Pop up!

Résolu/Fermé
jacko - 1 août 2005 à 12:07
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 - 7 août 2005 à 17:01
bonjour, je suis equipé de kaspersky antivirus, pare feu windows, google tool bar, et bloquer de fenetre (inclus avec XP).
mais depuis peu de temps jai plusieurs fenetre IE qui souvre avec de la pub! il y en a entre 5 et 10 a chaque fois! je ne les vois pas dans la barre des taches, c'est lorsque je reduit mes applications que je les voit sur le bureau!

comment les supprimer?
merci

jai passer un SPYBOT mais c acontinue toujours!
A voir également:

32 réponses

(dsl)

ca fait pareil :(
0
Utilisateur anonyme
7 août 2005 à 15:11
slt
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:

D:\WINDOWS\system32\mautb.dll

- clic sur la croix rouge
- une fenetre va apparaitre pour confirmation clic sur YES
- une seconde fenetre te demande si tu veux redemarrer clic sur YES

Laisse le pc redemarrer
et après reposte un log hijackthis.

A+
0
je dois vraiment etre nul... lol
quand je valide pr redemarrer il me met un msg derreur:
pending file rename operations registry data has been removed by external process

ca redemarre pas et il est tj dan le log.

remyremy@hotmail.com (si tu as msn c plu facile^^)
0
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 329
7 août 2005 à 16:25
tu as redemarrer manuellement
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
oui, tj pareil
0
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 329
7 août 2005 à 16:35
peuteter une vx2
fait ceci
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2

met le rapport et aussi essaie de suppr a nouveau la dll si elle est toujours dans hijack
0
c bon ca a marcher!

Logfile of HijackThis v1.99.1
Scan saved at 16:45:05, on 07/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\a2\a2guard.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\J@v0\Mes documents\Ma musique\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAV Blacklist Killer] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\KAV Blacklist Killer.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [a-squared] "D:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116074835816
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe




pour l'instant jai plus de pub et il nest plus ds le rapport!
je remettrais un message ici pour confirmer si jai plus de pub! ;-)

merci merci beaucoup A TOUS c'est super sympa d'aider les debutants comme moi! merci encore!
0
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 329
7 août 2005 à 16:49
l2mfix a du te faire un rapport j aurais bien aimer le voir
pour etude lol
0
accroche toi c long ;)


L2Mfix 1.03a

Running From:
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting up for Reboot


Starting Reboot!

D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
System Rebooted!

