503 Service Unavailable

[stigma]

Bonjour,

Hier j'ai été infecté par un trojan dont je me suis débarassé avec AVG, A2, Spybot et Ad-Aware ouf!

Mais depuis, je ne peux accéder à certaines pages Free (mes sites) alors que j'y accède sans problème à partir de mes 3 autres PC (réseau local Freebox - Hub).

C'est la première fois que j'utilsie HiJUackThis. Je mets mon rapport ici :

Logfile of HijackThis v1.99.1

Scan saved at 14:11:33, on 25/02/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Compaq\Easy Access Keyboard\nhksrv.exe

C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINNT\system32\drivers\CDAC11BA.EXE

C:\WINNT\system32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\runservice.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

C:\WINNT\PMJ151LA.BIN

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\rundll32.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\Explorer.EXE

C:\WINNT\SOUNDMAN.EXE

C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

G:\musique\SoundCanvas3\vsc32cnf.exe

G:\musique\SoundCanvas3\vscvol.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)

O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EASY ACCESS KEYBOARD] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [vsc32cnf.exe] g:\musique\SoundCanvas3\vsc32cnf.exe

O4 - HKLM\..\Run: [vscvol.exe] g:\musique\SoundCanvas3\vscvol.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] C:\WINNT\system32\0106.exe

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe

O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames11.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - Startup: Raccourci vers Cookies Manager.exe.lnk = C:\Documents and Settings\alain\Cookies Manager.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Browster Prefetch On/Off - res://C:\PROGRA~1\Browster\Browster.dll/CustomPrefetchMenu.htm

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Chercher dans le TLF - g:\ATILF-TLFI\tlfi\pg\hn.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Expliquer le mot - g:\ATILF-TLFI\tlfi\pg\hnexplain.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O17 - HKLM\System\CCS\Services\Tcpip\..\{73210B3B-EB69-4895-B54E-04BAF7F3434E}: NameServer = 212.27.53.252,212.27.54.252

O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll

O20 - Winlogon Notify: mp3w - C:\WINNT\security\mp3w.dll (file missing)

O20 - Winlogon Notify: Uninstall - C:\WINNT\system32\mv62l9jo1.dll

O20 - Winlogon Notify: urldoc - C:\WINNT\inf\urldoc.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Compaq\Easy Access Keyboard\nhksrv.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINNT\PMJ151LA.BIN

 

Suis-je infecté ?

Merci d'avance

[tornado]

Salut stigmat,

 

 

Suis-je infecté ?

 

Oui tu l'es :

 

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] C:\WINNT\system32\0106.exe

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe

O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames11.exe

 

 

Applique la procédure suivante avant toute chose --> http://forum.zebulon.fr/index.php?showtopic=83986

 

Et poste ensuite un nouveau rapport hijackthis

 

 

 

A+

[stigma]

ça y est, du coup j'ai gardé Antivir à la place de AVG

Logfile of HijackThis v1.99.1

Scan saved at 18:42:14, on 25/02/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Compaq\Easy Access Keyboard\nhksrv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

C:\WINNT\system32\drivers\CDAC11BA.EXE

C:\WINNT\system32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\runservice.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

C:\WINNT\PMJ151LA.BIN

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\rundll32.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\Explorer.EXE

C:\WINNT\SOUNDMAN.EXE

C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

G:\musique\SoundCanvas3\vsc32cnf.exe

G:\musique\SoundCanvas3\vscvol.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)

O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EASY ACCESS KEYBOARD] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [vsc32cnf.exe] g:\musique\SoundCanvas3\vsc32cnf.exe

O4 - HKLM\..\Run: [vscvol.exe] g:\musique\SoundCanvas3\vscvol.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] C:\WINNT\system32\0106.exe

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe

O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames11.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - Startup: Raccourci vers Cookies Manager.exe.lnk = C:\Documents and Settings\alain\Cookies Manager.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Browster Prefetch On/Off - res://C:\PROGRA~1\Browster\Browster.dll/CustomPrefetchMenu.htm

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Chercher dans le TLF - g:\ATILF-TLFI\tlfi\pg\hn.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Expliquer le mot - g:\ATILF-TLFI\tlfi\pg\hnexplain.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll

O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\fp6403jqe.dll

O20 - Winlogon Notify: mp3w - C:\WINNT\security\mp3w.dll (file missing)

O20 - Winlogon Notify: urldoc - C:\WINNT\inf\urldoc.dll (file missing)

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Compaq\Easy Access Keyboard\nhksrv.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINNT\PMJ151LA.BIN

 

Diagnostic ?

Merci

[tornado]

Re,

 

O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\fp6403jqe.dll

 

Bizarre cette ligne . On dirait Look2me ... reste à confirmer.

On va utiliser un outil pour s'en débarasser : Lm2fix

 

 

 

Télécharge L2mfix (de Shadowwar) de l'un de ces liens :

http://www.atribune.org/downloads/l2mfix.exe

http://www.downloads.subratam.org/l2mfix.exe

 

Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt") dans ta prochaine réponse.

 

IMPORTANT : NE PAS lancer l'option #2 OU autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller !

 

Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe

C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Attend la confirmation d'un conseiller en sécurité avant d'appliquer tout ça

Modifié le 25 février 2006 par tornado

[bibi26]

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] C:\WINNT\system32\0106.exe

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe

O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames11.exe

 

Puis-je te poser une question ? En quoi c'est lignes sont mauvaises ? Ok, la premiere sa se voit, mais les 2 autres pourquoi ?

[stigma]

voilà chef :

L2MFIX find log 010406

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mp3w]

"Asynchronous"=dword:00000001

"DllName"="C:\\WINNT\\security\\mp3w.dll"

"Impersonate"=dword:00000000

"Startup"="SysLogon"

"Logoff"="SysLogoff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOSOptions]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINNT\\system32\\enrul1991.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urldoc]

"Asynchronous"=dword:00000001

"DllName"="C:\\WINNT\\inf\\urldoc.dll"

"Impersonate"=dword:00000000

"Startup"="SysLogon"

"Logoff"="SysLogoff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

"DLLName"="wzcdlg.dll"

"Logon"="WZCEventLogon"

"Logoff"="WZCEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000000

 

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{E3255C00-93E3-E54C-5EE1-9FA875F6DDCC}"=""

 

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"

"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"

"{41E300E0-78B6-11ce-849B-444553540000}"="Extension du Panneau de configuration PlusPack"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'interpr‚teur de commandes"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour les objets Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'interpr‚teur de commandes pour la compression de fichiers"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension du shell d'imprimante Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau et accŠs … distance"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"

"{1A9BA3A0-143A-11CF-8350-444553540000}"="Dossier favori du shell"

"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="Poste de travail"

"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Porte-documents"

"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Raccourci vers le dossier"

"{12518493-00B2-11d2-9FA5-9E3420524153}"="Volume mont‚"

"{21B22460-3AEA-1069-A2DC-08002B30309D}"="Extension de la page de propri‚t‚s des fichiers"

"{B091E540-83E3-11CF-A713-0020AFD79762}"="Page des types de fichiers"

"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Gestionnaire des types de fichiers MIME"

"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Service Copier vers Microsoft"

"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Service D‚placer vers Microsoft"

"{13709620-C279-11CE-A49E-444553540000}"="Service d'automatisation de l'interface"

"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"

"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menu D‚marrer"

"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Service SendTo Microsoft"

"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Service Nouvel objet Microsoft"

"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Ouvrir avec le gestionnaire de menu contextuel"

"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Afficher les extensions HTML du Panneau de configuration"

"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"

"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Extension de la page de propri‚t‚s des options des dossiers"

"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"

"{4657278A-411B-11d2-839A-00C04FD918D0}"="Application d'aide du systŠme pour le glisser-d‚placer"

"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Ajouter l'‚l‚ment de cryptage dans les menus contextuels de l'Explorateur"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement"

"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Dossier Bureau"

"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Bande de menus"

"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Suivi du menu Shell"

"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"

"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Barre du Bureau"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"

"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"

"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Image miniature"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures"

"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="Extracteur de miniatures HTML"

"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Extracteur de miniatures des filtres graphiques Office"

"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"

"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'application du shell"

"{0B124F8C-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"

"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menu Fichiers hors connexion"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Options du dossier Fichiers hors connexion"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{1E2CDF40-419B-11D2-A5A1-002018648BA7}"="AVG Shell Extension"

"{e0d79300-84be-11ce-9641-444553540000}"="WinZip"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."

"{01060040-070D-11D3-B35B-00805F010AA5}"="SBoxLight.ShPropSheet"

"{01061038-070D-11D3-B35B-00805F010AA5}"="SBoxLight.ShDropIco"

"{01060010-070D-11D3-B35B-00805F010AA5}"="SBoxLight.ShCtxMnu"

"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"

"{07A94BB3-67F0-11D3-B3B7-0080C7C7CE9C}"="CtxMenu"

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"

"{D3796116-94D3-4009-96D7-51578411CC7D}"="Outpost Shell Extension"

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"

"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"

"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"

"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"

"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"

"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{EBDF1F20-C829-11D1-8233-0020AF3E97A6}"="ATS Context Menu Shell Extension"

"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}"="eLicense Control"

"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"

"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"

"{DE8A531D-E345-4279-8AA4-8BCD66EA6171}"=""

"{67E17939-05AD-4CFE-805B-0A99294CCBF3}"=""

"{7B421513-664D-4604-92C6-549BC2334960}"=""

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"

 

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{DE8A531D-E345-4279-8AA4-8BCD66EA6171}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DE8A531D-E345-4279-8AA4-8BCD66EA6171}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DE8A531D-E345-4279-8AA4-8BCD66EA6171}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DE8A531D-E345-4279-8AA4-8BCD66EA6171}\InprocServer32]

@="C:\\WINNT\\system32\\tvpmonui.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{67E17939-05AD-4CFE-805B-0A99294CCBF3}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{67E17939-05AD-4CFE-805B-0A99294CCBF3}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{67E17939-05AD-4CFE-805B-0A99294CCBF3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{67E17939-05AD-4CFE-805B-0A99294CCBF3}\InprocServer32]

@="C:\\WINNT\\system32\\mvconf.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{7B421513-664D-4604-92C6-549BC2334960}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7B421513-664D-4604-92C6-549BC2334960}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7B421513-664D-4604-92C6-549BC2334960}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7B421513-664D-4604-92C6-549BC2334960}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

**********************************************************************************

Files Found are not all bad files:

 

C:\WINNT\SYSTEM32\

avsda.dll Wed 18 Jan 2006 13:06:02 A.... 57 344 56,00 K

cmdlin~1.dll Fri 24 Feb 2006 18:21:28 A.... 98 304 96,00 K

dbdskres.dll Sat 25 Feb 2006 17:03:06 ..S.R 236 713 231,16 K

dbiman32.dll Fri 24 Feb 2006 21:52:40 ..S.R 236 047 230,51 K

enrul1~1.dll Sat 25 Feb 2006 18:22:54 ..S.R 236 713 231,16 K

fwtls432.dll Sat 25 Feb 2006 17:17:40 ..S.R 236 823 231,27 K

gdi32.dll Fri 30 Dec 2005 17:16:12 A.... 233 744 228,27 K

hwicons.dll Sat 25 Feb 2006 16:43:10 ..S.R 235 563 230,04 K

kt6ml7~1.dll Sun 26 Feb 2006 8:48:52 ..S.R 236 823 231,27 K

legitc~1.dll Tue 14 Feb 2006 9:20:14 A.... 550 120 537,23 K

mac40loc.dll Sat 25 Feb 2006 8:15:44 ..S.R 234 306 228,81 K

mriole32.dll Sat 25 Feb 2006 11:37:24 ..S.R 235 693 230,17 K

mvconf.dll Sat 25 Feb 2006 14:31:52 ..S.R 235 563 230,04 K

tvpmonui.dll Sun 26 Feb 2006 8:49:34 ..S.R 236 713 231,16 K

wmfhot~1.dll Sat 31 Dec 2005 22:57:44 A.... 3 072 3,00 K

wmp.dll Mon 19 Dec 2005 19:30:46 A.... 4 730 880 4,51 M

 

16 items found: 16 files (10 H/S), 0 directories.

Total of file sizes: 8 034 421 bytes 7,66 M

Locate .tmp files:

 

No matches found.

**********************************************************************************

Directory Listing of system files:

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 57AA-D611

 

R‚pertoire de C:\WINNT\System32

 

26/02/2006 08:49 236ÿ713 tvpmonui.dll

26/02/2006 08:49 825 mmf.sys

26/02/2006 08:48 236ÿ823 kt6ml7j11.dll

25/02/2006 18:22 236ÿ713 enrul1991.dll

25/02/2006 17:17 236ÿ823 FWTLS432.DLL

25/02/2006 17:03 236ÿ713 dbdskres.dll

25/02/2006 16:43 235ÿ563 HWICONS.DLL

25/02/2006 14:31 235ÿ563 mvconf.dll

25/02/2006 11:37 235ÿ693 mriole32.dll

25/02/2006 08:15 234ÿ306 mac40loc.dll

24/02/2006 21:52 236ÿ047 dbiman32.dll

15/02/2006 07:24 <DIR> dllcache

11 fichier(s) 2ÿ361ÿ782 octets

1 R‚p(s) 2ÿ914ÿ320ÿ384 octets libres

[tornado]

Salut stigma,

 

Maintenant, passe à l'option 2 de Lm2fix :

 

Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.

 

Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.

 

IMPORTANT: NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller ! Ne pas lancer cet outil en mode Sans Échec !!

**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt") situé dans le dossier "l2mfix".

Modifié le 26 février 2006 par tornado

[ipl_001]

Bonjour bibi26, stigma, tornado, bonjour à tous,

 

Bien vu, tornado !

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] C:\WINNT\system32\0106.exe

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe

O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames11.exe

 

Puis-je te poser une question ? En quoi c'est lignes sont mauvaises ? Ok, la premiere sa se voit, mais les 2 autres pourquoi ?

- winsysupd11.exe est impliqué dans "Adware.Dollarrevenue" et est signalé par PREVX :

This program has a file name of WINSYSUPD11.EXE. It has a file size of 63,696 bytes and is found in the folder [%WINDIR%\]

(source : http://virusinfo.prevx.com/pxparall.asp?PXC=a9b413434302 )

 

- "gimmygames11.exe" a un nom qui dénote son objet... un jeu n'est pas en soi automatiquement dangereux mais selon le "principe de précaution" (je parle comme les politiciens), vu l'infection, il est à considérer comme néfaste.

Il est impliqué dans le même "Adware.Dollarrevenue" :

This program has a file name of GIMMYGAMES11.EXE. It has a file size of 104,684 bytes and is found in the folder [%WINDIR%\].

(source : http://virusinfo.prevx.com/pxparall.asp?PXC=6dbb13434303 )

[tornado]

Salut ipl001,

 

 

En fait je ne connaissais pas leur dénomination, mais en ce moment, ces malwares sont de plus en plus la cause d'infections...

 

Très intéressant ce site --> http://virusinfo.prevx.com/

 

Allez je le mets dans les favoris

 

 

 

Sinon, c'est bien la ligne 20 du rapport qui indique la présence de Look2me ?

 

Merci d'avance

Modifié le 26 février 2006 par tornado

[stigma]

Option 2 :

L2mfix 010406

Creating Account.

La commande s'est termin‚e correctement.

 

 

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

 

Running From:

C:\WINNT\system32

 

Killing Processes!

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 176 'smss.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 228 'winlogon.exe'

Killing PID 228 'winlogon.exe'

Error 0x5 : Accès refusé.

 

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1416 'explorer.exe'

Killing PID 1416 'explorer.exe'

Error 0x5 : Accès refusé.

 

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1248 'rundll32.exe'

Killing PID 1248 'rundll32.exe'

Error 0x5 : Accès refusé.

 

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrateurs ... successful

 

Scanning First Pass. Please Wait!

 

First Pass Completed

 

Second Pass Scanning

 

Second pass Completed!

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

Deleting: C:\WINNT\system32\dbdskres.dll

Successfully Deleted: C:\WINNT\system32\dbdskres.dll

Deleting: C:\WINNT\system32\dbiman32.dll

Successfully Deleted: C:\WINNT\system32\dbiman32.dll

Deleting: C:\WINNT\system32\enrul1991.dll

Successfully Deleted: C:\WINNT\system32\enrul1991.dll

Deleting: C:\WINNT\system32\FWTLS432.DLL

Successfully Deleted: C:\WINNT\system32\FWTLS432.DLL

Deleting: C:\WINNT\system32\HWICONS.DLL

Successfully Deleted: C:\WINNT\system32\HWICONS.DLL

Deleting: C:\WINNT\system32\kt6ml7j11.dll

Successfully Deleted: C:\WINNT\system32\kt6ml7j11.dll

Deleting: C:\WINNT\system32\mac40loc.dll

Successfully Deleted: C:\WINNT\system32\mac40loc.dll

Deleting: C:\WINNT\system32\mriole32.dll

Successfully Deleted: C:\WINNT\system32\mriole32.dll

Deleting: C:\WINNT\system32\mvconf.dll

Successfully Deleted: C:\WINNT\system32\mvconf.dll

Deleting: C:\WINNT\system32\tvpmonui.dll

Successfully Deleted: C:\WINNT\system32\tvpmonui.dll

 

msg11?.dll

0 fichier(s) copi‚(s).

 

 

 

Restoring Windows Update Certificates.:

 

The following Is the Current Export of the Winlogon notify key:

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mp3w]

"Asynchronous"=dword:00000001

"DllName"="C:\\WINNT\\security\\mp3w.dll"

"Impersonate"=dword:00000000

"Startup"="SysLogon"

"Logoff"="SysLogoff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOSOptions]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINNT\\system32\\enrul1991.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urldoc]

"Asynchronous"=dword:00000001

"DllName"="C:\\WINNT\\inf\\urldoc.dll"

"Impersonate"=dword:00000000

"Startup"="SysLogon"

"Logoff"="SysLogoff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

"DLLName"="wzcdlg.dll"

"Logon"="WZCEventLogon"

"Logoff"="WZCEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000000

 

 

The following are the files found:

****************************************************************************

C:\WINNT\system32\dbdskres.dll

C:\WINNT\system32\dbiman32.dll

C:\WINNT\system32\enrul1991.dll

C:\WINNT\system32\FWTLS432.DLL

C:\WINNT\system32\HWICONS.DLL

C:\WINNT\system32\kt6ml7j11.dll

C:\WINNT\system32\mac40loc.dll

C:\WINNT\system32\mriole32.dll

C:\WINNT\system32\mvconf.dll

C:\WINNT\system32\tvpmonui.dll

 

Registry Entries that were Deleted:

Please verify that the listing looks ok.

If there was something deleted wrongly there are backups in the backreg folder.

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{DE8A531D-E345-4279-8AA4-8BCD66EA6171}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DE8A531D-E345-4279-8AA4-8BCD66EA6171}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DE8A531D-E345-4279-8AA4-8BCD66EA6171}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DE8A531D-E345-4279-8AA4-8BCD66EA6171}\InprocServer32]

@="C:\\WINNT\\system32\\tvpmonui.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{67E17939-05AD-4CFE-805B-0A99294CCBF3}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{67E17939-05AD-4CFE-805B-0A99294CCBF3}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{67E17939-05AD-4CFE-805B-0A99294CCBF3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{67E17939-05AD-4CFE-805B-0A99294CCBF3}\InprocServer32]

@="C:\\WINNT\\system32\\mvconf.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{7B421513-664D-4604-92C6-549BC2334960}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7B421513-664D-4604-92C6-549BC2334960}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7B421513-664D-4604-92C6-549BC2334960}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7B421513-664D-4604-92C6-549BC2334960}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{DE8A531D-E345-4279-8AA4-8BCD66EA6171}"=-

"{67E17939-05AD-4CFE-805B-0A99294CCBF3}"=-

"{7B421513-664D-4604-92C6-549BC2334960}"=-

[-HKEY_CLASSES_ROOT\CLSID\{DE8A531D-E345-4279-8AA4-8BCD66EA6171}]

[-HKEY_CLASSES_ROOT\CLSID\{67E17939-05AD-4CFE-805B-0A99294CCBF3}]

[-HKEY_CLASSES_ROOT\CLSID\{7B421513-664D-4604-92C6-549BC2334960}]

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

****************************************************************************

Desktop.ini Contents:

****************************************************************************

****************************************************************************

Checking for L2MFix account(0=no 1=yes):

0

Zipping up files for submission:

adding: dlls/dbdskres.dll (92 bytes security) (deflated 5%)

adding: dlls/dbiman32.dll (92 bytes security) (deflated 5%)

adding: dlls/enrul1991.dll (92 bytes security) (deflated 5%)

adding: dlls/FWTLS432.DLL (92 bytes security) (deflated 5%)

adding: dlls/HWICONS.DLL (92 bytes security) (deflated 5%)

adding: dlls/kt6ml7j11.dll (92 bytes security) (deflated 5%)

adding: dlls/mac40loc.dll (92 bytes security) (deflated 4%)

adding: dlls/mriole32.dll (92 bytes security) (deflated 5%)

adding: dlls/mvconf.dll (92 bytes security) (deflated 5%)

adding: dlls/tvpmonui.dll (92 bytes security) (deflated 5%)

adding: backregs/67E17939-05AD-4CFE-805B-0A99294CCBF3.reg (92 bytes security) (deflated 70%)

adding: backregs/7B421513-664D-4604-92C6-549BC2334960.reg (92 bytes security) (deflated 70%)

adding: backregs/DE8A531D-E345-4279-8AA4-8BCD66EA6171.reg (92 bytes security) (deflated 70%)

adding: backregs/notibac.reg (92 bytes security) (deflated 87%)

adding: backregs/shell.reg (92 bytes security) (deflated 74%)

Dans le genre lien interressant, je suis tombé là