Tom's Guide > Forum > Sécurité - Virus > Pb de changements de pages internet intempestifs

Pb de changements de pages internet intempestifs

Forum Sécurité - Virus : Pb de changements de pages internet intempestifs

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
baguerrah   23-11-2005 à 18:16:32

Bonjour à tous!

j'ai vu que d'autres ont eu le meme pb mais leurs postes etant marqués "resolus" j'ai suposé que je devais en creer un autre.

Comme le titre l'indique tres (trop) frequemment la page sur laquelle je suis change pr une pub et j'ai egalement des pubs qui s'ouvrent parfois (flash). Norton et adware ont trouvé et detruits des trucs, spybot n'a rien trouvé.

J'ai telechargé hijackthis mais j'y comprend rien donc je viens vous demander votre aide :)


Je vous mets le log de hijackthis histoire de gagner un peu de temps! (ca commence à me souler ces changements de pages!)

merci par avance :)

Logfile of HijackThis v1.99.1
Scan saved at 18:16:11, on 23/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\LiLiZ\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vindieselgallery.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/web [...] ad185a.exe
O16 - DPF: {E504AD79-2E1A-4EE6-814D-53DE1EEB75AF} (Canal+ Active MSWAY) - https://www.canalplay.com/cabs/msway43.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\fpn4035qe.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
lomaster   23-11-2005 à 18:31:33
- 0 +

bonjour

1/Télécharge L2Mfix la[/url] ou
la

Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install

2/Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.

3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat


Ainsi que LSPfix
- télécharger LSPfix et éventuellement le dézipper sur le bureau
- lancer LSPfix et se mettre en plein écran pour voir tous les boutons et ascenseurs - fermer Internet Explorer et arrêter la connexion à Internet - cocher la case "I know what I'm doing" (je sais ce que je fais)
- dans la colonne de gauche, sélectionner toutes les instances des fichiers à éliminer
- cliquer sur la flèche vers la droite pour les ajouter (de la colonne KEEP) dans la colonne REMOVE
- scroller et cliquer sur Finish.
LSPfix

Répondre à lomaster
baguerrah   23-11-2005 à 18:48:52
- 0 +

merci pour ton aide!

voila le premier rapport mais j'ai pas eu de reboot auto!

L2MFIX find log 1.99
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fpn4035qe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{05C5F54D-204B-0A10-B819-A2775CD4971F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
@=""
"{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places"
"{23170F69-40C1-278A-1000-000100020000}"="7-Zip Shell Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{6942C016-2C7A-451E-B2B1-28F458656D7A}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6942C016-2C7A-451E-B2B1-28F458656D7A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6942C016-2C7A-451E-B2B1-28F458656D7A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6942C016-2C7A-451E-B2B1-28F458656D7A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6942C016-2C7A-451E-B2B1-28F458656D7A}\InprocServer32]
@="C:\\WINDOWS\\system32\\wydtrace.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
cdral.dll Tue 30 Aug 2005 20:26:06 A.... 45 056 44,00 K
cdrtc.dll Tue 30 Aug 2005 20:26:06 A.... 49 152 48,00 K
csmrepl.dll Wed 23 Nov 2005 9:16:24 ..S.R 234 272 228,78 K
fpn403~1.dll Wed 23 Nov 2005 9:16:24 ..S.R 234 725 229,22 K
msway.dll Tue 13 Sep 2005 19:22:38 A.... 105 280 102,81 K
mv28l9~1.dll Wed 23 Nov 2005 17:48:24 ..S.R 234 272 228,78 K
sirenacm.dll Thu 13 Oct 2005 8:11:06 A.... 118 784 116,00 K
wydtrace.dll Wed 23 Nov 2005 17:49:52 ..... 234 725 229,22 K

8 items found: 8 files (3 H/S), 0 directories.
Total of file sizes: 1 256 266 bytes 1,20 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Wed 23 Nov 2005 17:51:52 ..S.R 234 725 229,22 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 234 725 bytes 229,22 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle 80.1
Le num‚ro de s‚rie du volume est 789E-C896

R‚pertoire de C:\WINDOWS\System32

23/11/2005 17:51 234ÿ725 guard.tmp
23/11/2005 17:48 234ÿ272 mv28l9fu1.dll
23/11/2005 09:16 234ÿ272 csmrepl.dll
23/11/2005 09:16 234ÿ725 fpn4035qe.dll
01/11/2005 11:09 <REP> dllcache
13/08/2005 23:22 <REP> Microsoft
4 fichier(s) 937ÿ994 octets
2 R‚p(s) 3ÿ499ÿ229ÿ184 octets libres

Répondre à baguerrah
lomaster   23-11-2005 à 18:51:18
- 0 +

as tu lancer LSPfix??? si non fais le et ensuite tu repost un scan hijackthis.