Running From:
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1736 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1844 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: D:\WINDOWS\system32\cagmgr32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cagmgr32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cqrtcli.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cqrtcli.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cxmres.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cxmres.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\dcvxdec_0407.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\dcvxdec_0407.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ddvoice.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ddvoice.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\marapi.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\marapi.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mautb.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mautb.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mgc40u.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mgc40u.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mpsystem.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mpsystem.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\muimsg.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\muimsg.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mxaudite.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mxaudite.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ovmanage.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ovmanage.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\sacur32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\sacur32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wips.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wips.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wqhbth.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wqhbth.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\xwsp1res.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\xwsp1res.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: D:\WINDOWS\system32\cagmgr32.dll
Successfully Deleted: D:\WINDOWS\system32\cagmgr32.dll
deleting: D:\WINDOWS\system32\cagmgr32.dll
Successfully Deleted: D:\WINDOWS\system32\cagmgr32.dll
deleting: D:\WINDOWS\system32\cqrtcli.dll
Successfully Deleted: D:\WINDOWS\system32\cqrtcli.dll
deleting: D:\WINDOWS\system32\cqrtcli.dll
Successfully Deleted: D:\WINDOWS\system32\cqrtcli.dll
deleting: D:\WINDOWS\system32\cxmres.dll
Successfully Deleted: D:\WINDOWS\system32\cxmres.dll
deleting: D:\WINDOWS\system32\cxmres.dll
Successfully Deleted: D:\WINDOWS\system32\cxmres.dll
deleting: D:\WINDOWS\system32\dcvxdec_0407.dll
Successfully Deleted: D:\WINDOWS\system32\dcvxdec_0407.dll
deleting: D:\WINDOWS\system32\dcvxdec_0407.dll
Successfully Deleted: D:\WINDOWS\system32\dcvxdec_0407.dll
deleting: D:\WINDOWS\system32\ddvoice.dll
Successfully Deleted: D:\WINDOWS\system32\ddvoice.dll
deleting: D:\WINDOWS\system32\ddvoice.dll
Successfully Deleted: D:\WINDOWS\system32\ddvoice.dll
deleting: D:\WINDOWS\system32\marapi.dll
Successfully Deleted: D:\WINDOWS\system32\marapi.dll
deleting: D:\WINDOWS\system32\marapi.dll
Successfully Deleted: D:\WINDOWS\system32\marapi.dll
deleting: D:\WINDOWS\system32\mautb.dll
Successfully Deleted: D:\WINDOWS\system32\mautb.dll
deleting: D:\WINDOWS\system32\mautb.dll
Successfully Deleted: D:\WINDOWS\system32\mautb.dll
deleting: D:\WINDOWS\system32\mgc40u.dll
Successfully Deleted: D:\WINDOWS\system32\mgc40u.dll
deleting: D:\WINDOWS\system32\mgc40u.dll
Successfully Deleted: D:\WINDOWS\system32\mgc40u.dll
deleting: D:\WINDOWS\system32\mpsystem.dll
Successfully Deleted: D:\WINDOWS\system32\mpsystem.dll
deleting: D:\WINDOWS\system32\mpsystem.dll
Successfully Deleted: D:\WINDOWS\system32\mpsystem.dll
deleting: D:\WINDOWS\system32\muimsg.dll
Successfully Deleted: D:\WINDOWS\system32\muimsg.dll
deleting: D:\WINDOWS\system32\muimsg.dll
Successfully Deleted: D:\WINDOWS\system32\muimsg.dll
deleting: D:\WINDOWS\system32\mxaudite.dll
Successfully Deleted: D:\WINDOWS\system32\mxaudite.dll
deleting: D:\WINDOWS\system32\mxaudite.dll
Successfully Deleted: D:\WINDOWS\system32\mxaudite.dll
deleting: D:\WINDOWS\system32\ovmanage.dll
Successfully Deleted: D:\WINDOWS\system32\ovmanage.dll
deleting: D:\WINDOWS\system32\ovmanage.dll
Successfully Deleted: D:\WINDOWS\system32\ovmanage.dll
deleting: D:\WINDOWS\system32\sacur32.dll
Successfully Deleted: D:\WINDOWS\system32\sacur32.dll
deleting: D:\WINDOWS\system32\sacur32.dll
Successfully Deleted: D:\WINDOWS\system32\sacur32.dll
deleting: D:\WINDOWS\system32\wips.dll
Successfully Deleted: D:\WINDOWS\system32\wips.dll
deleting: D:\WINDOWS\system32\wips.dll
Successfully Deleted: D:\WINDOWS\system32\wips.dll
deleting: D:\WINDOWS\system32\wqhbth.dll
Successfully Deleted: D:\WINDOWS\system32\wqhbth.dll
deleting: D:\WINDOWS\system32\wqhbth.dll
Successfully Deleted: D:\WINDOWS\system32\wqhbth.dll
deleting: D:\WINDOWS\system32\xwsp1res.dll
Successfully Deleted: D:\WINDOWS\system32\xwsp1res.dll
deleting: D:\WINDOWS\system32\xwsp1res.dll
Successfully Deleted: D:\WINDOWS\system32\xwsp1res.dll
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: cagmgr32.dll (164 bytes security) (deflated 48%)
adding: cqrtcli.dll (164 bytes security) (deflated 48%)
adding: cxmres.dll (164 bytes security) (deflated 48%)
adding: dcvxdec_0407.dll (164 bytes security) (deflated 48%)
adding: ddvoice.dll (164 bytes security) (deflated 48%)
adding: marapi.dll (164 bytes security) (deflated 48%)
adding: mautb.dll (164 bytes security) (deflated 48%)
adding: mgc40u.dll (164 bytes security) (deflated 48%)
adding: mpsystem.dll (164 bytes security) (deflated 48%)
adding: muimsg.dll (164 bytes security) (deflated 48%)
adding: mxaudite.dll (164 bytes security) (deflated 48%)
adding: ovmanage.dll (164 bytes security) (deflated 48%)
adding: sacur32.dll (164 bytes security) (deflated 48%)
adding: wips.dll (164 bytes security) (deflated 48%)
adding: wqhbth.dll (164 bytes security) (deflated 48%)
adding: xwsp1res.dll (164 bytes security) (deflated 48%)
adding: guard.tmp (164 bytes security) (deflated 48%)
adding: clear.reg (164 bytes security) (deflated 55%)
adding: echo.reg (164 bytes security) (deflated 14%)
adding: direct.txt (164 bytes security) (deflated 6%)
adding: lo2.txt (164 bytes security) (deflated 87%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: test.txt (164 bytes security) (deflated 88%)
adding: test2.txt (164 bytes security) (deflated 36%)
adding: test3.txt (164 bytes security) (deflated 36%)
adding: test5.txt (164 bytes security) (deflated 36%)
adding: xfind.txt (164 bytes security) (deflated 85%)
adding: backregs/09C16CA7-FC50-4894-91E8-75DC0205EE5C.reg (164 bytes security) (deflated 70%)
adding: backregs/104EB31E-03E9-471C-9112-D75C120E477E.reg (164 bytes security) (deflated 70%)
adding: backregs/1D44F68B-17D9-4FBD-B284-8305B76B3FA9.reg (164 bytes security) (deflated 69%)
adding: backregs/4556C666-9FB4-4E25-B087-24806C42222A.reg (164 bytes security) (deflated 70%)
adding: backregs/98A134C1-1E3B-4C1E-8D42-529745594227.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

deleting local copy: cagmgr32.dll
deleting local copy: cagmgr32.dll
deleting local copy: cqrtcli.dll
deleting local copy: cqrtcli.dll
deleting local copy: cxmres.dll
deleting local copy: cxmres.dll
deleting local copy: dcvxdec_0407.dll
deleting local copy: dcvxdec_0407.dll
deleting local copy: ddvoice.dll
deleting local copy: ddvoice.dll
deleting local copy: marapi.dll
deleting local copy: marapi.dll
deleting local copy: mautb.dll
deleting local copy: mautb.dll
deleting local copy: mgc40u.dll
deleting local copy: mgc40u.dll
deleting local copy: mpsystem.dll
deleting local copy: mpsystem.dll
deleting local copy: muimsg.dll
deleting local copy: muimsg.dll
deleting local copy: mxaudite.dll
deleting local copy: mxaudite.dll
deleting local copy: ovmanage.dll
deleting local copy: ovmanage.dll
deleting local copy: sacur32.dll
deleting local copy: sacur32.dll
deleting local copy: wips.dll
deleting local copy: wips.dll
deleting local copy: wqhbth.dll
deleting local copy: wqhbth.dll
deleting local copy: xwsp1res.dll
deleting local copy: xwsp1res.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
D:\WINDOWS\system32\cagmgr32.dll
D:\WINDOWS\system32\cagmgr32.dll
D:\WINDOWS\system32\cqrtcli.dll
D:\WINDOWS\system32\cqrtcli.dll
D:\WINDOWS\system32\cxmres.dll
D:\WINDOWS\system32\cxmres.dll
D:\WINDOWS\system32\dcvxdec_0407.dll
D:\WINDOWS\system32\dcvxdec_0407.dll
D:\WINDOWS\system32\ddvoice.dll
D:\WINDOWS\system32\ddvoice.dll
D:\WINDOWS\system32\marapi.dll
D:\WINDOWS\system32\marapi.dll
D:\WINDOWS\system32\mautb.dll
D:\WINDOWS\system32\mautb.dll
D:\WINDOWS\system32\mgc40u.dll
D:\WINDOWS\system32\mgc40u.dll
D:\WINDOWS\system32\mpsystem.dll
D:\WINDOWS\system32\mpsystem.dll
D:\WINDOWS\system32\muimsg.dll
D:\WINDOWS\system32\muimsg.dll
D:\WINDOWS\system32\mxaudite.dll
D:\WINDOWS\system32\mxaudite.dll
D:\WINDOWS\system32\ovmanage.dll
D:\WINDOWS\system32\ovmanage.dll
D:\WINDOWS\system32\sacur32.dll
D:\WINDOWS\system32\sacur32.dll
D:\WINDOWS\system32\wips.dll
D:\WINDOWS\system32\wips.dll
D:\WINDOWS\system32\wqhbth.dll
D:\WINDOWS\system32\wqhbth.dll
D:\WINDOWS\system32\xwsp1res.dll
D:\WINDOWS\system32\xwsp1res.dll
D:\WINDOWS\system32\guard.tmp
D:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4556C666-9FB4-4E25-B087-24806C42222A}"=-
"{1D44F68B-17D9-4FBD-B284-8305B76B3FA9}"=-
"{98A134C1-1E3B-4C1E-8D42-529745594227}"=-
"{09C16CA7-FC50-4894-91E8-75DC0205EE5C}"=-
"{104EB31E-03E9-471C-9112-D75C120E477E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{4556C666-9FB4-4E25-B087-24806C42222A}]
[-HKEY_CLASSES_ROOT\CLSID\{1D44F68B-17D9-4FBD-B284-8305B76B3FA9}]
[-HKEY_CLASSES_ROOT\CLSID\{98A134C1-1E3B-4C1E-8D42-529745594227}]
[-HKEY_CLASSES_ROOT\CLSID\{09C16CA7-FC50-4894-91E8-75DC0205EE5C}]
[-HKEY_CLASSES_ROOT\CLSID\{104EB31E-03E9-471C-9112-D75C120E477E}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

0
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 329
7 août 2005 à 16:57
merci tu avais la dose lol
0
en effet!
je confirme donc que c'etait bien ca! plus aucune pub! cest formidable!!
encore merci a tous ;-)
bon dimanche
0
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 329
7 août 2005 à 17:01
content pour toi
a++ sans soucis j espere
0