cliffburton

Ben en fait, je vais plutot demander a mon boss d'acheter de la RAM... Mais merci du conseil. Je vais tout de me appliquer tous vos conseils, mais c'est vrai que je ne peux pas m'attendre a quelque chose de fabuleux... Merci encore

Bonjour, Mon ordinateur au bureau est tres lent. J'ai fait toutes les manipes de nettoyage, telles que defragmentation, Easycleaner, nettoyage de disque, msconfig pour le demarrage, le tout en mode sans echec, mais je n'ai pas les resultats escomptes... Mon Antivirus (BitDefender, que je trouve horriblement lent, mais que je n'ai pas le droit de desinstaller) ne detecte apparement rien. Si vous avez une idee de ce qui pourrait etre la source de ralentissement... Merci d'avance Voici ma configuration : Processeur : Mobile AMD Athlon XP-M Processor 3000+ (1600Mhz) (L1: 128ko L2: 256ko ) Carte mère : SMBios version 2.3 ECS 761GX-M754-964 1.0 Bios: American Megatrends Inc. 080012 01/11/2006 taille: 512Kb Chipset : Southbridge: SiS 964 Mémoire : Barette de 256 Mo 266 Mhz Manufacturer0 Barette de 128 Mo 266 Mhz Manufacturer1 mémoire windows (cette valeur ne correspond pas exactement à la mémoire totale physique): 351Mo Disque(s) dur(s) : ST340015A (37.27Go) Et voici mon rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:11:06, on 03/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pointeuropa.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179670356281 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 5573 bytes

Je vous remercie Cette fois je me lance et j'arrête de vous embêter

Rebonjour, J'ai remarqué deux autres écrans au même prix, pourriez-vous y jeter un coup d'oeil et me dire ce que vous en pensez ? Lequel est le plus fiable ? Ou si ce sont quasiment les mêmes ? Fiche technique Mirai : http://www.cdiscount.com/informatique/ecra...DML519W100.html Fiche technique iiSonic : http://www.cdiscount.com/informatique/ecra...0110-IIW9M.html Fiche technique de l'Acer (je vous la remets) : http://www.cdiscount.com/informatique/ecra...L1916WS5MS.html Merci

Me voilà doublement rassuré : - Parce que je vais pouvoir faire une belle affaire puisqu'il n'y a pas d'incompatibilité - Parce que ma carte graphique me suffit largement pour une bonne raison : les jeux auxquels je joue datent d'il y a au moins 3 ans (excepté Football Manager 2007) Merci beaucoup pour vos réponses, votre patience et votre amabilité A bientôt

Voilà qui me freine dans mon élan... Dommage ! Pour éviter de vous faire perdre du temps, quelle est la ou les caractéristiques qui déterminent le besoin d'une carte graphique supérieure ? Ou si vous avez un peu de temps, dans la liste suivante (ou une autre), est-ce que vous voyez un écran que ma carte graphique supporterait (si possible en 19" 16/10ème) ? : http://www.cdiscount.com/informatique/ecra...matique-ecran-p Merci encore de votre patience

C'est vraiment nécessaire ou c'est pour que j'obtienne des capacités optimales ? Parce que ma carte je l'ai depuis à peine deux ans et ça m'embête de la changer.

Bonjour, Voilà, mon bon vieux moniteur IBM m'a lâché hier, je voudrais donc en acheter un neuf. J'ai trouvé l'offre suivante sur Cdiscount, ça m'a l'air séduisant mais je veux pas me planter, donc si vous pouviez me donner votre avis, ça m'aiderait beaucoup dans ma décision finale : http://www.cdiscount.com/informatique/ecra...L1916WS5MS.html Sachant que mes besoins sont les suivants : je regarde beaucoup de films sur mon PC et je joue pas mal à tous genres de jeux. Enfin, une petite question suppémentaire : Ma carte graphique (GeForce FX 5200) doit-elle entrer en ligne de compte quant au choix du moniteur ? D'avance merci

Bonjour, J'ai actuellement le problème suivant : Je souhaite désinstaller Norton Anti-virus d'un pc portable pour le remplacer par AntiVir + Zone Alarm (Norton est installé par défaut et il n'y a pas de CD fourni avec le portable), mais lorsque je me rends dans "Ajout/suppression de programmes" et que je clique afin de supprimer Norton, le message suivant s'affiche : "Setup a rencontré un problème et doit fermer". Quelqu'un a-t-il déjà eu ce problème ou détient tout simplement une solution miracle ? Parce que l'envie me manque vraiment de payer un abonnement à Norton ! D'avance merci.