Répondre à lomaster
baguerrah   23-11-2005 à 18:54:41
- 0 +

j'ai rebooté moi meme et j'ai fais l option 2 voila ce qu il me donne:

Logfile of HijackThis v1.99.1
Scan saved at 18:16:11, on 23/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\LiLiZ\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vindieselgallery.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/web [...] ad185a.exe
O16 - DPF: {E504AD79-2E1A-4EE6-814D-53DE1EEB75AF} (Canal+ Active MSWAY) - https://www.canalplay.com/cabs/msway43.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\fpn4035qe.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

je fais lspfix de suite!

Répondre à baguerrah
lomaster   23-11-2005 à 19:05:04
- 0 +

Pour ton log hijacthis :



- Redémarre en mode sans échec. Attention, tu n'as pas accès à Internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuie sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuie sur Entrée.

- Relance un scan HijackThis et coche la lignes ci-dessous :


O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/web [...] ad185a.exe

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\fpn4035qe.dll

O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)


Ferme toutes les fenêtres Windows, Internet explorer, Outlook, sauf le logiciel Hijackthis et clique sur « Fix checked »


scan ton pc avec ewido:
ewido

Répondre à lomaster
baguerrah   23-11-2005 à 19:21:06
- 0 +

41% du systeme scanné et déjà 207 objets infectés ...

Répondre à baguerrah
baguerrah   23-11-2005 à 19:49:54
- 0 +

rapport ewido:

---------------------------------------------------------
ewido security suite - Rapport de scan
---------------------------------------------------------

+ Créé le: 19:46:09, 23/11/2005
+ Somme de contrôle: A43ED16F

+ Résultats du scan:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ADM25.ADM25.1\CLSID\\ -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ADM4.ADM4.1\CLSID\\ -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\AppID\adm.EXE\\AppID -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE\\AppID -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Effective-i -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Nettoyer et sauvegarder
HKU\S-1-5-21-725345543-1935655697-682003330-1004\Software\Effective-i -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
HKU\S-1-5-21-725345543-1935655697-682003330-1004\Software\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
HKU\S-1-5-21-725345543-1935655697-682003330-1004\Software\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
HKU\S-1-5-21-725345543-1935655697-682003330-1004\Software\IST -> Spyware.ISTBar : Nettoyer et sauvegarder
HKU\S-1-5-21-725345543-1935655697-682003330-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Nettoyer et sauvegarder
HKU\S-1-5-21-725345543-1935655697-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Nettoyer et sauvegarder
HKU\S-1-5-21-725345543-1935655697-682003330-1004\Software\RX Toolbar -> Spyware.RXToolbar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Erreur durant le nettoyage
[684] C:\WINDOWS\system32\khdcan.dll -> Spyware.Look2Me : Erreur durant le nettoyage
[820] C:\WINDOWS\system32\khdcan.dll -> Spyware.Look2Me : Erreur durant le nettoyage
:mozilla.29:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
:mozilla.39:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.41:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.42:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.43:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.44:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.46:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.47:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.48:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.49:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.50:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.51:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.52:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.53:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.54:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.55:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.56:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.57:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.58:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.59:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.60:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
:mozilla.61:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.63:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.65:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.66:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.67:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.68:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder
:mozilla.69:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder
:mozilla.91:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.96:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.97:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
:mozilla.98:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
:mozilla.99:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
:mozilla.105:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.106:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.107:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.108:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.109:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.110:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.111:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.112:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.122:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
:mozilla.123:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
:mozilla.124:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
:mozilla.125:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
:mozilla.126:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
:mozilla.132:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.133:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.134:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.153:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Linksynergy : Nettoyer et sauvegarder
:mozilla.154:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Linksynergy : Nettoyer et sauvegarder
:mozilla.155:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Linksynergy : Nettoyer et sauvegarder
:mozilla.157:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder
:mozilla.159:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.160:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.161:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.162:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.163:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.164:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.165:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.166:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.167:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.168:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.169:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.170:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.171:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.172:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
:mozilla.200:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder
:mozilla.201:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder
:mozilla.204:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Spylog : Nettoyer et sauvegarder
:mozilla.205:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.206:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.207:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.208:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.209:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.210:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.211:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.212:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.213:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.214:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.215:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.216:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.217:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.231:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Qksrv : Nettoyer et sauvegarder
:mozilla.232:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Qksrv : Nettoyer et sauvegarder
:mozilla.235:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Sitestat : Nettoyer et sauvegarder
:mozilla.236:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Sitestat : Nettoyer et sauvegarder
:mozilla.248:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder
:mozilla.252:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.262:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitslink : Nettoyer et sauvegarder
:mozilla.266:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitslink : Nettoyer et sauvegarder
:mozilla.267:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitslink : Nettoyer et sauvegarder
:mozilla.268:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitslink : Nettoyer et sauvegarder
:mozilla.272:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.350:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
:mozilla.351:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
:mozilla.352:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
:mozilla.447:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Centrport : Nettoyer et sauvegarder
:mozilla.462:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.479:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Esomniture : Nettoyer et sauvegarder
:mozilla.491:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Counted : Nettoyer et sauvegarder
:mozilla.492:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Counted : Nettoyer et sauvegarder
:mozilla.493:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Nettoyer et sauvegarder
:mozilla.494:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.495:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.496:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.497:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.498:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.519:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
:mozilla.524:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Realtracker : Nettoyer et sauvegarder
:mozilla.525:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Realtracker : Nettoyer et sauvegarder
:mozilla.552:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.553:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.554:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.555:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.572:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Ivwbox : Nettoyer et sauvegarder
:mozilla.576:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Adjuggler : Nettoyer et sauvegarder
:mozilla.577:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Adjuggler : Nettoyer et sauvegarder
:mozilla.637:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
:mozilla.638:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
:mozilla.639:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
:mozilla.640:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
:mozilla.641:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.687:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.703:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.706:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.707:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.713:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.722:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
:mozilla.723:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
:mozilla.724:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
:mozilla.725:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
:mozilla.726:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
:mozilla.727:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
:mozilla.728:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
:mozilla.737:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
:mozilla.738:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
:mozilla.747:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Sitestat : Nettoyer et sauvegarder
:mozilla.749:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.750:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.754:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.755:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.757:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.758:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.771:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.776:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Onestat : Nettoyer et sauvegarder
:mozilla.777:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Onestat : Nettoyer et sauvegarder
:mozilla.778:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Sitestat : Nettoyer et sauvegarder
:mozilla.815:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.816:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.817:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.818:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.819:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.855:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Sitestat : Nettoyer et sauvegarder
:mozilla.908:C:\Documents and Settings\LiLiZ\Application Data\Mozilla\Firefox\Profiles\4uz1pj1i.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Cookies\liliz@2o7[2].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Cookies\liliz@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Cookies\liliz@atdmt[1].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Cookies\liliz@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Cookies\liliz@findwhat[1].txt -> Spyware.Cookie.Findwhat : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Cookies\liliz@statcounter[1].txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Cookies\liliz@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Local Settings\Temporary Internet Files\Content.IE5\JZHF0LUD\mm[1].js -> Spyware.Chitika : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Local Settings\Temporary Internet Files\Content.IE5\SXSDINSX\drsmartload_js[2].htm -> TrojanDownloader.IstBar.j : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Local Settings\Temporary Internet Files\Content.IE5\SXSDINSX\ucmoreiex[1].exe/UCMTSAIE.DLL -> Spyware.UCmore : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Local Settings\Temporary Internet Files\Content.IE5\SXSDINSX\ucmoreiex[1].exe/IUCMORE.DLL -> Spyware.UCmore : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Local Settings\Temporary Internet Files\Content.IE5\WLEVG12N\mm[1].js -> Spyware.Chitika : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Local Settings\Temporary Internet Files\Content.IE5\WLEVG12N\mm[2].js -> Spyware.Chitika : Nettoyer et sauvegarder
C:\Documents and Settings\LiLiZ\Local Settings\Temporary Internet Files\Content.IE5\WLEVG12N\mm[3].js -> Spyware.Chitika : Nettoyer et sauvegarder
C:\Program Files\INSTAFINK -> Spyware.404Search : Nettoyer et sauvegarder
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll -> Spyware.MyWebSearch : Nettoyer et sauvegarder
C:\Program Files\Need2Find -> Spyware.Need2Find : Nettoyer et sauvegarder
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Nettoyer et sauvegarder
C:\Program Files\RXToolBar -> Spyware.RXToolbar : Nettoyer et sauvegarder
C:\Program Files\RXToolBar\sfcont.bin -> Spyware.RXToolbar : Nettoyer et sauvegarder
C:\WINDOWS\system32\aqycfilt.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\csmrepl.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\dVdim.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\o8pqli7518.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\pgtorec.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\adm.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\adm25.dll -> Spyware.Altnet : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\adm4.dll -> Spyware.Altnet : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Spyware.Altnet : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Spyware.Altnet : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\admprog.dll -> Spyware.Altnet : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\dmfiles.cab/AltnetUninstall.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\dmfiles.cab/asmend.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\mysearch.cab/mySetp.exe -> Spyware.MyWebSearch : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\pmexe.cab/Points Manager.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\pmfiles.cab/setup.cab/PMuninstall.bde -> Spyware.Altnet : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
D:\Program Files\Altnet\Download Manager\asm.exe -> Spyware.Altnet : Nettoyer et sauvegarder
D:\Program Files\Altnet\Download Manager\asmps.dll -> Spyware.Altnet : Nettoyer et sauvegarder

Répondre à baguerrah
baguerrah   23-11-2005 à 20:10:42
- 0 +

Norton me dit "TCP/IP non installé", comment je reinstalle ? :-?

Répondre à baguerrah
baguerrah   23-11-2005 à 20:12:04
- 0 +

Norton me dit "TCP/IP non installé", comment je reinstalle ? :-?

ewido me signale des nouvelles infections spyware.look2me

Répondre à baguerrah
lomaster   23-11-2005 à 20:12:12
- 0 +

Bien voila qui est fait!!!!

as tu toujours des pages????
post un log hijackthis stp de nouveau.

Répondre à lomaster
baguerrah   23-11-2005 à 20:16:45
- 0 +

je peux pas te dire si j ai tjr des pages j'ai plus de navigation! (je suis sur un autre pc pr t ecrire).
ewido s'affole tjr.

Logfile of HijackThis v1.99.1
Scan saved at 20:15:01, on 23/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Documents and Settings\LiLiZ\Bureau\HijackThis.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Club-Internet\Lanceur\lanceur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {E504AD79-2E1A-4EE6-814D-53DE1EEB75AF} (Canal+ Active MSWAY) - https://www.canalplay.com/cabs/msway43.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\fprq0395e.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Répondre à baguerrah
lomaster   23-11-2005 à 20:30:30
- 0 +

tu peu lancer le deuxieme scan de L2mFix stp
Loo2Me est bien dur a viré cette fois...

Répondre à lomaster
baguerrah   23-11-2005 à 21:37:39
- 0 +

j'ai utilisé "look2me remover" ca a l'air d'avoir fonctionné ca fait 2 scan de suite que ewido ne trouve plus look2me. Par contre au 2eme il a trouvé spyware.cookie.estat tu sais ce que c'est ?

j'ai reinstallé mon protocole TCP/IP et lancé une page internet pour voir si la pub revient.

Répondre à baguerrah
esteban54   23-11-2005 à 23:45:50
- 0 +

Bonsoir,

Citation :


lomaster a écrit :

Ainsi que LSPfix
- télécharger LSPfix et éventuellement le dézipper sur le bureau
- lancer LSPfix et se mettre en plein écran pour voir tous les boutons et ascenseurs - fermer Internet Explorer et arrêter la connexion à Internet - cocher la case "I know what I'm doing" (je sais ce que je fais)
- dans la colonne de gauche, sélectionner toutes les instances des fichiers à éliminer
- cliquer sur la flèche vers la droite pour les ajouter (de la colonne KEEP) dans la colonne REMOVE
- scroller et cliquer sur Finish.
LSPfix




** ATTENTION **

il faut préciser quelles DLL doivent être supprimées
en effet il ne faut absolument pas virer les fichiers winrnr.dll, rsvpsp.dll, mswsock.dll

or ton message sous-entend de tout supprimer : "sélectionner toutes les instances des fichiers à éliminer"
Les gens ne sont pas censés savoir quels fichiers sont à conserver (KEEP) ou à supprimer (REMOVE) et risquent de comprendre qu'il faut tout virer !

c'est pour cette raison que baguerrah a eu le message "TCP/IP non installé" (absence de mswsock.dll)

Répondre à esteban54
baguerrah   24-11-2005 à 08:06:01
- 0 +

merci pour la précision esteban :)
ca va j'ai pu le reinstaller!

je laisse passer la journée pour etre sur que mon pb a completement disparu, je vous tiens au courant ce soir :)

Répondre à baguerrah
chicheng@IDN   24-11-2005 à 15:20:06
- 0 +

Salut

J'ai un probleme similaire enfait, et comme le post est plutot recent je me suis dis que c'etait inutile de faire un nouveau.

Ma page de demarage d'internet explorer est changer par http:///4.3.10

Je suis a peu pres sur de m'etre chopé ça apres avoir telechargé un crack accompagné d'un exe que j'aurais pas du executer... enfin voici mon log hijack:

Logfile of HijackThis v1.99.1
Scan saved at 15:17:15, on 24/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Documents and Settings\Paul McCartney\Mes documents\Mes fichiers reçus\yzdck0060_beta\YzDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijck\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {840121111101411911080111101077109114053} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AtiPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Paul McCartney\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci vers YzDock.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1358E11F-ADE8-4D2B-9135-1A4CB9A23D7B} (Install Class) - https://genius.belgacom.be/esupport [...] taller.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9328339640
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Download [...] _Win32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A97E911A-D45A-4145-B17B-8189E84CD4A6}: NameServer = 195.238.2.22 195.238.2.21
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe


Qu'est ce que je dois faire maintenant? Parce qu'en plus lorsque je demarre mon ordi le disque travail sans que je en le sollicite et fini par bloque IE puis tout rentre dans l'ordre.

Merci

Répondre à chicheng@IDN
baguerrah   24-11-2005 à 17:49:57
- 0 +

salut!

apparement mon pb a disparu! merci infiniment :)
chicheng j te souhaite bon courage :)

Répondre à baguerrah
HorUs_le_chimiste   24-11-2005 à 19:50:38
- 0 +

Salut à vous nobles vérolés... lol bonmoi je le même soucis que vous 2 dc j'ai voulu faire ce que tu conseillais lomaster!
donc voila le premier report de l2mfix:

L2MFIX find log 1.99
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\kt6ml7j11.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A3050628-0341-A1BA-6477-7429928CEF6B}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{8411EC52-BAE7-414C-9A43-E529B792A72A}"=""
"{54ED14AC-171E-4C5C-AD92-E22BB2A6670C}"=""
"{90860FD4-E1F4-4C08-9A10-996A97E82B07}"=""
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8411EC52-BAE7-414C-9A43-E529B792A72A}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{8411EC52-BAE7-414C-9A43-E529B792A72A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8411EC52-BAE7-414C-9A43-E529B792A72A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8411EC52-BAE7-414C-9A43-E529B792A72A}\InprocServer32]
@="C:\\WINDOWS\\system32\\uoandlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{54ED14AC-171E-4C5C-AD92-E22BB2A6670C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54ED14AC-171E-4C5C-AD92-E22BB2A6670C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54ED14AC-171E-4C5C-AD92-E22BB2A6670C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54ED14AC-171E-4C5C-AD92-E22BB2A6670C}\InprocServer32]
@="C:\\WINDOWS\\system32\\nvapi32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{90860FD4-E1F4-4C08-9A10-996A97E82B07}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90860FD4-E1F4-4C08-9A10-996A97E82B07}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90860FD4-E1F4-4C08-9A10-996A97E82B07}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90860FD4-E1F4-4C08-9A10-996A97E82B07}\InprocServer32]
@="C:\\WINDOWS\\system32\\deactfrm.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
atmtd.dll Wed 23 Nov 2005 7:02:44 A.... 687 592 671,48 K
browseui.dll Sat 3 Sep 2005 1:06:12 A.... 1 020 416 996,50 K
cdfview.dll Sat 3 Sep 2005 1:06:12 A.... 152 064 148,50 K
cdmaysvr.dll Tue 22 Nov 2005 22:51:00 A.... 45 056 44,00 K
cdosys.dll Sat 10 Sep 2005 2:55:14 A.... 2 067 968 1,97 M
danim.dll Sat 3 Sep 2005 1:06:12 A.... 1 056 256 1,00 M
deactfrm.dll Thu 24 Nov 2005 19:21:12 ..... 234 272 228,78 K
dn6s01~1.dll Thu 24 Nov 2005 6:58:02 ..S.R 234 272 228,78 K
dxtrans.dll Sat 3 Sep 2005 1:06:12 A.... 205 312 200,50 K
extmgr.dll Sat 3 Sep 2005 1:06:12 A.... 55 808 54,50 K
gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280 064 273,50 K
iepeers.dll Sat 3 Sep 2005 1:06:12 A.... 251 392 245,50 K
inseng.dll Sat 3 Sep 2005 1:06:12 A.... 96 768 94,50 K
kt6ml7~1.dll Wed 23 Nov 2005 21:12:04 ..S.R 234 272 228,78 K
linkinfo.dll Thu 1 Sep 2005 2:43:38 A.... 19 968 19,50 K
mshtml.dll Tue 4 Oct 2005 16:26:06 A.... 3 013 120 2,87 M
mshtmled.dll Sat 3 Sep 2005 1:06:12 A.... 448 512 438,00 K
msrating.dll Sat 3 Sep 2005 1:06:12 A.... 146 432 143,00 K
mstime.dll Sat 3 Sep 2005 1:06:12 A.... 530 432 518,00 K
o266lc~1.dll Thu 24 Nov 2005 6:57:02 ..S.R 235 934 230,40 K
pngfilt.dll Sat 3 Sep 2005 1:06:12 A.... 39 424 38,50 K
quartz.dll Tue 30 Aug 2005 4:55:44 A.... 1 293 312 1,23 M
shdocvw.dll Sat 3 Sep 2005 1:06:12 A.... 1 484 288 1,41 M
shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M
shlwapi.dll Sat 3 Sep 2005 1:06:12 A.... 474 112 463,00 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
urlmon.dll Sat 3 Sep 2005 1:06:12 A.... 605 696 591,50 K
wininet.dll Sat 3 Sep 2005 1:06:12 A.... 662 528 647,00 K
winsrv.dll Thu 1 Sep 2005 2:43:38 A.... 292 352 285,50 K

29 items found: 29 files (3 H/S), 0 directories.
Total of file sizes: 24 493 286 bytes 23,36 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Thu 24 Nov 2005 19:23:12 ..S.R 234 272 228,78 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 234 272 bytes 228,78 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 40BF-DD40

R‚pertoire de C:\WINDOWS\System32

24/11/2005 19:23 234ÿ272 guard.tmp
24/11/2005 06:58 234ÿ272 dn6s01j7e.dll
24/11/2005 06:57 235ÿ934 o266lcjs1fo6.dll
23/11/2005 21:12 234ÿ272 kt6ml7j11.dll
08/11/2005 23:11 <REP> dllcache
28/01/2005 20:12 <REP> Microsoft
4 fichier(s) 938ÿ750 octets
2 R‚p(s) 43ÿ064ÿ156ÿ160 octets libres

je suis bloqué pr le second rapport car il me demande un password que je ne peux pas taper...je tape sur le clavier mais rien ne se passe! :-?

et voila mon hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 19:47:22, on 24/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InstallNAIProduct] "D:\Vsc\setup.exe" /RUNKEY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FD72E68-3B10-4DF2-97AD-8CEEA8A541B6}: NameServer = 80.10.246.1,80.10.246.139
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\kt6ml7j11.dll
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\system32\edgoadee.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q29jaGV0\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

tin j'espère que tu vas revenir sur ce topic où qq'un d'autre...
Merci d'avance!

Répondre à HorUs_le_chimiste
esteban54   24-11-2005 à 22:49:03
- 0 +

Bonsoir,

pour chicheng :

1/ Télécharge PocketKillBox de Option^Explicit
Dézippe-le sur ton bureau.

2/ Lance KillBox.exe

Coche "Delete on reboot"
Dans "Full Path of File to Delete" mets C:\WINDOWS\SYSTEM32\avpe32.dll
Clique sur la croix rouge
Au premier message qui va s'afficher, réponds YES pour confirmer
Au deuxième message, réponds NO pour pas redémarrer tout de suite

3/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10

O2 - BHO: (no name) - {840121111101411911080111101077109114053} - (no file)

** O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Paul McCartney\Application Data\Systweak\ASO 2\smstartUp manager.exe ** si tu n'utilises plus Advanced System Optimizer 2

O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll

4/ Redémarre et poste un nouveau rapport HJT.

As-tu encore des dysfonctionnements ?

---------------------------------------------------------------------------------

pour HorUs_le_chimiste :

pour virer Look2Me, si l2mfix ne donne rien, essaie Spy Sweeper
parfois il réussit à le supprimer.

Répondre à esteban54
HorUs_le_chimiste   27-11-2005 à 00:48:47
- 0 +

L2MFix ne donne rien ni spy sweeper ni LSPfix
aidez moi plz ça me gave trop...

Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 00:46:49, on 27/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Mes documents\friter du virus\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FD72E68-3B10-4DF2-97AD-8CEEA8A541B6}: NameServer = 80.10.246.1,80.10.246.139
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\irl0l53m1.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

-------------------------------
me dites pas qu'il faut que je supprime la ligne 20 elle revient tt le tps mais sous un autre nom...à cause d'elle je ne peux pas utiliser L2MFix...
aidez moi plz

Premier rapport L2Mfix:

L2MFIX find log 1.99
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellServiceObjectDelayLoad]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\irl0l53m1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A3050628-0341-A1BA-6477-7429928CEF6B}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{8411EC52-BAE7-414C-9A43-E529B792A72A}"=""
"{54ED14AC-171E-4C5C-AD92-E22BB2A6670C}"=""
"{90860FD4-E1F4-4C08-9A10-996A97E82B07}"=""
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{C0EA65E9-B8FB-4512-9817-A772E6374ADF}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8411EC52-BAE7-414C-9A43-E529B792A72A}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{8411EC52-BAE7-414C-9A43-E529B792A72A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8411EC52-BAE7-414C-9A43-E529B792A72A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8411EC52-BAE7-414C-9A43-E529B792A72A}\InprocServer32]
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{54ED14AC-171E-4C5C-AD92-E22BB2A6670C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54ED14AC-171E-4C5C-AD92-E22BB2A6670C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54ED14AC-171E-4C5C-AD92-E22BB2A6670C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54ED14AC-171E-4C5C-AD92-E22BB2A6670C}\InprocServer32]
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{90860FD4-E1F4-4C08-9A10-996A97E82B07}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90860FD4-E1F4-4C08-9A10-996A97E82B07}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90860FD4-E1F4-4C08-9A10-996A97E82B07}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90860FD4-E1F4-4C08-9A10-996A97E82B07}\InprocServer32]
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0EA65E9-B8FB-4512-9817-A772E6374ADF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0EA65E9-B8FB-4512-9817-A772E6374ADF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0EA65E9-B8FB-4512-9817-A772E6374ADF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0EA65E9-B8FB-4512-9817-A772E6374ADF}\InprocServer32]
@="C:\\WINDOWS\\system32\\rupdd.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aysnt.dll Fri 25 Nov 2005 15:23:08 ..S.R 235 340 229,82 K
browseui.dll Sat 3 Sep 2005 1:06:12 A.... 1 020 416 996,50 K
bsdispl.dll Sun 27 Nov 2005 0:13:16 ..S.R 236 369 230,83 K
cdfview.dll Sat 3 Sep 2005 1:06:12 A.... 152 064 148,50 K
cdosys.dll Sat 10 Sep 2005 2:55:14 A.... 2 067 968 1,97 M
danim.dll Sat 3 Sep 2005 1:06:12 A.... 1 056 256 1,00 M
dwmsshrn.dll Sat 26 Nov 2005 16:35:34 ..S.R 234 232 228,74 K
dxtrans.dll Sat 3 Sep 2005 1:06:12 A.... 205 312 200,50 K
ennql1~1.dll Sat 26 Nov 2005 16:51:04 ..S.R 235 691 230,16 K
extmgr.dll Sat 3 Sep 2005 1:06:12 A.... 55 808 54,50 K
f4l0le~1.dll Sun 27 Nov 2005 0:17:46 ..S.R 234 799 229,29 K
g0lm0a~1.dll Sat 26 Nov 2005 10:22:32 ..S.R 234 362 228,87 K
gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280 064 273,50 K
icshlpr.dll Sat 26 Nov 2005 16:42:42 ..S.R 235 591 230,07 K
iepeers.dll Sat 3 Sep 2005 1:06:12 A.... 251 392 245,50 K
iihlpapi.dll Sat 26 Nov 2005 16:45:08 ..S.R 235 591 230,07 K
inseng.dll Sat 3 Sep 2005 1:06:12 A.... 96 768 94,50 K
irl0l5~1.dll Sun 27 Nov 2005 0:16:08 ..S.R 233 765 228,29 K
iyuext32.dll Fri 25 Nov 2005 21:17:04 A.... 45 056 44,00 K
j2l4lc~1.dll Thu 24 Nov 2005 21:44:20 ..S.R 235 704 230,18 K
j60slg~1.dll Sat 26 Nov 2005 16:46:08 ..S.R 235 591 230,07 K
ksdukx.dll Thu 24 Nov 2005 23:22:30 ..S.R 235 915 230,38 K
ktj0l7~1.dll Sat 26 Nov 2005 16:48:48 ..S.R 235 157 229,64 K
ktrql7~1.dll Sat 26 Nov 2005 16:40:36 ..S.R 236 042 230,51 K
linkinfo.dll Thu 1 Sep 2005 2:43:38 A.... 19 968 19,50 K
msctl32.dll Wed 23 Nov 2005 17:57:24 A.... 46 592 45,50 K
mshtml.dll Tue 4 Oct 2005 16:26:06 A.... 3 013 120 2,87 M
mshtmled.dll Sat 3 Sep 2005 1:06:12 A.... 448 512 438,00 K
msrating.dll Sat 3 Sep 2005 1:06:12 A.... 146 432 143,00 K
mstime.dll Sat 3 Sep 2005 1:06:12 A.... 530 432 518,00 K
mvr2cenu.dll Sat 26 Nov 2005 15:21:58 ..S.R 234 232 228,74 K
nmobjapi.dll Sat 26 Nov 2005 16:47:04 ..S.R 234 140 228,65 K
oqkley.dll Thu 24 Nov 2005 23:11:24 ..S.R 235 048 229,54 K
otkley.dll Sun 27 Nov 2005 0:04:10 ..S.R 234 140 228,65 K
pngfilt.dll Sat 3 Sep 2005 1:06:12 A.... 39 424 38,50 K
quartz.dll Tue 30 Aug 2005 4:55:44 A.... 1 293 312 1,23 M
rupdd.dll Sun 27 Nov 2005 0:17:48 ..S.R 233 765 228,29 K
shdocvw.dll Sat 3 Sep 2005 1:06:12 A.... 1 484 288 1,41 M
shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M
shlwapi.dll Sat 3 Sep 2005 1:06:12 A.... 474 112 463,00 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
urlmon.dll Sat 3 Sep 2005 1:06:12 A.... 605 696 591,50 K
wininet.dll Sat 3 Sep 2005 1:06:12 A.... 662 528 647,00 K
winsrv.dll Thu 1 Sep 2005 2:43:38 A.... 292 352 285,50 K
wudmtp.dll Sun 27 Nov 2005 0:06:12 ..S.R 234 140 228,65 K

45 items found: 45 files (20 H/S), 0 directories.
Total of file sizes: 27 613 150 bytes 26,33 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 40BF-DD40

R‚pertoire de C:\WINDOWS\System32

27/11/2005 00:17 233ÿ765 rupdd.dll
27/11/2005 00:17 234ÿ799 f4l0le3m1h.dll
27/11/2005 00:16 233ÿ765 irl0l53m1.dll
27/11/2005 00:13 236ÿ369 bsdispl.dll
27/11/2005 00:06 234ÿ140 wudmtp.dll
27/11/2005 00:04 234ÿ140 oTkley.dll
26/11/2005 16:51 235ÿ691 ennql1551.dll
26/11/2005 16:48 235ÿ157 ktj0l71m1.dll
26/11/2005 16:47 234ÿ140 nmobjapi.dll
26/11/2005 16:46 235ÿ591 j60slgd7160.dll
26/11/2005 16:45 235ÿ591 iihlpapi.dll
26/11/2005 16:42 235ÿ591 iCshlpr.dll
26/11/2005 16:40 236ÿ042 ktrql7951.dll
26/11/2005 16:35 234ÿ232 DWMSSHRN.DLL
26/11/2005 15:21 234ÿ232 mvr2cenu.dll
26/11/2005 10:22 234ÿ362 g0lm0a31ed.dll
25/11/2005 15:23 235ÿ340 aysnt.dll
24/11/2005 23:22 235ÿ915 ksdukx.dll
24/11/2005 23:11 235ÿ048 oQkley.dll
24/11/2005 21:44 235ÿ704 j2l4lc3q1f.dll
08/11/2005 23:11 <REP> dllcache
28/01/2005 20:12 <REP> Microsoft
20 fichier(s) 4ÿ699ÿ614 octets
2 R‚p(s) 47ÿ037ÿ550ÿ592 octets libres

Répondre à HorUs_le_chimiste
esteban54   27-11-2005 à 00:58:55
- 0 +

Essaie le Look2Me Remover V.1.0.0 de chez Simplytech

Dézippe-le sur le Bureau.
Lance L2MRemover.exe

--------------------------------------

si ça donne rien, en dernier recours tu peux essayer l'uninstaller édité par les auteurs de cette saleté de Look2Me
(certains l'ont testé et a priori ça ne provoque pas d'autres infections ou dysfonctionnements)

Répondre à esteban54
baguerrah   27-11-2005 à 22:22:58
- 0 +

Look2me remover a bien fonctionné pour moi! et ewido a fini le travail (dommage qu'il soit pas gratuit celui là d'ailleurs :/ ).

Répondre à baguerrah
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Pb de changements de pages internet intempestifs
Aller à :

Il y a 1649 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,867 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens