Se connecter avec
S'enregistrer | Connectez-vous

Probleme av mes page internet ...

Dernière réponse : dans Sécurité

A l'aide ... je vous met un rapport Hijack .. car mes pages internet arrive tout le temps ... des pub des truc ds tous les sens ...

Pourtant j'ai suivi les posts dans le forum qui traitait de cela ... j'ai fait les néttoyage necessaire et avec succes avec le logi : SmitfraudFix tout a été supprimer comme il le fallais ...
J'ai aussi utiliser trojan remover ... qui m'a enlever quelques petits trucs ...

Ne reste plus qu'a regler ce probleme de page internet qui vienne me pourire la vie ... :) 

Merci de votre aide !

Logfile of HijackThis v1.99.1
Scan saved at 21:21:35, on 28/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\TEMP\data.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE
C:\Documents and Settings\christophe\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll (file missing)
O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=020106 serial=PE02CBX-0000003-NMD lang=FR
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\symsvcsa.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EC3F671-DCA9-4042-9816-60ACDDF2F9F0}: NameServer = 212.27.39.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D3330C-C56C-4054-9BCF-71667E26BA29}: NameServer = 212.27.39.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EC3F671-DCA9-4042-9816-60ACDDF2F9F0}: NameServer = 212.27.39.134
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ExtShellViews - C:\WINDOWS\system32\g422lefo1h2c.dll
O20 - Winlogon Notify: htproc - C:\WINDOWS\SYSTEM32\htproc32.dll
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O20 - Winlogon Notify: winmrj32 - C:\WINDOWS\SYSTEM32\winmrj32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KLBLMain - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WebClient - Unknown owner - % (file missing)
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

Alors que dois je faire ????

Autres pages sur : probleme page internet

Lassé par la pub ? Créez un compte

Bonsoir

Télécharge L2mfix (de Shadowwar) de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt") dans ta prochaine réponse.

IMPORTANT : NE PAS lancer l'option #2 OU autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller !

Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.

ok voici ce que me donne le logiciel ...

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ExtShellViews]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\g422lefo1h2c.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\htproc]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DLLName"="htproc32.dll"
"Logon"="StartProcessAtWinLogon"
"Logoff"="StopProcessAtWinLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssldr]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DLLName"="ssldr32.dll"
"Logon"="StartProcessAtWinLogon"
"Logoff"="StopProcessAtWinLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmrj32]
"Asynchronous"=dword:00000001
"DllName"="winmrj32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CF1049D2-5771-FCE0-A115-D77EC8FC3930}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur CCI"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran CCI"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante CCI"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Merge Shell Folder"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Microsoft SearchBand"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Abonnements"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures"
"{7D688A77-C613-11D0-999B-00C04FD655E1}"="SlowFile Icon Overlay"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
"{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{7059DA7A-7E60-11d2-A355-00C04FB9D26E}"="Maxtor Locked Drives"
"{6DF96F63-7CA1-419E-862E-BEA8561A9358}"=""
"{EBB081E2-A31A-4A39-93D3-923F5BB904D4}"=""
"{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}"=""
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DF96F63-7CA1-419E-862E-BEA8561A9358}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF96F63-7CA1-419E-862E-BEA8561A9358}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF96F63-7CA1-419E-862E-BEA8561A9358}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF96F63-7CA1-419E-862E-BEA8561A9358}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EBB081E2-A31A-4A39-93D3-923F5BB904D4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBB081E2-A31A-4A39-93D3-923F5BB904D4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBB081E2-A31A-4A39-93D3-923F5BB904D4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBB081E2-A31A-4A39-93D3-923F5BB904D4}\InprocServer32]
@="C:\\WINDOWS\\system32\\ccmpobj.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}\InprocServer32]
@="C:\\WINDOWS\\system32\\megsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}\InprocServer32]
@="C:\\WINDOWS\\system32\\podrv.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
gdi32.dll Thu 29 Dec 2005 3:56:04 A.... 280 064 273,50 K
ccmpobj.dll Sat 28 Jan 2006 16:47:16 ..S.R 236 242 230,70 K
winmrj32.dll Fri 27 Jan 2006 20:45:06 A.... 16 896 16,50 K
ssldr32.dll Fri 27 Jan 2006 20:45:12 A.... 10 240 10,00 K
htproc32.dll Fri 27 Jan 2006 20:45:12 ..... 36 864 36,00 K
s32evnt1.dll Tue 3 Jan 2006 15:31:44 A.... 91 904 89,75 K
megsvc.dll Sat 28 Jan 2006 17:07:58 ..S.R 236 841 231,29 K
pecrt.dll Sat 28 Jan 2006 9:29:10 ..S.R 235 807 230,28 K
podrv.dll Sat 28 Jan 2006 21:07:18 ..S.R 233 963 228,48 K
gpjql3~1.dll Sat 28 Jan 2006 21:12:14 ..S.R 234 004 228,52 K
g422le~1.dll Sat 28 Jan 2006 20:15:00 ..S.R 237 313 231,75 K
irrol5~1.dll Fri 27 Jan 2006 23:38:08 ..S.R 235 807 230,28 K
irj0l5~1.dll Fri 27 Jan 2006 21:40:42 ..S.R 235 287 229,77 K
t6r8lg~1.dll Fri 27 Jan 2006 22:55:38 ..S.R 235 287 229,77 K
n4n60e~1.dll Fri 27 Jan 2006 23:31:06 ..S.R 235 807 230,28 K

15 items found: 15 files (10 H/S), 0 directories.
Total of file sizes: 2 792 326 bytes 2,66 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sat 28 Jan 2006 21:16:14 ..S.R 237 313 231,75 K
trj_nt~1.tmp Sat 28 Jan 2006 21:15:30 A.... 2 286 2,23 K

2 items found: 2 files (1 H/S), 0 directories.
Total of file sizes: 239 599 bytes 233,98 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle WINDOWS
Le num‚ro de s‚rie du volume est 0969-14E9

R‚pertoire de C:\WINDOWS\System32

28/01/2006 21:16 237ÿ313 guard.tmp
28/01/2006 21:12 234ÿ004 gpjql3151.dll
28/01/2006 21:07 233ÿ963 podrv.dll
28/01/2006 20:15 237ÿ313 g422lefo1h2c.dll
28/01/2006 17:07 236ÿ841 megsvc.dll
28/01/2006 16:47 236ÿ242 ccmpobj.dll
28/01/2006 09:29 235ÿ807 pecrt.dll
27/01/2006 23:38 235ÿ807 irrol5931.dll
27/01/2006 23:31 235ÿ807 n4n60e5seh.dll
27/01/2006 22:55 235ÿ287 t6r8lg9u16.dll
27/01/2006 21:40 235ÿ287 irj0l51m1.dll
24/04/2005 14:12 <REP> Microsoft
24/04/2005 13:48 <REP> dllcache
11 fichier(s) 2ÿ593ÿ671 octets
2 R‚p(s) 7ÿ715ÿ586ÿ048 octets libres

Bien, on continue.

Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.

Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.

IMPORTANT: NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller ! Ne pas lancer cet outil en mode Sans Échec !!
**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt") situé dans le dossier "l2mfix".

Compte rendu apres la manip avec OPTION TAPER 2

L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\SYSTEM32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 600 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 696 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1684 'explorer.exe'
Killing PID 1684 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2840 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\ccmpobj.dll
Successfully Deleted: C:\WINDOWS\system32\ccmpobj.dll
Deleting: C:\WINDOWS\system32\g422lefo1h2c.dll
Successfully Deleted: C:\WINDOWS\system32\g422lefo1h2c.dll
Deleting: C:\WINDOWS\system32\gpjql3151.dll
Successfully Deleted: C:\WINDOWS\system32\gpjql3151.dll
Deleting: C:\WINDOWS\system32\irj0l51m1.dll
Successfully Deleted: C:\WINDOWS\system32\irj0l51m1.dll
Deleting: C:\WINDOWS\system32\irrol5931.dll
Successfully Deleted: C:\WINDOWS\system32\irrol5931.dll
Deleting: C:\WINDOWS\system32\megsvc.dll
Successfully Deleted: C:\WINDOWS\system32\megsvc.dll
Deleting: C:\WINDOWS\system32\n4n60e5seh.dll
Successfully Deleted: C:\WINDOWS\system32\n4n60e5seh.dll
Deleting: C:\WINDOWS\system32\pecrt.dll
Successfully Deleted: C:\WINDOWS\system32\pecrt.dll
Deleting: C:\WINDOWS\system32\podrv.dll
Successfully Deleted: C:\WINDOWS\system32\podrv.dll
Deleting: C:\WINDOWS\system32\t6r8lg9u16.dll
Successfully Deleted: C:\WINDOWS\system32\t6r8lg9u16.dll
Deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

msg11?.dll
0 fichier(s) copi‚(s).
Desktop.ini sucessfully removed




Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ExtShellViews]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\g422lefo1h2c.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\htproc]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DLLName"="htproc32.dll"
"Logon"="StartProcessAtWinLogon"
"Logoff"="StopProcessAtWinLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssldr]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DLLName"="ssldr32.dll"
"Logon"="StartProcessAtWinLogon"
"Logoff"="StopProcessAtWinLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmrj32]
"Asynchronous"=dword:00000001
"DllName"="winmrj32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\ccmpobj.dll
C:\WINDOWS\system32\g422lefo1h2c.dll
C:\WINDOWS\system32\gpjql3151.dll
C:\WINDOWS\system32\irj0l51m1.dll
C:\WINDOWS\system32\irrol5931.dll
C:\WINDOWS\system32\megsvc.dll
C:\WINDOWS\system32\n4n60e5seh.dll
C:\WINDOWS\system32\pecrt.dll
C:\WINDOWS\system32\podrv.dll
C:\WINDOWS\system32\t6r8lg9u16.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DF96F63-7CA1-419E-862E-BEA8561A9358}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF96F63-7CA1-419E-862E-BEA8561A9358}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF96F63-7CA1-419E-862E-BEA8561A9358}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF96F63-7CA1-419E-862E-BEA8561A9358}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EBB081E2-A31A-4A39-93D3-923F5BB904D4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBB081E2-A31A-4A39-93D3-923F5BB904D4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBB081E2-A31A-4A39-93D3-923F5BB904D4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBB081E2-A31A-4A39-93D3-923F5BB904D4}\InprocServer32]
@="C:\\WINDOWS\\system32\\ccmpobj.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}\InprocServer32]
@="C:\\WINDOWS\\system32\\megsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}\InprocServer32]
@="C:\\WINDOWS\\system32\\podrv.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{6DF96F63-7CA1-419E-862E-BEA8561A9358}"=-
"{EBB081E2-A31A-4A39-93D3-923F5BB904D4}"=-
"{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}"=-
"{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}"=-
[-HKEY_CLASSES_ROOT\CLSID\{6DF96F63-7CA1-419E-862E-BEA8561A9358}]
[-HKEY_CLASSES_ROOT\CLSID\{EBB081E2-A31A-4A39-93D3-923F5BB904D4}]
[-HKEY_CLASSES_ROOT\CLSID\{5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE}]
[-HKEY_CLASSES_ROOT\CLSID\{6BAA9CCA-6528-431D-A0BF-C4871F0F8670}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/ccmpobj.dll (deflated 5%)
adding: dlls/g422lefo1h2c.dll (deflated 6%)
adding: dlls/gpjql3151.dll (deflated 4%)
adding: dlls/irj0l51m1.dll (deflated 5%)
adding: dlls/irrol5931.dll (deflated 5%)
adding: dlls/megsvc.dll (deflated 5%)
adding: dlls/n4n60e5seh.dll (deflated 5%)
adding: dlls/pecrt.dll (deflated 5%)
adding: dlls/podrv.dll (deflated 4%)
adding: dlls/t6r8lg9u16.dll (deflated 5%)
adding: dlls/guard.tmp (deflated 6%)
adding: backregs/notibac.reg (deflated 88%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/6DF96F63-7CA1-419E-862E-BEA8561A9358.reg (deflated 70%)
adding: backregs/EBB081E2-A31A-4A39-93D3-923F5BB904D4.reg (deflated 70%)
adding: backregs/5BC05368-B5C4-455A-BE9A-7BA39E8C7FDE.reg (deflated 70%)
adding: backregs/6BAA9CCA-6528-431D-A0BF-C4871F0F8670.reg (deflated 70%)


PLUS le rapport HIJACK apres manip TAPER 2

Logfile of HijackThis v1.99.1
Scan saved at 23:39:37, on 28/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system\smss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\christophe\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll (file missing)
O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=020106 serial=PE02CBX-0000003-NMD lang=FR
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\symsvcsa.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EC3F671-DCA9-4042-9816-60ACDDF2F9F0}: NameServer = 212.27.39.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D3330C-C56C-4054-9BCF-71667E26BA29}: NameServer = 212.27.39.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EC3F671-DCA9-4042-9816-60ACDDF2F9F0}: NameServer = 212.27.39.134
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ExtShellViews - C:\WINDOWS\system32\g422lefo1h2c.dll (file missing)
O20 - Winlogon Notify: htproc - C:\WINDOWS\SYSTEM32\htproc32.dll
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O20 - Winlogon Notify: winmrj32 - C:\WINDOWS\SYSTEM32\winmrj32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KLBLMain - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WebClient - Unknown owner - % (file missing)
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

Est ce tout bon ????

PS EDIT : On dirait que les pages internet n'arrive plus comme cela, toute seule ...
J'espere que tout a fonctionner :) 

Re

Encore des corrections.

Arrête la protection de The Cleaner car cela peux gêner les corrections.

* Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarres l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuyes sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionnes le mode sans échec approprié et appuyes sur Entrée.

* Relances SmitfraudFix, choisis l’option 2 et réponds oui à tout.

* Redémarres normalement et communiques le deuxième rapport de SmitfraudFix avec un nouveau rapport Hijackthis.

Rapport de SmitFraudFix apres redemarrage sans echec

SmitFraudFix v2.15

Rapport fait à 0:07:21,17 le 29/01/2006
Executé à partir de C:\Documents and Settings\christophe\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport


Puis rapport Hi jack

Logfile of HijackThis v1.99.1
Scan saved at 00:14:07, on 29/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system\smss.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\christophe\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll (file missing)
O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=020106 serial=PE02CBX-0000003-NMD lang=FR
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\symsvcsa.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EC3F671-DCA9-4042-9816-60ACDDF2F9F0}: NameServer = 212.27.39.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D3330C-C56C-4054-9BCF-71667E26BA29}: NameServer = 212.27.39.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EC3F671-DCA9-4042-9816-60ACDDF2F9F0}: NameServer = 212.27.39.134
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ExtShellViews - C:\WINDOWS\system32\g422lefo1h2c.dll (file missing)
O20 - Winlogon Notify: htproc - C:\WINDOWS\SYSTEM32\htproc32.dll
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O20 - Winlogon Notify: winmrj32 - C:\WINDOWS\SYSTEM32\winmrj32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KLBLMain - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WebClient - Unknown owner - % (file missing)
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

Voila ... (je ne sais pas si the cleaner est partit au oubliette ... j'ai pas vu de trace de lui pdt le mise en route de smitfraud fix ... mis a part que tout est propre pr ce dernier)

Re

1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

Ewido
http://www.ewido.net/fr/download/
Tu l'installes et tu le mets à jour.

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.

3 Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.

Dans la liste des services, cherche et sélectionne
"Network Monitor" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\Program Files\Network Monitor\netmon.exe" / dans Type de démarrage,
sélectionne Désactiver / valide la modification.

Recommence avec

Windows Log et C:\WINDOWS\system32\nvsvcd.exe

4 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :

Network Monitor

5 Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll (file missing)
O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\symsvcsa.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O20 - Winlogon Notify: ExtShellViews - C:\WINDOWS\system32\g422lefo1h2c.dll (file missing)
O20 - Winlogon Notify: htproc - C:\WINDOWS\SYSTEM32\htproc32.dll
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O20 - Winlogon Notify: winmrj32 - C:\WINDOWS\SYSTEM32\winmrj32.dll
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: WebClient - Unknown owner - % (file missing)
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

6 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

7 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Program Files\Network Monitor
C:\WINDOWS\SYSTEM32\htproc32.dll
C:\WINDOWS\SYSTEM32\ssldr32.dll
C:\WINDOWS\SYSTEM32\winmrj32.dll
C:\WINDOWS\system32\nvsvcd.exe
C:\WINDOWS\system32\symsvcsa.exe
C:\WINDOWS\system32\srvreg.exe
C:\WINDOWS\system\smss.exe --> Attention à l'orthographe
c:\secure32.html
C:\winstall.exe

8 Lance le nettoyage avec CCleaner.

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

9 Lance Ewido.
Fais un scan en mode complet.
Sauvegardes le rapport.

10 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'Ewido.

Ca yes c fait ... wha ca a été long

Rapport ewido

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 03:01:07, 29/01/2006
+ Somme de contrôle: 14CECE9E

+ Résultats du scan:

HKLM\SOFTWARE\Classes\ToolBand.XBTB00429 -> Adware.CramToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ToolBand.XBTB00429\CLSID -> Adware.CramToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ToolBand.XBTB00429\CurVer -> Adware.CramToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ToolBand.XBTB00429.1 -> Adware.CramToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\XBTB00429.XBTB00429 -> Adware.CramToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\XBTB00429.XBTB00429\CLSID -> Adware.CramToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\XBTB00429.XBTB00429\CurVer -> Adware.CramToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\XBTB00429.XBTB00429.1 -> Adware.CramToolbar : Nettoyer et sauvegarder
C:\WINDOWS\SYSTEM\ctldlg32.dll -> Logger.Agent.io : Nettoyer et sauvegarder
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M8QR6XC8\sb75u[1].exe -> Dropper.Delf.qf : Nettoyer et sauvegarder
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M8QR6XC8\sb75u[2].exe -> Dropper.Delf.qf : Nettoyer et sauvegarder
C:\WINDOWS\SYSTEM32\maxd64.exe -> Trojan.Dialer.ay : Nettoyer et sauvegarder
C:\WINDOWS\SYSTEM32\paradise.raw.exe -> Trojan.Small : Nettoyer et sauvegarder
C:\Program Files\Cram Toolbar -> Adware.CramToolbar : Nettoyer et sauvegarder
C:\Program Files\Cram Toolbar\basis.xml -> Adware.CramToolbar : Nettoyer et sauvegarder
C:\Program Files\Cram Toolbar\version.txt -> Adware.CramToolbar : Nettoyer et sauvegarder
C:\Program Files\Cram Toolbar\icons.bmp -> Adware.CramToolbar : Nettoyer et sauvegarder
C:\Program Files\Cram Toolbar\untitled.crc -> Adware.CramToolbar : Nettoyer et sauvegarder
C:\Program Files\Cram Toolbar\Cache -> Adware.CramToolbar : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\ccmpobj.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\g422lefo1h2c.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\gpjql3151.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\irj0l51m1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\irrol5931.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\megsvc.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\n4n60e5seh.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\pecrt.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\podrv.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\t6r8lg9u16.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\dlls\guard.tmp -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/ccmpobj.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/g422lefo1h2c.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/gpjql3151.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/irj0l51m1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/irrol5931.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/megsvc.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/n4n60e5seh.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/pecrt.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/podrv.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/t6r8lg9u16.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Bureau\l2mfix\backup.zip/dlls/guard.tmp -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\christophe\Cookies\christophe@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Libre\Cookies\libre@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Libre\Cookies\libre@atdmt[2].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder


::Fin du rapport


Puis Rapport Hijack

Logfile of HijackThis v1.99.1
Scan saved at 03:06:24, on 29/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\christophe\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=020106 serial=PE02CBX-0000003-NMD lang=FR
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\symsvcsa.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EC3F671-DCA9-4042-9816-60ACDDF2F9F0}: NameServer = 212.27.39.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D3330C-C56C-4054-9BCF-71667E26BA29}: NameServer = 212.27.39.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EC3F671-DCA9-4042-9816-60ACDDF2F9F0}: NameServer = 212.27.39.134
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Alors ... toujours pas bon ???
Pourvu que si ... parce que là .. j'en ai un peu marre de ce virus !

Bonjour

Certains résistent.

Télécharge PocketKillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.z...
Ensuite, tu le dézippes sur ton bureau.

Démo animée
http://pageperso.aol.fr/balltrap34/killbox.htm

Lance PocketKillBox, coche la case "Delete on reboot". Coches aussi All files.

Colle tout le contenu du fichier suivant dans un fichier .texte que tu nommeras CODE.
Ensuite tu fais Ctrl-A pour sélectionner tout le texte, Ctrl-C pour le copier dans le presse papier.
Citation :
C:\WINDOWS\system32\srvreg.exe
C:\winstall.exe
C:\WINDOWS\system32\symsvcsa.exe

Sur PocketKillBox-->File-->Paste from Clipboard, tu cliques ensuite sur la croix rouge
Au deux messages qui vont s'afficher,tu réponds par "YES"

Si le PC ne redémarre pas, fais le.

Et nouveau HijackThis.

OK ... c'est fait

Logfile of HijackThis v1.99.1
Scan saved at 12:38:35, on 29/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\christophe\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=020106 serial=PE02CBX-0000003-NMD lang=FR
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\symsvcsa.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EC3F671-DCA9-4042-9816-60ACDDF2F9F0}: NameServer = 212.27.39.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D3330C-C56C-4054-9BCF-71667E26BA29}: NameServer = 212.27.39.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EC3F671-DCA9-4042-9816-60ACDDF2F9F0}: NameServer = 212.27.39.134
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

C'est etrange car les fichier que tu m'as demander de supprimer n'existe pas physiquement :
C:\WINDOWS\system32\srvreg.exe
C:\winstall.exe
C:\WINDOWS\system32\symsvcsa.exe

Pourquoi apparaisse t il ds Hijack ?



Alors sinon ... peut etre que tu pourras me dire, comment j'aî pu attrapper cette chose ... et aussi comment me proteger au dela de norton antivirus mis a jour et Zonealarm que je vais installer d'ici peu ... :) 

Encore merci pour ton aide précieuse ... je n'aurais jamais reussis a faire tous cela seul !
Lassé par la pub ? Créez un compte

Créer un nouveau sujet

Tom's guide dans le monde