En fait elle date pas mal, ma carte mère. Mais j'ai retrouvé mes deux disques durs actuels sur le site de Maxtor, et il apparait que c'est de l'UDMA. Donc je crois que mon problème est réglé... Merci

Bonjour, Je souhaite m'acheter un nouveau disque dur, seulement je ne suis pas sûr de ce que je dois prendre : SATA ou UDMA ? Ma carte mère : SMBios version 2.2 8363-686A Merci d'avance pour votre aide

le message classique qui propose 'envoyer le rapport' et 'ne pas envoyer' Voici le nouveau rapport Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 21:51:42, on 08/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\av_fw\fswsclds.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE C:\WINDOWS\System32\nvctrl.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Félix\Bureau\Hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp3C24.tmp O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll (file missing) O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029 O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing) O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (file missing) O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing) O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (file missing) O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Ok, ça a marché. J'ai suivi toutes les procédures que tu m'as indiquées, et ça n'était pas vain : il a détecté et supprimé 12 fichiers infectés ! Restent deux petits problèmes : 1 - la connexion Internet est rétablie, mais IE s'ouvre sur 'aboutblank', soit une page vierge, et il ne veut pas retenir la page de démarrage que je lui indique dans Options Internet. 2- un bug qui subsiste apparament depuis longtemps sur son pc : quand on essaie de se rendre sur panneau de configuration (sauf en mode sans échec), un message d'erreur microsoft apparait puis ferme automatiquement la fenêtre. Une idée sur ces problèmes ? En tous cas merci charles ingals pour ton coup de main

D'accord, merci pour l'info Par contre, je n'ai pas trouvé le tutorial sur LSPFix, pourrais-tu me l'indiquer ? Sur les 3 anti-virus, je n'en connais que deux ( Trend, ou quelque chose du genre, et l'anti-virus de wanadoo), est-ce que tu arrives à voir quel est le troisième ? Merci beaucoup (et un merci général pour ce site qui facilite vraiment la vie, même pour les débutants )

Très bien, je le ferai. Etant donné qu'il faut que je retourne chez cet ami pour appliquer cette démarche, je ne pourrai pas poster de réponse immédiatement. Cependant j'ai une question : pensez-vous que le fait qu'il ne puisse plus accéder à Internet est lié à l'infection ?

Bonjour, Un ami à moi a un problème avec son PC et n'a plus accès à Internet (je ne sais pas si le spyware en est la cause) et son anti-virus indique la présence d'un ou plusieurs spywares. J'ai donc fait un rapport Hijackthis sur son ordi et vous le poste via mon propre PC : Logfile of HijackThis v1.99.1 Scan saved at 15:45:40, on 05/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\SPOOLSV.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe C:\Program Files\Securitoo\av_fw\fswsclds.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\mssearchnet.exe C:\WINDOWS\System32\nvctrl.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\windows\system32\rlvknlg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Félix\Bureau\Hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hpC0A.tmp O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll (file missing) O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029 O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing) O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe Que pouvez-vous en dire ? Merci d'avance.

ok merci, je vais faire ce qu'il faut. Merci pour tout

Ok, mais pourquoi ni AntiVir ni Spybot Search and Destroy n'ont rien trouvé ?

c'est bon, j'aurais déjà eu une dizaine de publicité au moins si ça persistait Au fait, de quelle type d'infection s'agissait-il ?

Pour l'instant aucune publicité (au passage c'est toujours ce WinFixer 2005 qui etait en cause apparament) et mon ordi n'a pas rebooté. Se pouvait-il que les reboots fréquents de mon PC étaient dûs à cela ? En tous cas merci pour tout Stonangel, parce qu'il y a un mois tu m'as déjà débarassé d'un virus.

Logfile of HijackThis v1.99.1 Scan saved at 15:06:43, on 26/08/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Lionheart\Mes documents\Logiciels\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Voilà mon rapport Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 14:21:25, on 26/08/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Lionheart\Mes documents\Logiciels\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe PS : Mon Affichage des messages etait déjà désactivé.

Voilà le deuxième rapport, je me dépeche de faire le rapport Hijackthis : L2Mfix 1.04 Running From: C:\Program Files\L2MFix\l2mfix RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- BUILTIN\Administrateurs (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Denying C(CI) access for predefined group "Administrators" - adding new ACCESS DENY entry - removing existing ACCESS DENY entry Registry Permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- BUILTIN\Administrateurs (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE Setting up for Reboot Starting Reboot! C:\Program Files\L2MFix\l2mfix System Rebooted! Running From: C:\Program Files\L2MFix\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1272 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1368 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Backing Up: C:\WINDOWS\system32\antiveds.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\antiveds.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\bTtmeter.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\bTtmeter.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\cwdial32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\cwdial32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\czmsvcs.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\czmsvcs.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dlound3d.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dlound3d.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\domv2clt.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\domv2clt.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dp8vb.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dp8vb.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\hXl.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\hXl.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ibrnonce.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ibrnonce.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\iw50_qcx.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\iw50_qcx.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\jydw400.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\jydw400.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\kidur.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\kidur.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\kndgr1.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\kndgr1.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\lucalui.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\lucalui.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mctvca.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mctvca.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\merui.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\merui.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mjupgrd.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mjupgrd.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mlorcl32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mlorcl32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\MLSCP.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\MLSCP.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mocms.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mocms.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mrmefilt.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mrmefilt.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\MTSCP.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\MTSCP.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\muupgrd.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\muupgrd.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mvdex.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mvdex.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mwdimap.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mwdimap.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mzuni11.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mzuni11.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ngtid.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ngtid.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\nsrspl.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\nsrspl.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\obdbse32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\obdbse32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\obedlg.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\obedlg.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\oxbcbcp.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\oxbcbcp.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\tupmonui.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\tupmonui.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\vcpodbc.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\vcpodbc.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wjpcd.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wjpcd.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wonfax.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wonfax.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\guard.tmp 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\guard.tmp 1 fichier(s) copi‚(s). deleting: C:\WINDOWS\system32\antiveds.dll Successfully Deleted: C:\WINDOWS\system32\antiveds.dll deleting: C:\WINDOWS\system32\antiveds.dll Successfully Deleted: C:\WINDOWS\system32\antiveds.dll deleting: C:\WINDOWS\system32\bTtmeter.dll Successfully Deleted: C:\WINDOWS\system32\bTtmeter.dll deleting: C:\WINDOWS\system32\bTtmeter.dll Successfully Deleted: C:\WINDOWS\system32\bTtmeter.dll deleting: C:\WINDOWS\system32\cwdial32.dll Successfully Deleted: C:\WINDOWS\system32\cwdial32.dll deleting: C:\WINDOWS\system32\cwdial32.dll Successfully Deleted: C:\WINDOWS\system32\cwdial32.dll deleting: C:\WINDOWS\system32\czmsvcs.dll Successfully Deleted: C:\WINDOWS\system32\czmsvcs.dll deleting: C:\WINDOWS\system32\czmsvcs.dll Successfully Deleted: C:\WINDOWS\system32\czmsvcs.dll deleting: C:\WINDOWS\system32\dlound3d.dll Successfully Deleted: C:\WINDOWS\system32\dlound3d.dll deleting: C:\WINDOWS\system32\dlound3d.dll Successfully Deleted: C:\WINDOWS\system32\dlound3d.dll deleting: C:\WINDOWS\system32\domv2clt.dll Successfully Deleted: C:\WINDOWS\system32\domv2clt.dll deleting: C:\WINDOWS\system32\domv2clt.dll Successfully Deleted: C:\WINDOWS\system32\domv2clt.dll deleting: C:\WINDOWS\system32\dp8vb.dll Successfully Deleted: C:\WINDOWS\system32\dp8vb.dll deleting: C:\WINDOWS\system32\dp8vb.dll Successfully Deleted: C:\WINDOWS\system32\dp8vb.dll deleting: C:\WINDOWS\system32\hXl.dll Successfully Deleted: C:\WINDOWS\system32\hXl.dll deleting: C:\WINDOWS\system32\hXl.dll Successfully Deleted: C:\WINDOWS\system32\hXl.dll deleting: C:\WINDOWS\system32\ibrnonce.dll Successfully Deleted: C:\WINDOWS\system32\ibrnonce.dll deleting: C:\WINDOWS\system32\ibrnonce.dll Successfully Deleted: C:\WINDOWS\system32\ibrnonce.dll deleting: C:\WINDOWS\system32\iw50_qcx.dll Successfully Deleted: C:\WINDOWS\system32\iw50_qcx.dll deleting: C:\WINDOWS\system32\iw50_qcx.dll Successfully Deleted: C:\WINDOWS\system32\iw50_qcx.dll deleting: C:\WINDOWS\system32\jydw400.dll Successfully Deleted: C:\WINDOWS\system32\jydw400.dll deleting: C:\WINDOWS\system32\jydw400.dll Successfully Deleted: C:\WINDOWS\system32\jydw400.dll deleting: C:\WINDOWS\system32\kidur.dll Successfully Deleted: C:\WINDOWS\system32\kidur.dll deleting: C:\WINDOWS\system32\kidur.dll Successfully Deleted: C:\WINDOWS\system32\kidur.dll deleting: C:\WINDOWS\system32\kndgr1.dll Successfully Deleted: C:\WINDOWS\system32\kndgr1.dll deleting: C:\WINDOWS\system32\kndgr1.dll Successfully Deleted: C:\WINDOWS\system32\kndgr1.dll deleting: C:\WINDOWS\system32\lucalui.dll Successfully Deleted: C:\WINDOWS\system32\lucalui.dll deleting: C:\WINDOWS\system32\lucalui.dll Successfully Deleted: C:\WINDOWS\system32\lucalui.dll deleting: C:\WINDOWS\system32\mctvca.dll Successfully Deleted: C:\WINDOWS\system32\mctvca.dll deleting: C:\WINDOWS\system32\mctvca.dll Successfully Deleted: C:\WINDOWS\system32\mctvca.dll deleting: C:\WINDOWS\system32\merui.dll Successfully Deleted: C:\WINDOWS\system32\merui.dll deleting: C:\WINDOWS\system32\merui.dll Successfully Deleted: C:\WINDOWS\system32\merui.dll deleting: C:\WINDOWS\system32\mjupgrd.dll Successfully Deleted: C:\WINDOWS\system32\mjupgrd.dll deleting: C:\WINDOWS\system32\mjupgrd.dll Successfully Deleted: C:\WINDOWS\system32\mjupgrd.dll deleting: C:\WINDOWS\system32\mlorcl32.dll Successfully Deleted: C:\WINDOWS\system32\mlorcl32.dll deleting: C:\WINDOWS\system32\mlorcl32.dll Successfully Deleted: C:\WINDOWS\system32\mlorcl32.dll deleting: C:\WINDOWS\system32\MLSCP.dll Successfully Deleted: C:\WINDOWS\system32\MLSCP.dll deleting: C:\WINDOWS\system32\MLSCP.dll Successfully Deleted: C:\WINDOWS\system32\MLSCP.dll deleting: C:\WINDOWS\system32\mocms.dll Successfully Deleted: C:\WINDOWS\system32\mocms.dll deleting: C:\WINDOWS\system32\mocms.dll Successfully Deleted: C:\WINDOWS\system32\mocms.dll deleting: C:\WINDOWS\system32\mrmefilt.dll Successfully Deleted: C:\WINDOWS\system32\mrmefilt.dll deleting: C:\WINDOWS\system32\mrmefilt.dll Successfully Deleted: C:\WINDOWS\system32\mrmefilt.dll deleting: C:\WINDOWS\system32\MTSCP.dll Successfully Deleted: C:\WINDOWS\system32\MTSCP.dll deleting: C:\WINDOWS\system32\MTSCP.dll Successfully Deleted: C:\WINDOWS\system32\MTSCP.dll deleting: C:\WINDOWS\system32\muupgrd.dll Successfully Deleted: C:\WINDOWS\system32\muupgrd.dll deleting: C:\WINDOWS\system32\muupgrd.dll Successfully Deleted: C:\WINDOWS\system32\muupgrd.dll deleting: C:\WINDOWS\system32\mvdex.dll Successfully Deleted: C:\WINDOWS\system32\mvdex.dll deleting: C:\WINDOWS\system32\mvdex.dll Successfully Deleted: C:\WINDOWS\system32\mvdex.dll deleting: C:\WINDOWS\system32\mwdimap.dll Successfully Deleted: C:\WINDOWS\system32\mwdimap.dll deleting: C:\WINDOWS\system32\mwdimap.dll Successfully Deleted: C:\WINDOWS\system32\mwdimap.dll deleting: C:\WINDOWS\system32\mzuni11.dll Successfully Deleted: C:\WINDOWS\system32\mzuni11.dll deleting: C:\WINDOWS\system32\mzuni11.dll Successfully Deleted: C:\WINDOWS\system32\mzuni11.dll deleting: C:\WINDOWS\system32\ngtid.dll Successfully Deleted: C:\WINDOWS\system32\ngtid.dll deleting: C:\WINDOWS\system32\ngtid.dll Successfully Deleted: C:\WINDOWS\system32\ngtid.dll deleting: C:\WINDOWS\system32\nsrspl.dll Successfully Deleted: C:\WINDOWS\system32\nsrspl.dll deleting: C:\WINDOWS\system32\nsrspl.dll Successfully Deleted: C:\WINDOWS\system32\nsrspl.dll deleting: C:\WINDOWS\system32\obdbse32.dll Successfully Deleted: C:\WINDOWS\system32\obdbse32.dll deleting: C:\WINDOWS\system32\obdbse32.dll Successfully Deleted: C:\WINDOWS\system32\obdbse32.dll deleting: C:\WINDOWS\system32\obedlg.dll Successfully Deleted: C:\WINDOWS\system32\obedlg.dll deleting: C:\WINDOWS\system32\obedlg.dll Successfully Deleted: C:\WINDOWS\system32\obedlg.dll deleting: C:\WINDOWS\system32\oxbcbcp.dll Successfully Deleted: C:\WINDOWS\system32\oxbcbcp.dll deleting: C:\WINDOWS\system32\oxbcbcp.dll Successfully Deleted: C:\WINDOWS\system32\oxbcbcp.dll deleting: C:\WINDOWS\system32\tupmonui.dll Successfully Deleted: C:\WINDOWS\system32\tupmonui.dll deleting: C:\WINDOWS\system32\tupmonui.dll Successfully Deleted: C:\WINDOWS\system32\tupmonui.dll deleting: C:\WINDOWS\system32\vcpodbc.dll Successfully Deleted: C:\WINDOWS\system32\vcpodbc.dll deleting: C:\WINDOWS\system32\vcpodbc.dll Successfully Deleted: C:\WINDOWS\system32\vcpodbc.dll deleting: C:\WINDOWS\system32\wjpcd.dll Successfully Deleted: C:\WINDOWS\system32\wjpcd.dll deleting: C:\WINDOWS\system32\wjpcd.dll Successfully Deleted: C:\WINDOWS\system32\wjpcd.dll deleting: C:\WINDOWS\system32\wonfax.dll Successfully Deleted: C:\WINDOWS\system32\wonfax.dll deleting: C:\WINDOWS\system32\wonfax.dll Successfully Deleted: C:\WINDOWS\system32\wonfax.dll deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp Zipping up files for submission: adding: antiveds.dll (212 bytes security) (deflated 48%) adding: bTtmeter.dll (212 bytes security) (deflated 48%) adding: cwdial32.dll (212 bytes security) (deflated 48%) adding: czmsvcs.dll (212 bytes security) (deflated 48%) adding: dlound3d.dll (212 bytes security) (deflated 48%) adding: domv2clt.dll (212 bytes security) (deflated 48%) adding: dp8vb.dll (212 bytes security) (deflated 48%) adding: hXl.dll (212 bytes security) (deflated 48%) adding: ibrnonce.dll (212 bytes security) (deflated 48%) adding: iw50_qcx.dll (212 bytes security) (deflated 48%) adding: jydw400.dll (212 bytes security) (deflated 48%) adding: kidur.dll (212 bytes security) (deflated 48%) adding: kndgr1.dll (212 bytes security) (deflated 48%) adding: lucalui.dll (212 bytes security) (deflated 48%) adding: mctvca.dll (212 bytes security) (deflated 48%) adding: merui.dll (212 bytes security) (deflated 48%) adding: mjupgrd.dll (212 bytes security) (deflated 48%) adding: mlorcl32.dll (212 bytes security) (deflated 48%) adding: MLSCP.dll (212 bytes security) (deflated 48%) adding: mocms.dll (212 bytes security) (deflated 48%) adding: mrmefilt.dll (212 bytes security) (deflated 48%) adding: MTSCP.dll (212 bytes security) (deflated 48%) adding: muupgrd.dll (212 bytes security) (deflated 48%) adding: mvdex.dll (212 bytes security) (deflated 48%) adding: mwdimap.dll (212 bytes security) (deflated 48%) adding: mzuni11.dll (212 bytes security) (deflated 48%) adding: ngtid.dll (212 bytes security) (deflated 48%) adding: nsrspl.dll (212 bytes security) (deflated 48%) adding: obdbse32.dll (212 bytes security) (deflated 48%) adding: obedlg.dll (212 bytes security) (deflated 48%) adding: oxbcbcp.dll (212 bytes security) (deflated 48%) adding: tupmonui.dll (212 bytes security) (deflated 48%) adding: vcpodbc.dll (212 bytes security) (deflated 48%) adding: wjpcd.dll (212 bytes security) (deflated 48%) adding: wonfax.dll (212 bytes security) (deflated 48%) adding: guard.tmp (212 bytes security) (deflated 48%) adding: clear.reg (212 bytes security) (deflated 22%) adding: echo.reg (212 bytes security) (deflated 6%) adding: direct.txt (212 bytes security) (stored 0%) adding: lo2.txt (212 bytes security) (deflated 90%) adding: readme.txt (212 bytes security) (deflated 52%) adding: report.txt (212 bytes security) (deflated 66%) adding: test.txt (212 bytes security) (deflated 91%) adding: test2.txt (212 bytes security) (stored 0%) adding: test3.txt (212 bytes security) (stored 0%) adding: test5.txt (212 bytes security) (stored 0%) adding: xfind.txt (212 bytes security) (deflated 88%) adding: backregs/B0A6B703-0533-4EB2-8BFD-E8486474446E.reg (212 bytes security) (deflated 70%) adding: backregs/notibac.reg (212 bytes security) (deflated 87%) adding: backregs/shell.reg (212 bytes security) (deflated 73%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for predefined group "Administrators" Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332 Restoring Windows Update Certificates.: deleting local copy: antiveds.dll deleting local copy: antiveds.dll deleting local copy: bTtmeter.dll deleting local copy: bTtmeter.dll deleting local copy: cwdial32.dll deleting local copy: cwdial32.dll deleting local copy: czmsvcs.dll deleting local copy: czmsvcs.dll deleting local copy: dlound3d.dll deleting local copy: dlound3d.dll deleting local copy: domv2clt.dll deleting local copy: domv2clt.dll deleting local copy: dp8vb.dll deleting local copy: dp8vb.dll deleting local copy: hXl.dll deleting local copy: hXl.dll deleting local copy: ibrnonce.dll deleting local copy: ibrnonce.dll deleting local copy: iw50_qcx.dll deleting local copy: iw50_qcx.dll deleting local copy: jydw400.dll deleting local copy: jydw400.dll deleting local copy: kidur.dll deleting local copy: kidur.dll deleting local copy: kndgr1.dll deleting local copy: kndgr1.dll deleting local copy: lucalui.dll deleting local copy: lucalui.dll deleting local copy: mctvca.dll deleting local copy: mctvca.dll deleting local copy: merui.dll deleting local copy: merui.dll deleting local copy: mjupgrd.dll deleting local copy: mjupgrd.dll deleting local copy: mlorcl32.dll deleting local copy: mlorcl32.dll deleting local copy: MLSCP.dll deleting local copy: MLSCP.dll deleting local copy: mocms.dll deleting local copy: mocms.dll deleting local copy: mrmefilt.dll deleting local copy: mrmefilt.dll deleting local copy: MTSCP.dll deleting local copy: MTSCP.dll deleting local copy: muupgrd.dll deleting local copy: muupgrd.dll deleting local copy: mvdex.dll deleting local copy: mvdex.dll deleting local copy: mwdimap.dll deleting local copy: mwdimap.dll deleting local copy: mzuni11.dll deleting local copy: mzuni11.dll deleting local copy: ngtid.dll deleting local copy: ngtid.dll deleting local copy: nsrspl.dll deleting local copy: nsrspl.dll deleting local copy: obdbse32.dll deleting local copy: obdbse32.dll deleting local copy: obedlg.dll deleting local copy: obedlg.dll deleting local copy: oxbcbcp.dll deleting local copy: oxbcbcp.dll deleting local copy: tupmonui.dll deleting local copy: tupmonui.dll deleting local copy: vcpodbc.dll deleting local copy: vcpodbc.dll deleting local copy: wjpcd.dll deleting local copy: wjpcd.dll deleting local copy: wonfax.dll deleting local copy: wonfax.dll deleting local copy: guard.tmp deleting local copy: guard.tmp The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 The following are the files found: **************************************************************************** C:\WINDOWS\system32\antiveds.dll C:\WINDOWS\system32\antiveds.dll C:\WINDOWS\system32\bTtmeter.dll C:\WINDOWS\system32\bTtmeter.dll C:\WINDOWS\system32\cwdial32.dll C:\WINDOWS\system32\cwdial32.dll C:\WINDOWS\system32\czmsvcs.dll C:\WINDOWS\system32\czmsvcs.dll C:\WINDOWS\system32\dlound3d.dll C:\WINDOWS\system32\dlound3d.dll C:\WINDOWS\system32\domv2clt.dll C:\WINDOWS\system32\domv2clt.dll C:\WINDOWS\system32\dp8vb.dll C:\WINDOWS\system32\dp8vb.dll C:\WINDOWS\system32\hXl.dll C:\WINDOWS\system32\hXl.dll C:\WINDOWS\system32\ibrnonce.dll C:\WINDOWS\system32\ibrnonce.dll C:\WINDOWS\system32\iw50_qcx.dll C:\WINDOWS\system32\iw50_qcx.dll C:\WINDOWS\system32\jydw400.dll C:\WINDOWS\system32\jydw400.dll C:\WINDOWS\system32\kidur.dll C:\WINDOWS\system32\kidur.dll C:\WINDOWS\system32\kndgr1.dll C:\WINDOWS\system32\kndgr1.dll C:\WINDOWS\system32\lucalui.dll C:\WINDOWS\system32\lucalui.dll C:\WINDOWS\system32\mctvca.dll C:\WINDOWS\system32\mctvca.dll C:\WINDOWS\system32\merui.dll C:\WINDOWS\system32\merui.dll C:\WINDOWS\system32\mjupgrd.dll C:\WINDOWS\system32\mjupgrd.dll C:\WINDOWS\system32\mlorcl32.dll C:\WINDOWS\system32\mlorcl32.dll C:\WINDOWS\system32\MLSCP.dll C:\WINDOWS\system32\MLSCP.dll C:\WINDOWS\system32\mocms.dll C:\WINDOWS\system32\mocms.dll C:\WINDOWS\system32\mrmefilt.dll C:\WINDOWS\system32\mrmefilt.dll C:\WINDOWS\system32\MTSCP.dll C:\WINDOWS\system32\MTSCP.dll C:\WINDOWS\system32\muupgrd.dll C:\WINDOWS\system32\muupgrd.dll C:\WINDOWS\system32\mvdex.dll C:\WINDOWS\system32\mvdex.dll C:\WINDOWS\system32\mwdimap.dll C:\WINDOWS\system32\mwdimap.dll C:\WINDOWS\system32\mzuni11.dll C:\WINDOWS\system32\mzuni11.dll C:\WINDOWS\system32\ngtid.dll C:\WINDOWS\system32\ngtid.dll C:\WINDOWS\system32\nsrspl.dll C:\WINDOWS\system32\nsrspl.dll C:\WINDOWS\system32\obdbse32.dll C:\WINDOWS\system32\obdbse32.dll C:\WINDOWS\system32\obedlg.dll C:\WINDOWS\system32\obedlg.dll C:\WINDOWS\system32\oxbcbcp.dll C:\WINDOWS\system32\oxbcbcp.dll C:\WINDOWS\system32\tupmonui.dll C:\WINDOWS\system32\tupmonui.dll C:\WINDOWS\system32\vcpodbc.dll C:\WINDOWS\system32\vcpodbc.dll C:\WINDOWS\system32\wjpcd.dll C:\WINDOWS\system32\wjpcd.dll C:\WINDOWS\system32\wonfax.dll C:\WINDOWS\system32\wonfax.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{B0A6B703-0533-4EB2-8BFD-E8486474446E}"=- [-HKEY_CLASSES_ROOT\CLSID\{B0A6B703-0533-4EB2-8BFD-E8486474446E}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** ****************************************************************************

Premier rapport L2MFix : L2MFIX find log 1.04 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\antiveds.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{A95FABE3-7664-0594-196A-8C61C5338165}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1" "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter" "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"="CopyToCD shell extension" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension" "{B0A6B703-0533-4EB2-8BFD-E8486474446E}"="" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B0A6B703-0533-4EB2-8BFD-E8486474446E}] @="" [HKEY_CLASSES_ROOT\CLSID\{B0A6B703-0533-4EB2-8BFD-E8486474446E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B0A6B703-0533-4EB2-8BFD-E8486474446E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B0A6B703-0533-4EB2-8BFD-E8486474446E}\InprocServer32] @="C:\\WINDOWS\\system32\\mzuni11.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ antiveds.dll Thu 25 Aug 2005 15:50:18 ..S.R 417 792 408,00 K bttmeter.dll Fri 22 Jul 2005 0:30:12 ..S.R 417 792 408,00 K cwdial32.dll Thu 21 Jul 2005 23:16:42 ..S.R 417 792 408,00 K czmsvcs.dll Tue 12 Jul 2005 20:55:22 ..S.R 417 792 408,00 K dlound3d.dll Sat 23 Jul 2005 11:55:20 ..S.R 417 792 408,00 K domv2clt.dll Mon 11 Jul 2005 12:48:00 ..S.R 417 792 408,00 K dp8vb.dll Mon 11 Jul 2005 18:04:04 ..S.R 417 792 408,00 K hxl.dll Mon 25 Jul 2005 12:33:46 ..S.R 417 792 408,00 K ibrnonce.dll Thu 14 Jul 2005 21:09:16 ..S.R 417 792 408,00 K iw50_qcx.dll Mon 11 Jul 2005 18:04:54 ..S.R 417 792 408,00 K jydw400.dll Thu 25 Aug 2005 16:25:26 ..S.R 417 792 408,00 K kidur.dll Thu 14 Jul 2005 21:10:00 ..S.R 417 792 408,00 K kndgr1.dll Wed 24 Aug 2005 12:13:00 ..S.R 417 792 408,00 K lucalui.dll Thu 14 Jul 2005 21:10:16 ..S.R 417 792 408,00 K mctvca.dll Sun 17 Jul 2005 12:15:56 ..S.R 417 792 408,00 K merui.dll Tue 12 Jul 2005 0:31:12 ..S.R 417 792 408,00 K mjupgrd.dll Thu 14 Jul 2005 22:31:48 ..S.R 417 792 408,00 K mlorcl32.dll Sun 10 Jul 2005 17:33:20 ..S.R 417 792 408,00 K mlscp.dll Sun 10 Jul 2005 18:40:48 ..... 417 792 408,00 K mocms.dll Mon 11 Jul 2005 23:22:28 ..S.R 417 792 408,00 K mrmefilt.dll Mon 11 Jul 2005 23:03:32 ..S.R 417 792 408,00 K muupgrd.dll Mon 11 Jul 2005 23:22:18 ..S.R 417 792 408,00 K mvdex.dll Fri 22 Jul 2005 12:19:18 ..S.R 417 792 408,00 K mwdimap.dll Mon 11 Jul 2005 23:03:26 ..S.R 417 792 408,00 K mzuni11.dll Fri 26 Aug 2005 12:52:10 ..S.R 417 792 408,00 K ngtid.dll Thu 14 Jul 2005 22:31:56 ..S.R 417 792 408,00 K obdbse32.dll Thu 25 Aug 2005 12:07:40 ..S.R 417 792 408,00 K obedlg.dll Wed 3 Aug 2005 14:58:28 ..S.R 417 792 408,00 K oxbcbcp.dll Fri 15 Jul 2005 2:27:52 ..S.R 417 792 408,00 K sintf16.dll Tue 23 Aug 2005 19:56:04 A.... 12 067 11,78 K sintf32.dll Tue 23 Aug 2005 19:56:04 A.... 17 212 16,81 K sintfnt.dll Tue 23 Aug 2005 19:56:04 A.... 21 840 21,33 K tupmonui.dll Sat 23 Jul 2005 11:48:20 ..S.R 417 792 408,00 K vcpodbc.dll Wed 24 Aug 2005 17:51:18 ..S.R 417 792 408,00 K vsdata.dll Fri 3 Jun 2005 5:42:48 A.... 75 528 73,76 K vsinit.dll Fri 3 Jun 2005 5:43:00 A.... 124 680 121,76 K vsmonapi.dll Fri 3 Jun 2005 5:43:08 A.... 108 296 105,76 K vspubapi.dll Fri 3 Jun 2005 5:43:12 A.... 198 408 193,76 K vsregexp.dll Fri 3 Jun 2005 5:43:16 A.... 71 432 69,76 K vsutil.dll Fri 3 Jun 2005 5:43:30 A.... 354 056 345,76 K vsutil~1.dll Fri 3 Jun 2005 5:19:56 A.... 50 864 49,67 K vsxml.dll Fri 3 Jun 2005 5:43:42 A.... 100 096 97,75 K wjpcd.dll Wed 3 Aug 2005 14:53:06 ..S.R 417 792 408,00 K wonfax.dll Tue 23 Aug 2005 16:46:10 ..S.R 417 792 408,00 K zlcomm.dll Fri 3 Jun 2005 5:44:02 A.... 75 528 73,76 K zlcommdb.dll Fri 3 Jun 2005 5:44:06 A.... 67 336 65,76 K 46 items found: 46 files (32 H/S), 0 directories. Total of file sizes: 15 064 479 bytes 14,36 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Fri 26 Aug 2005 11:13:42 ..S.R 417 792 408,00 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 417 792 bytes 408,00 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 0461-557E R‚pertoire de C:\WINDOWS\System32 26/08/2005 12:52 417ÿ792 mzuni11.dll 26/08/2005 11:13 417ÿ792 guard.tmp 25/08/2005 16:25 417ÿ792 jydw400.dll 25/08/2005 15:50 417ÿ792 antiveds.dll 25/08/2005 12:07 417ÿ792 obdbse32.dll 24/08/2005 17:51 417ÿ792 vcpodbc.dll 24/08/2005 12:12 417ÿ792 kndgr1.dll 23/08/2005 16:46 417ÿ792 wonfax.dll 03/08/2005 14:58 417ÿ792 obedlg.dll 03/08/2005 14:53 417ÿ792 wjpcd.dll 25/07/2005 12:33 417ÿ792 hXl.dll 23/07/2005 11:55 417ÿ792 dlound3d.dll 23/07/2005 11:48 417ÿ792 tupmonui.dll 22/07/2005 12:19 417ÿ792 mvdex.dll 22/07/2005 00:30 417ÿ792 bTtmeter.dll 21/07/2005 23:16 417ÿ792 cwdial32.dll 17/07/2005 12:15 417ÿ792 mctvca.dll 15/07/2005 02:27 417ÿ792 oxbcbcp.dll 14/07/2005 22:31 417ÿ792 ngtid.dll 14/07/2005 22:31 417ÿ792 mjupgrd.dll 14/07/2005 21:10 417ÿ792 lucalui.dll 14/07/2005 21:09 417ÿ792 kidur.dll 14/07/2005 21:09 417ÿ792 ibrnonce.dll 12/07/2005 21:17 <REP> dllcache 12/07/2005 20:55 417ÿ792 czmsvcs.dll 12/07/2005 00:31 417ÿ792 merui.dll 11/07/2005 23:22 417ÿ792 mocms.dll 11/07/2005 23:22 417ÿ792 muupgrd.dll 11/07/2005 23:03 417ÿ792 mrmefilt.dll 11/07/2005 23:03 417ÿ792 mwdimap.dll 11/07/2005 18:04 417ÿ792 iw50_qcx.dll 11/07/2005 18:04 417ÿ792 dp8vb.dll 11/07/2005 12:47 417ÿ792 domv2clt.dll 10/07/2005 17:33 417ÿ792 mlorcl32.dll 15/01/2005 13:31 <REP> Microsoft 33 fichier(s) 13ÿ787ÿ136 octets 2 R‚p(s) 3ÿ811ÿ979ÿ264 octets libres

Voici mon rapport HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 12:46:48, on 26/08/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Lionheart\Mes documents\Logiciels\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\antiveds.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe