djedie7 | voici mon rapport l2mfix (le 2eme) car j en ai pas eu en utilisant l'option 1.
Code :
- L2Mfix 1.04a
- Running From:
- C:\Documents and Settings\djedie\Bureau\HijackThis\l2mfix
- RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
- Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
- This program is Freeware, use it on your own risk!
- Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
- (NI) ALLOW Full access AUTORITE NT\SYSTEM
- (IO) ALLOW Full access AUTORITE NT\SYSTEM
- (NI) ALLOW Full access AUTORITE NT\SYSTEM
- (IO) ALLOW Full access AUTORITE NT\SYSTEM
- (ID-NI) ALLOW Read BUILTIN\Utilisateurs
- (ID-IO) ALLOW Read BUILTIN\Utilisateurs
- (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
- (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
- (ID-NI) ALLOW Full access BUILTIN\Administrateurs
- (ID-IO) ALLOW Full access BUILTIN\Administrateurs
- (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
- (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
- (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
- Setting registry permissions:
- RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
- Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
- This program is Freeware, use it on your own risk!
- Denying C(CI) access for predefined group "Administrators"
- - adding new ACCESS DENY entry
- Registry Permissions set too:
- RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
- Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
- This program is Freeware, use it on your own risk!
- Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
- (CI) DENY --C------- BUILTIN\Administrateurs
- (NI) ALLOW Full access AUTORITE NT\SYSTEM
- (IO) ALLOW Full access AUTORITE NT\SYSTEM
- (NI) ALLOW Full access AUTORITE NT\SYSTEM
- (IO) ALLOW Full access AUTORITE NT\SYSTEM
- (ID-NI) ALLOW Read BUILTIN\Utilisateurs
- (ID-IO) ALLOW Read BUILTIN\Utilisateurs
- (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
- (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
- (ID-NI) ALLOW Full access BUILTIN\Administrateurs
- (ID-IO) ALLOW Full access BUILTIN\Administrateurs
- (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
- (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
- (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
- Setting up for Reboot
- Starting Reboot!
- Setting Directory
- C:\Documents and Settings\djedie\Bureau\HijackThis\l2mfix
- System Rebooted!
- Running From:
- C:\Documents and Settings\djedie\Bureau\HijackThis\l2mfix
- killing explorer and rundll32.exe
- Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
- Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
- Killing PID 1136 'explorer.exe'
- Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
- Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
- Killing PID 1336 'rundll32.exe'
- Killing PID 1440 'rundll32.exe'
- Scanning First Pass. Please Wait!
- First Pass Completed
- Second Pass Scanning
- Second pass Completed!
- Backing Up: C:\WINDOWS\system32\cLtsrvut.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\cnyptdll.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\dn2001fme.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\e6jmlg1116.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\gp80l3lm1.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\ifrdbg32.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\iisutil.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\j0j60a1sed.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\jtlu0739e.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\l42s0ef7eh2.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\lvls0937e.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\m682lglo16qc.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\mvr0l99m1.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\pclmon.dll
- 1 fichier(s) copi(s).
- Backing Up: C:\WINDOWS\system32\guard.tmp
- 1 fichier(s) copi(s).
- deleting: C:\WINDOWS\system32\cLtsrvut.dll
- Successfully Deleted: C:\WINDOWS\system32\cLtsrvut.dll
- deleting: C:\WINDOWS\system32\cnyptdll.dll
- Successfully Deleted: C:\WINDOWS\system32\cnyptdll.dll
- deleting: C:\WINDOWS\system32\dn2001fme.dll
- Successfully Deleted: C:\WINDOWS\system32\dn2001fme.dll
- deleting: C:\WINDOWS\system32\e6jmlg1116.dll
- Successfully Deleted: C:\WINDOWS\system32\e6jmlg1116.dll
- deleting: C:\WINDOWS\system32\gp80l3lm1.dll
- Successfully Deleted: C:\WINDOWS\system32\gp80l3lm1.dll
- deleting: C:\WINDOWS\system32\ifrdbg32.dll
- Successfully Deleted: C:\WINDOWS\system32\ifrdbg32.dll
- deleting: C:\WINDOWS\system32\iisutil.dll
- Successfully Deleted: C:\WINDOWS\system32\iisutil.dll
- deleting: C:\WINDOWS\system32\j0j60a1sed.dll
- Successfully Deleted: C:\WINDOWS\system32\j0j60a1sed.dll
- deleting: C:\WINDOWS\system32\jtlu0739e.dll
- Successfully Deleted: C:\WINDOWS\system32\jtlu0739e.dll
- deleting: C:\WINDOWS\system32\l42s0ef7eh2.dll
- Successfully Deleted: C:\WINDOWS\system32\l42s0ef7eh2.dll
- deleting: C:\WINDOWS\system32\lvls0937e.dll
- Successfully Deleted: C:\WINDOWS\system32\lvls0937e.dll
- deleting: C:\WINDOWS\system32\m682lglo16qc.dll
- Successfully Deleted: C:\WINDOWS\system32\m682lglo16qc.dll
- deleting: C:\WINDOWS\system32\mvr0l99m1.dll
- Successfully Deleted: C:\WINDOWS\system32\mvr0l99m1.dll
- deleting: C:\WINDOWS\system32\pclmon.dll
- Successfully Deleted: C:\WINDOWS\system32\pclmon.dll
- deleting: C:\WINDOWS\system32\guard.tmp
- Successfully Deleted: C:\WINDOWS\system32\guard.tmp
- Zipping up files for submission:
- adding: cLtsrvut.dll (164 bytes security) (deflated 5%)
- adding: cnyptdll.dll (164 bytes security) (deflated 5%)
- adding: dn2001fme.dll (164 bytes security) (deflated 4%)
- adding: e6jmlg1116.dll (164 bytes security) (deflated 5%)
- adding: gp80l3lm1.dll (164 bytes security) (deflated 5%)
- adding: ifrdbg32.dll (164 bytes security) (deflated 5%)
- adding: iisutil.dll (164 bytes security) (deflated 5%)
- adding: j0j60a1sed.dll (164 bytes security) (deflated 5%)
- adding: jtlu0739e.dll (164 bytes security) (deflated 5%)
- adding: l42s0ef7eh2.dll (164 bytes security) (deflated 5%)
- adding: lvls0937e.dll (164 bytes security) (deflated 5%)
- adding: m682lglo16qc.dll (164 bytes security) (deflated 4%)
- adding: mvr0l99m1.dll (164 bytes security) (deflated 5%)
- adding: pclmon.dll (164 bytes security) (deflated 5%)
- adding: guard.tmp (164 bytes security) (deflated 5%)
- adding: clear.reg (164 bytes security) (deflated 22%)
- adding: echo.reg (164 bytes security) (deflated 12%)
- adding: direct.txt (164 bytes security) (stored 0%)
- adding: lo2.txt (164 bytes security) (deflated 82%)
- adding: readme.txt (164 bytes security) (deflated 52%)
- adding: report.txt (164 bytes security) (deflated 65%)
- adding: test.txt (164 bytes security) (deflated 75%)
- adding: test2.txt (164 bytes security) (deflated 2%)
- adding: test3.txt (164 bytes security) (deflated 2%)
- adding: test5.txt (164 bytes security) (deflated 2%)
- adding: xfind.txt (164 bytes security) (deflated 68%)
- adding: backregs/3C5CA255-90A4-4227-B994-AAA964FCBD3B.reg (164 bytes security) (deflated 70%)
- adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
- adding: backregs/shell.reg (164 bytes security) (deflated 73%)
- Restoring Registry Permissions:
- RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
- Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
- This program is Freeware, use it on your own risk!
- Revoking access for predefined group "Administrators"
- Inherited ACE can not be revoked here!
- Inherited ACE can not be revoked here!
- Registry permissions set too:
- RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
- Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
- This program is Freeware, use it on your own risk!
- Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
- (NI) ALLOW Full access AUTORITE NT\SYSTEM
- (IO) ALLOW Full access AUTORITE NT\SYSTEM
- (NI) ALLOW Full access AUTORITE NT\SYSTEM
- (IO) ALLOW Full access AUTORITE NT\SYSTEM
- (ID-NI) ALLOW Read BUILTIN\Utilisateurs
- (ID-IO) ALLOW Read BUILTIN\Utilisateurs
- (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
- (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
- (ID-NI) ALLOW Full access BUILTIN\Administrateurs
- (ID-IO) ALLOW Full access BUILTIN\Administrateurs
- (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
- (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
- (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
- Restoring Sedebugprivilege:
- Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
- Restoring Windows Update Certificates.:
- deleting local copy: cLtsrvut.dll
- deleting local copy: cnyptdll.dll
- deleting local copy: dn2001fme.dll
- deleting local copy: e6jmlg1116.dll
- deleting local copy: gp80l3lm1.dll
- deleting local copy: ifrdbg32.dll
- deleting local copy: iisutil.dll
- deleting local copy: j0j60a1sed.dll
- deleting local copy: jtlu0739e.dll
- deleting local copy: l42s0ef7eh2.dll
- deleting local copy: lvls0937e.dll
- deleting local copy: m682lglo16qc.dll
- deleting local copy: mvr0l99m1.dll
- deleting local copy: pclmon.dll
- deleting local copy: guard.tmp
- The following Is the Current Export of the Winlogon notify key:
- ****************************************************************************
- Windows Registry Editor Version 5.00
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
- "DLLName"="Ati2evxx.dll"
- "Asynchronous"=dword:00000000
- "Impersonate"=dword:00000001
- "Lock"="AtiLockEvent"
- "Logoff"="AtiLogoffEvent"
- "Logon"="AtiLogonEvent"
- "Disconnect"="AtiDisConnectEvent"
- "Reconnect"="AtiReConnectEvent"
- "Safe"=dword:00000000
- "Shutdown"="AtiShutdownEvent"
- "StartScreenSaver"="AtiStartScreenSaverEvent"
- "StartShell"="AtiStartShellEvent"
- "Startup"="AtiStartupEvent"
- "StopScreenSaver"="AtiStopScreenSaverEvent"
- "Unlock"="AtiUnLockEvent"
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
- "Asynchronous"=dword:00000000
- "Impersonate"=dword:00000000
- "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
- 6c,00,00,00
- "Logoff"="ChainWlxLogoffEvent"
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
- "Asynchronous"=dword:00000000
- "Impersonate"=dword:00000000
- "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
- 6c,00,6c,00,00,00
- "Logoff"="CryptnetWlxLogoffEvent"
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
- "DLLName"="cscdll.dll"
- "Logon"="WinlogonLogonEvent"
- "Logoff"="WinlogonLogoffEvent"
- "ScreenSaver"="WinlogonScreenSaverEvent"
- "Startup"="WinlogonStartupEvent"
- "Shutdown"="WinlogonShutdownEvent"
- "StartShell"="WinlogonStartShellEvent"
- "Impersonate"=dword:00000000
- "Asynchronous"=dword:00000001
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
- "DLLName"="wlnotify.dll"
- "Logon"="SCardStartCertProp"
- "Logoff"="SCardStopCertProp"
- "Lock"="SCardSuspendCertProp"
- "Unlock"="SCardResumeCertProp"
- "Enabled"=dword:00000001
- "Impersonate"=dword:00000001
- "Asynchronous"=dword:00000001
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
- "Asynchronous"=dword:00000000
- "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
- 6c,00,6c,00,00,00
- "Impersonate"=dword:00000000
- "StartShell"="SchedStartShell"
- "Logoff"="SchedEventLogOff"
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
- "Logoff"="WLEventLogoff"
- "Impersonate"=dword:00000000
- "Asynchronous"=dword:00000001
- "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
- 6c,00,6c,00,00,00
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
- "DLLName"="WlNotify.dll"
- "Lock"="SensLockEvent"
- "Logon"="SensLogonEvent"
- "Logoff"="SensLogoffEvent"
- "Safe"=dword:00000001
- "MaxWait"=dword:00000258
- "StartScreenSaver"="SensStartScreenSaverEvent"
- "StopScreenSaver"="SensStopScreenSaverEvent"
- "Startup"="SensStartupEvent"
- "Shutdown"="SensShutdownEvent"
- "StartShell"="SensStartShellEvent"
- "PostShell"="SensPostShellEvent"
- "Disconnect"="SensDisconnectEvent"
- "Reconnect"="SensReconnectEvent"
- "Unlock"="SensUnlockEvent"
- "Impersonate"=dword:00000001
- "Asynchronous"=dword:00000001
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
- "Asynchronous"=dword:00000000
- "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
- 6c,00,6c,00,00,00
- "Impersonate"=dword:00000000
- "Logoff"="TSEventLogoff"
- "Logon"="TSEventLogon"
- "PostShell"="TSEventPostShell"
- "Shutdown"="TSEventShutdown"
- "StartShell"="TSEventStartShell"
- "Startup"="TSEventStartup"
- "MaxWait"=dword:00000258
- "Reconnect"="TSEventReconnect"
- "Disconnect"="TSEventDisconnect"
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
- "DLLName"="wlnotify.dll"
- "Logon"="RegisterTicketExpiredNotificationEvent"
- "Logoff"="UnregisterTicketExpiredNotificationEvent"
- "Impersonate"=dword:00000001
- "Asynchronous"=dword:00000001
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
- "DLLName"="wzcdlg.dll"
- "Logon"="WZCEventLogon"
- "Logoff"="WZCEventLogoff"
- "Impersonate"=dword:00000000
- "Asynchronous"=dword:00000000
- The following are the files found:
- ****************************************************************************
- C:\WINDOWS\system32\cLtsrvut.dll
- C:\WINDOWS\system32\cnyptdll.dll
- C:\WINDOWS\system32\dn2001fme.dll
- C:\WINDOWS\system32\e6jmlg1116.dll
- C:\WINDOWS\system32\gp80l3lm1.dll
- C:\WINDOWS\system32\ifrdbg32.dll
- C:\WINDOWS\system32\iisutil.dll
- C:\WINDOWS\system32\j0j60a1sed.dll
- C:\WINDOWS\system32\jtlu0739e.dll
- C:\WINDOWS\system32\l42s0ef7eh2.dll
- C:\WINDOWS\system32\lvls0937e.dll
- C:\WINDOWS\system32\m682lglo16qc.dll
- C:\WINDOWS\system32\mvr0l99m1.dll
- C:\WINDOWS\system32\pclmon.dll
- C:\WINDOWS\system32\guard.tmp
- Registry Entries that were Deleted:
- Please verify that the listing looks ok.
- If there was something deleted wrongly there are backups in the backreg folder.
- ****************************************************************************
- REGEDIT4
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
- "{3C5CA255-90A4-4227-B994-AAA964FCBD3B}"=-
- [-HKEY_CLASSES_ROOT\CLSID\{3C5CA255-90A4-4227-B994-AAA964FCBD3B}]
- REGEDIT4
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
- "SV1"=""
- ****************************************************************************
- Desktop.ini Contents:
- ****************************************************************************
- ****************************************************************************
|
et le nouveau rapport Hijack :
Code :
- Logfile of HijackThis v1.99.1
- Scan saved at 16:56:17, on 1/11/2005
- Platform: Windows XP SP1 (WinNT 5.01.2600)
- MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
- Running processes:
- C:\WINDOWS\System32\smss.exe
- C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\services.exe
- C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\System32\Ati2evxx.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\System32\svchost.exe
- C:\WINDOWS\system32\spoolsv.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
- C:\WINDOWS\System32\ctfmon.exe
- C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
- C:\clavier\Clavier.exe
- C:\Program Files\eMule\emule.exe
- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
- C:\Program Files\Alwil Software\Avast4\ashServ.exe
- C:\yzdock\YzDock.exe
- C:\WINDOWS\System32\svchost.exe
- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- C:\Program Files\Mozilla Firefox\firefox.exe
- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
- C:\Program Files\Webteh\BSplayer\bsplayer.exe
- C:\WINDOWS\explorer.exe
- C:\Program Files\Notepad++\notepad++.exe
- C:\Documents and Settings\djedie\Bureau\HijackThis\HijackThis.exe
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
- R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
- O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
- O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
- O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
- O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
- O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
- O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
- O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
- O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
- O4 - HKCU\..\Run: [Clavier+] C:\clavier\Clavier.exe
- O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
- O4 - Startup: YzDock.lnk = C:\yzdock\YzDock.exe
- O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
- O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
- O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
- O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
- O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
- O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
- O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
- O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
- O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
- O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
- O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
- O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6747254828
- O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
- O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
- O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
- O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
- O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
- O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
- O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
- O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
- O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
- O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
- O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
- O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
- O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
Si quelqu'un peut m'aider ... |