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{AB54EEC7-CC21-4221-AD27-252CBF8ECC91}\InprocServer32]
@="C:\\WINNT\\system32\\ssdoclc.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{9113C22E-FD57-48AD-B1C2-0F6D7A75F3FB}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{9113C22E-FD57-48AD-B1C2-0F6D7A75F3FB}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{9113C22E-FD57-48AD-B1C2-0F6D7A75F3FB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{9113C22E-FD57-48AD-B1C2-0F6D7A75F3FB}\InprocServer32]
@="C:\\WINNT\\system32\\csmmdlg.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{E63E92B6-DE4C-4D44-9E04-5B68A274DD85}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{E63E92B6-DE4C-4D44-9E04-5B68A274DD85}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{E63E92B6-DE4C-4D44-9E04-5B68A274DD85}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{E63E92B6-DE4C-4D44-9E04-5B68A274DD85}\InprocServer32]
@="C:\\WINNT\\system32\\dMdref.dll"
"ThreadingModel"="Apartment"
 
**********************************************************************************
Files Found are not all bad files:
 
C:\WINNT\SYSTEM32\
   csmmdlg.dll    Thu 24 Feb 2005  16:13:40   ..S.R        225 194   219,91 K
   ativvaxx.dll   Thu 20 Jan 2005   4:06:30   A....        437 984   427,72 K
   shell32.dll    Fri 10 Dec 2004  10:28:00   A....      2 389 776     2,28 M
   atiddc.dll     Thu 20 Jan 2005   4:19:42   A....         53 248    52,00 K
   ole32.dll      Fri 14 Jan 2005   2:27:24   A....        957 200   934,77 K
   ssdoclc.dll    Thu 20 Jan 2005   7:42:40   A....        225 149   219,87 K
   atitvo32.dll   Thu 20 Jan 2005   4:01:28   A....         17 408    17,00 K
   hashlib.dll    Thu 10 Feb 2005  22:32:18   A....         81 120    79,22 K
   ati2cqag.dll   Thu 20 Jan 2005   3:55:58   A....        249 856   244,00 K
   mvc40u.dll     Fri 25 Feb 2005   3:31:16   A....        225 194   219,91 K
   iepeers.dll    Tue  7 Dec 2004  19:17:32   A....        236 032   230,50 K
   browseui.dll   Tue  7 Dec 2004  19:17:32   A....      1 018 368   994,50 K
   atioglxx.dll   Thu 20 Jan 2005   4:46:48   A....      6 664 192     6,36 M
   atiiiexx.dll   Thu 20 Jan 2005   6:23:32   A....        299 008   292,00 K
   cdfview.dll    Tue  7 Dec 2004  19:17:32   A....        144 384   141,00 K
   mshtml.dll     Thu 27 Jan 2005  16:02:26   A....      2 806 272     2,68 M
   shdocvw.dll    Tue  7 Dec 2004  19:17:34   A....      1 337 344     1,27 M
   shlwapi.dll    Tue  7 Dec 2004  19:17:34   A....        402 944   393,50 K
   urlmon.dll     Tue  7 Dec 2004  19:17:34   A....        497 152   485,50 K
   wininet.dll    Tue  7 Dec 2004  19:17:36   A....        594 944   581,00 K
   sp3res.dll     Thu  6 Jan 2005   5:25:56   .....        286 720   280,00 K
   olecnv32.dll   Fri 14 Jan 2005   2:27:24   A....         36 624    35,77 K
   olecli32.dll   Fri 14 Jan 2005   2:27:24   A....         69 904    68,27 K
   rpcss.dll      Fri 14 Jan 2005   2:27:24   A....        212 240   207,27 K
   ati2dvag.dll   Thu 20 Jan 2005   4:25:56   A....        223 744   218,50 K
   ati3duag.dll   Thu 20 Jan 2005   4:12:16   A....      2 185 440     2,08 M
   nrad.dll       Wed 29 Dec 2004  23:57:54   A.S..        180 224   176,00 K
   dmdref.dll     Thu 10 Feb 2005   7:24:06   A....        222 984   217,76 K
   rad.dll        Wed 29 Dec 2004  23:58:10   A.S..        442 368   432,00 K
   radclkr.dll    Wed 29 Dec 2004  23:58:26   A.S..        118 784   116,00 K
   ati2evxx.dll   Thu 20 Jan 2005   4:21:02   A....         61 440    60,00 K
   ati2edxx.dll   Thu 20 Jan 2005   4:21:12   A....         39 936    39,00 K
   sporder.dll    Thu 10 Feb 2005  16:52:36   A....          8 464     8,27 K
   atipdlxx.dll   Thu 20 Jan 2005   4:21:34   A....         94 208    92,00 K
   atidemgr.dll   Thu 20 Jan 2005   5:54:46   A....        212 992   208,00 K
   radenu.dll     Tue  7 Dec 2004   3:28:32   A.S..         61 440    60,00 K
   oemdspif.dll   Thu 20 Jan 2005   4:21:24   A....         73 728    72,00 K
   radnlb.dll     Tue  7 Dec 2004   3:35:10   A.S..         61 440    60,00 K
   radexe.dll     Wed 29 Dec 2004  23:58:56   A.S..        212 992   208,00 K
   radtype.dll    Thu 30 Dec 2004   0:00:02   A.S..        163 909   160,07 K
   user32.dll     Wed 29 Dec 2004  10:14:18   A....        381 200   372,27 K
   raddeu.dll     Sun 28 Nov 2004   0:05:44   A.S..         61 440    60,00 K
   radmnu.dll     Wed 29 Dec 2004  23:59:20   A.S..        528 384   516,00 K
   radplk.dll     Sun 19 Dec 2004  19:52:48   A.S..         61 440    60,00 K
   radhun.dll     Tue  7 Dec 2004   3:33:02   A.S..         61 440    60,00 K
   radita.dll     Tue  7 Dec 2004   3:33:24   A.S..         65 536    64,00 K
   radesp.dll     Tue  7 Dec 2004   3:29:02   A.S..         61 440    60,00 K
   radfra.dll     Tue  7 Dec 2004   3:30:48   A.S..         65 536    64,00 K
   q6nulg~1.dll   Wed 19 Jan 2005   0:22:42   A....        223 186   217,95 K
   radregs.dll    Thu 30 Dec 2004   8:35:14   A.S..         65 536    64,00 K
   gwfspi~1.dll   Fri 28 Jan 2005  15:37:58   A....         23 304    22,76 K
   legitc~1.dll   Fri 28 Jan 2005  15:38:00   A....        421 128   411,26 K
   gcunco~1.dll   Thu 10 Feb 2005  22:32:20   A....        130 272   127,22 K
   gccoll~1.dll   Thu 10 Feb 2005  22:32:20   A....        119 520   116,72 K
   gcmd5q~1.dll   Thu 24 Feb 2005  18:46:40   A....         10 752    10,50 K
 
55 items found:  55 files (16 H/S), 0 directories.
   Total of file sizes:  26 112 464 bytes     24,90 M
Locate .tmp files:
 
No matches found.
**********************************************************************************
Directory Listing of system files:
 Le volume dans le lecteur C s'appelle EDOUARDII
 Le num‚ro de s‚rie du volume est 0B72-07EA
 
 R‚pertoire de C:\WINNT\System32
 
24/02/2005  16:13              225ÿ194 csmmdlg.dll
30/12/2004  08:35               65ÿ536 RadRegs.dll
30/12/2004  00:00              163ÿ909 RadType.dll
29/12/2004  23:59              528ÿ384 RadMnu.dll
29/12/2004  23:58              212ÿ992 RadExe.dll
29/12/2004  23:58               98ÿ304 RadClock.exe
29/12/2004  23:58              118ÿ784 RadClkR.dll
29/12/2004  23:58              442ÿ368 Rad.dll
29/12/2004  23:57              180ÿ224 NRad.dll
29/12/2004  22:43                1ÿ403 Probe.inf
29/12/2004  22:43               18ÿ492 RadProbe.sys
19/12/2004  19:52               61ÿ440 RadPlk.dll
07/12/2004  03:35               61ÿ440 RadNlb.dll
07/12/2004  03:33               65ÿ536 RadIta.dll
07/12/2004  03:33               61ÿ440 RadHun.dll
07/12/2004  03:30               65ÿ536 RadFra.dll
07/12/2004  03:29               61ÿ440 RadEsp.dll
07/12/2004  03:28               61ÿ440 RadEnu.dll
28/11/2004  00:05               61ÿ440 RadDeu.dll
04/11/2004  05:46                9ÿ315 radregs.inf
16/09/2004  00:25                    5 AuxDrv32_d.dlx
16/09/2004  00:12                    5 AuxDrv32_g.dlx
15/09/2004  01:24       <DIR>          dllcache
              22 fichier(s)        2ÿ564ÿ627 octets
               1 R‚p(s)   7ÿ638ÿ532ÿ096 octets libres

n°1939656
acrobaze
Posté le 25-02-2005 à 12:34:44  profilanswer
 

Ha! Il est beau !
 
Donc maintenant :  
 
- Ferme tes applications, il va y avoir un reboot.  
- Tu double-cliques l2mfix.bat et cette fois-ci, tu choisis l'option 2 (taper 2 et entrée). Ne t'inquiète pas si le bureau ou les icônes disparaissent un instant. C'est normal.  
Pareil, il y aura un fichier texte à la fin.  
 
- Copie/colle ce fichier texte et un nouvel HijackThis, pour finir.

n°1939809
vichenzo
Posté le 25-02-2005 à 14:00:55  profilanswer
 

slt, deja merci pour ton aide
 
voila le 2eme log :
L2Mfix 1.02b
 
Running From:
C:\Documents and Settings\vince\Bureau\l2mfix
 
 
 
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
 
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
(ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
(ID-NI) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
(ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
(ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
 
 
 
Setting registry permissions:
 
 
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
 
 
Denying C access for really "Everyone"
 - adding new ACCESS DENY entry
 
 
Registry Permissions set too:
 
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
 
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI)    DENY   --C-------    Tout le monde
(ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
(ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
(ID-NI) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
(ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
(ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
 
 
 
Setting up for Reboot
 
 
Starting Reboot!
 
C:\Documents and Settings\vince\Bureau\l2mfix  
System Rebooted!  
 
Running From:
C:\Documents and Settings\vince\Bureau\l2mfix
 
killing explorer and rundll32.exe  
 
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1128 'explorer.exe'
Killing PID 1128 'explorer.exe'
Error 0x6 : Descripteur non valide
 
 
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1204 'rundll32.exe'
 
Scanning First Pass. Please Wait!
 
First Pass Completed  
 
Second Pass Scanning  
 
Second pass Completed!
Backing Up: C:\WINNT\system32\MTDBRPTR.DLL
        1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\ssdoclc.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\nztdtect.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\dMdref.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\q6nulg5916.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\g022lafo1d2c.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\guard.tmp
        1 fichier(s) copi‚(s).
deleting: C:\WINNT\system32\MTDBRPTR.DLL  
Successfully Deleted: C:\WINNT\system32\MTDBRPTR.DLL
deleting: C:\WINNT\system32\ssdoclc.dll  
Successfully Deleted: C:\WINNT\system32\ssdoclc.dll
deleting: C:\WINNT\system32\nztdtect.dll  
Successfully Deleted: C:\WINNT\system32\nztdtect.dll
deleting: C:\WINNT\system32\dMdref.dll  
Successfully Deleted: C:\WINNT\system32\dMdref.dll
deleting: C:\WINNT\system32\q6nulg5916.dll  
Successfully Deleted: C:\WINNT\system32\q6nulg5916.dll
deleting: C:\WINNT\system32\g022lafo1d2c.dll  
Successfully Deleted: C:\WINNT\system32\g022lafo1d2c.dll
deleting: C:\WINNT\system32\guard.tmp  
Successfully Deleted: C:\WINNT\system32\guard.tmp
 
Desktop.ini sucessfully removed
 
 
Zipping up files for submission:
  adding: MTDBRPTR.DLL (deflated 4%)
  adding: ssdoclc.dll (deflated 4%)
  adding: nztdtect.dll (deflated 4%)
  adding: dMdref.dll (deflated 4%)
  adding: q6nulg5916.dll (deflated 3%)
  adding: g022lafo1d2c.dll (deflated 3%)
  adding: guard.tmp (deflated 4%)
  adding: echo.reg (deflated 9%)
  adding: clear.reg (deflated 71%)
  adding: desktop.ini (deflated 13%)
  adding: readme.txt (deflated 49%)
  adding: direct.txt (stored 0%)
  adding: report.txt (deflated 65%)
  adding: lo2.txt (deflated 76%)
  adding: test2.txt (deflated 49%)
  adding: test3.txt (deflated 49%)
  adding: test5.txt (deflated 49%)
  adding: test.txt (deflated 62%)
  adding: xfind.txt (deflated 54%)
  adding: backregs/shell.reg (deflated 74%)
  adding: backregs/AB54EEC7-CC21-4221-AD27-252CBF8ECC91.reg (deflated 70%)
  adding: backregs/9113C22E-FD57-48AD-B1C2-0F6D7A75F3FB.reg (deflated 70%)
  adding: backregs/E63E92B6-DE4C-4D44-9E04-5B68A274DD85.reg (deflated 70%)
  adding: backregs/1783579B-6065-4C05-8FB5-64888D233EA9.reg (deflated 70%)
 
Restoring Registry Permissions:  
 
 
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
 
 
Revoking access for really "Everyone"
 
 
Registry permissions set too:
 
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
 
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
(ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
(ID-NI) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
(ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
(ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
 
 
Restoring Sedebugprivilege:
 
 Granting SeDebugPrivilege to Administrators   ... failed (GetAccountSid(Administrators)=1332  
 
deleting local copy: MTDBRPTR.DLL    
deleting local copy: ssdoclc.dll    
deleting local copy: nztdtect.dll    
deleting local copy: dMdref.dll    
deleting local copy: q6nulg5916.dll    
deleting local copy: g022lafo1d2c.dll    
deleting local copy: guard.tmp    
 
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\t4r80e9ueh.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
 
The following are the files found:  
****************************************************************************
C:\WINNT\system32\MTDBRPTR.DLL  
C:\WINNT\system32\ssdoclc.dll  
C:\WINNT\system32\nztdtect.dll  
C:\WINNT\system32\dMdref.dll  
C:\WINNT\system32\q6nulg5916.dll  
C:\WINNT\system32\g022lafo1d2c.dll  
C:\WINNT\system32\guard.tmp  
 
Registry Entries that were Deleted:  
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder.  
****************************************************************************
REGEDIT4
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{ABDC51E3-008D-4EA1-82A9-5BC753EBF96F}"=-
"{CCCB47A6-7AF0-4DB1-8071-CB8035430034}"=-
"{C316EF3E-BB48-4B65-87A9-02807943545C}"=-
"{92D1B9DF-8875-4F4D-BD57-72BFBA82D288}"=-
"{5A8F33CF-245C-4179-AA90-6ACEBCC9B98E}"=-
"{B5C8468B-BB0B-46F2-90D1-AEA75FA157E4}"=-
"{50CBD633-07E7-4121-AF94-BE6952EBBAC8}"=-
"{AB54EEC7-CC21-4221-AD27-252CBF8ECC91}"=-
"{5B542752-BEAA-4AA3-836C-DAD93F87404D}"=-
"{3E8DDDCD-CF91-488B-9201-D8AC1E67B391}"=-
"{924AA4D2-FC85-490F-9E90-8E83FBDD13AA}"=-
"{8A04AEFD-B2B4-4037-86DE-6A2E46233B7F}"=-
"{16DEAD54-533D-4A9E-85B9-E991FCB56AE4}"=-
"{00128006-4550-49ED-B031-28117E8DC612}"=-
"{89ACB01C-FCF6-4032-B60E-9BBBB3FB7688}"=-
"{C39CA95F-B6B6-4B7A-B3D6-E47D74C29DE5}"=-
"{C1A1B82F-5AD1-4067-BFF3-4D2B2D2A6C08}"=-
"{9FFE8911-5810-41C0-AEC7-42E04E41FE44}"=-
"{9113C22E-FD57-48AD-B1C2-0F6D7A75F3FB}"=-
"{04E9777F-62F8-499C-9727-4FB9E3191543}"=-
"{E63E92B6-DE4C-4D44-9E04-5B68A274DD85}"=-
"{49285DCA-6CC7-4FEE-BF17-7FF5195142F7}"=-
"{D865CAF3-0659-49EE-9E60-16B87BC65DF9}"=-
"{FACC44FD-3425-472D-B6AC-83CD77021C6E}"=-
"{AA20FD6D-DF0A-4A63-93D5-99E16CCA989A}"=-
"{1783579B-6065-4C05-8FB5-64888D233EA9}"=-
[-HKEY_CLASSES_ROOT\CLSID\{ABDC51E3-008D-4EA1-82A9-5BC753EBF96F}]
[-HKEY_CLASSES_ROOT\CLSID\{CCCB47A6-7AF0-4DB1-8071-CB8035430034}]
[-HKEY_CLASSES_ROOT\CLSID\{C316EF3E-BB48-4B65-87A9-02807943545C}]
[-HKEY_CLASSES_ROOT\CLSID\{92D1B9DF-8875-4F4D-BD57-72BFBA82D288}]
[-HKEY_CLASSES_ROOT\CLSID\{5A8F33CF-245C-4179-AA90-6ACEBCC9B98E}]
[-HKEY_CLASSES_ROOT\CLSID\{B5C8468B-BB0B-46F2-90D1-AEA75FA157E4}]
[-HKEY_CLASSES_ROOT\CLSID\{50CBD633-07E7-4121-AF94-BE6952EBBAC8}]
[-HKEY_CLASSES_ROOT\CLSID\{AB54EEC7-CC21-4221-AD27-252CBF8ECC91}]
[-HKEY_CLASSES_ROOT\CLSID\{5B542752-BEAA-4AA3-836C-DAD93F87404D}]
[-HKEY_CLASSES_ROOT\CLSID\{3E8DDDCD-CF91-488B-9201-D8AC1E67B391}]
[-HKEY_CLASSES_ROOT\CLSID\{924AA4D2-FC85-490F-9E90-8E83FBDD13AA}]
[-HKEY_CLASSES_ROOT\CLSID\{8A04AEFD-B2B4-4037-86DE-6A2E46233B7F}]
[-HKEY_CLASSES_ROOT\CLSID\{16DEAD54-533D-4A9E-85B9-E991FCB56AE4}]
[-HKEY_CLASSES_ROOT\CLSID\{00128006-4550-49ED-B031-28117E8DC612}]
[-HKEY_CLASSES_ROOT\CLSID\{89ACB01C-FCF6-4032-B60E-9BBBB3FB7688}]
[-HKEY_CLASSES_ROOT\CLSID\{C39CA95F-B6B6-4B7A-B3D6-E47D74C29DE5}]
[-HKEY_CLASSES_ROOT\CLSID\{C1A1B82F-5AD1-4067-BFF3-4D2B2D2A6C08}]
[-HKEY_CLASSES_ROOT\CLSID\{9FFE8911-5810-41C0-AEC7-42E04E41FE44}]
[-HKEY_CLASSES_ROOT\CLSID\{9113C22E-FD57-48AD-B1C2-0F6D7A75F3FB}]
[-HKEY_CLASSES_ROOT\CLSID\{04E9777F-62F8-499C-9727-4FB9E3191543}]
[-HKEY_CLASSES_ROOT\CLSID\{E63E92B6-DE4C-4D44-9E04-5B68A274DD85}]
[-HKEY_CLASSES_ROOT\CLSID\{49285DCA-6CC7-4FEE-BF17-7FF5195142F7}]
[-HKEY_CLASSES_ROOT\CLSID\{D865CAF3-0659-49EE-9E60-16B87BC65DF9}]
[-HKEY_CLASSES_ROOT\CLSID\{FACC44FD-3425-472D-B6AC-83CD77021C6E}]
[-HKEY_CLASSES_ROOT\CLSID\{AA20FD6D-DF0A-4A63-93D5-99E16CCA989A}]
[-HKEY_CLASSES_ROOT\CLSID\{1783579B-6065-4C05-8FB5-64888D233EA9}]
REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{7FF34179-8532-4854-8D82-9CF26BCBDD3E}"=-
****************************************************************************
Desktop.ini Contents:  
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{7FF34179-8532-4854-8D82-9CF26BCBDD3E}</IDone>
<IDtwo>AD</IDtwo>
<VERSION>200</VERSION>
****************************************************************************
 
 
et voila le nouvel hijack this:
 
Logfile of HijackThis v1.99.1
Scan saved at 14:01:03, on 25/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\vince\Bureau\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: PPControl.lnk = C:\Program Files\PestPatrol\PPControl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?li [...] lcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1103849146000.kit.arenagay. [...] xe012d.exe
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v [...] b33902.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7B7FDF7-4050-4323-949C-184D2E7D12EE}: NameServer = 80.10.246.1 80.10.246.132
O20 - Winlogon Notify: Internet Settings - C:\WINNT\system32\t4r80e9ueh.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
 

n°1939861
vichenzo
Posté le 25-02-2005 à 14:27:17  profilanswer
 

ah oui en meme temps avec ce que tu m as fais faire je n ai plus internet sur l'aute ordinateur qui est en reseau...c normal???

n°1940004
acrobaze
Posté le 25-02-2005 à 15:45:07  profilanswer
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
O20 - Winlogon Notify: Internet Settings - C:\WINNT\system32\t4r80e9ueh.dll (file missing)  
 
Coche et "fixe" ces lignes.
 
Redémarre.
 
Pour l'autre ordi, je ne sais pas.

n°1940424
vichenzo
Posté le 25-02-2005 à 21:06:54  profilanswer
 

question bete.....mais comment on coche et fixe ces lignes??? :)

n°1940520
acrobaze
Posté le 25-02-2005 à 22:49:13  profilanswer
 

Tu lances HijackThis -> scan
tu coches (sur la gache) ces 3 lignes.
 
Puis tu cliques "Fix checked".
 
Tu redémarres et tu postes un nouveau log.

mood
Publicité
Posté le 25-02-2005 à 22:49:13  profilanswer
 

n°1940680
vichenzo
Posté le 26-02-2005 à 01:26:02  profilanswer
 

ok merci voila le nouveau log :
Logfile of HijackThis v1.99.1
Scan saved at 01:24:36, on 26/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\vince\Bureau\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: PPControl.lnk = C:\Program Files\PestPatrol\PPControl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?li [...] lcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1103849146000.kit.arenagay. [...] xe012d.exe
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v [...] b33902.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
 

n°1940880
acrobaze
Posté le 26-02-2005 à 11:53:29  profilanswer
 


Tout est ok!

n°1941285
vichenzo
Posté le 26-02-2005 à 19:00:38  profilanswer
 

ben je te remercie de ce que t as fais pour moi ... meme si g rien compris a ce que tu m as fais faire ;-)
 
Merci Acrobaze


Aller à :
Ajouter une réponse
  FORUM HardWare.fr
  Windows & Software
  Sécurité

  aide pour VX2 betterinternet

 

Sujets relatifs
besoin d'aide config reseau WiFiBesoin D'aide Pour Des Install Automatiques
Besoin d'aide configuration Linksys WAG54G! Merci...Aide Pour Formater Un Disque Dur
De l'aide pour un noub du wifi...svpaide à l'achat pour le wifi freebox
[Aide]Création d'un réseau Ad Hoc sous Xp SP2Aide pour agenda partage outlook 2003
Impossible d ouvrir fichier aide (xx.hlp) de mes logicielsProblème très sérieux: besoin d'aide
Plus de sujets relatifs à : aide pour VX2 betterinternet


Copyright © 1997-2022 Hardware.fr SARL (Signaler un contenu illicite / Données personnelles) / Groupe LDLC / Shop HFR