Popups en fenêtres et en flash (peut etre, je crois?) intempestifs !!
Forum Sécurité - Virus : Popups en fenêtres et en flash (peut etre, je crois?) intempestifs !!
Bonjour! J'ai un gros gros problème!
J'ai sans arret des popups qui apparaissent depuis quelques jours, depuis que je me suis (apparement) pris un trojan sur un site de fichiers torrent.
Premièrement, j'ai eu mon beau fond d'écran transformé en "SPYWARE INFECTED" en rouge et noir sur fond bleu, mais j'ai résolu ce problème (grace à ce fourm, notamment).
Mais depuis, j'ai tout le temps de popups, sous mon navigateur, Avant Browser (je sais, c'est pas le meilleur, mais je l'aime bien, y'a plein d'options, contrairement à Firefox), et le plus etonnant, en Flash (je pense).
J'ai essayé plein de logiciels (Norton internet security, ad aware, spybot) mais rien n'y fait...
Voici mon scan de Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 21:49:31, on 29/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRAM FILES\AVANT BROWSER\AVANT.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\Logiciels\Antivirus, Popup blockers, Firewalls\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Bloquer ce serveur... - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fav&oritoo-It! - res://favexplorer.dll/#209
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\PROGRAM FILES\AVANT BROWSER\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Rechercher sur le Web... - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Surligner - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Favoritoo - {846CD11F-AB86-11D5-ABF2-0008C7F7DBEE} - Shdocvw.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/141ff9 [...] 601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {BCBB7BE7-AD2E-11D5-ABF5-0008C7F7DBEE} - http://www.favoritoo.com/FavExplorer/favexplorer.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O18 - Protocol: bw+0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\o484lelq1hqe.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Bonsoir
As tu éradiqué le spyware qui squattait ton fond d'écran avec SmitfraudFix ?
Les fenêtres de pub sont provoquées par Look2me.
Télécharge L2mfix (de Shadowwar) de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt" ) dans ta prochaine réponse.
IMPORTANT : NE PAS lancer l'option #2 OU autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller !
Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.
Euh....lol, jme souviens plus comment j'ai enlevé le spyware, jme souviens juste avoir fait un truc en mode sans echec, spybot, ou ad aware, je pense...enfin bon, y'est plus là, c'est le principal !
...à moins que ça soit important de le savoir....?
voici le rapport demandé:
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\o484lelq1hqe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{673D1211-9778-426A-BF46-35527D542153}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"="Context Menu Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{77F41675-C7D2-46FE-B034-E958DD94D8F4}"=""
"{2B5DCA7F-D595-445D-B771-201C0DB85576}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{77F41675-C7D2-46FE-B034-E958DD94D8F4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77F41675-C7D2-46FE-B034-E958DD94D8F4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77F41675-C7D2-46FE-B034-E958DD94D8F4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77F41675-C7D2-46FE-B034-E958DD94D8F4}\InprocServer32]
@="C:\\WINDOWS\\system32\\EnnClass.Dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2B5DCA7F-D595-445D-B771-201C0DB85576}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2B5DCA7F-D595-445D-B771-201C0DB85576}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2B5DCA7F-D595-445D-B771-201C0DB85576}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2B5DCA7F-D595-445D-B771-201C0DB85576}\InprocServer32]
@="C:\\WINDOWS\\system32\\idmui.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
sirenacm.dll Wed 14 Dec 2005 9:24:42 A.... 118 784 116,00 K
gdi32.dll Thu 29 Dec 2005 3:56:04 A.... 280 064 273,50 K
idmui.dll Sat 28 Jan 2006 14:35:16 ..S.R 235 605 230,08 K
w32n50.dll Mon 31 Oct 2005 16:31:40 A.... 81 920 80,00 K
mswinxml.dll Wed 25 Jan 2006 19:43:00 A.... 9 182 8,96 K
setupnt.dll Sat 7 Jan 2006 13:06:42 A.... 37 888 37,00 K
pncrt.dll Wed 14 Dec 2005 23:18:46 A.... 278 528 272,00 K
pndx5016.dll Wed 14 Dec 2005 23:18:48 A.... 6 656 6,50 K
pndx5032.dll Wed 14 Dec 2005 23:18:48 A.... 5 632 5,50 K
rmoc3260.dll Wed 14 Dec 2005 23:19:00 A.... 176 167 172,04 K
urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K
shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M
w95inf16.dll Sun 29 Jan 2006 22:14:16 A.... 2 272 2,22 K
mswinf32.dll Wed 25 Jan 2006 0:14:16 A.... 0 0,00 K
winlfl32.dll Wed 25 Jan 2006 20:13:54 A.... 106 0,10 K
msgplu~1.dll Sun 1 Jan 2006 13:35:38 A.... 58 952 57,57 K
s32evnt1.dll Tue 3 Jan 2006 15:31:44 A.... 91 904 89,75 K
o484le~1.dll Sun 29 Jan 2006 11:27:20 ..S.R 235 808 230,28 K
w95inf32.dll Sun 29 Jan 2006 22:14:16 A.... 4 608 4,50 K
mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M
ennclass.dll Sun 29 Jan 2006 21:26:06 ..S.R 235 808 230,28 K
danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M
browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K
sintf16.dll Sun 25 Dec 2005 17:33:40 A.... 12 067 11,78 K
sintf32.dll Sun 25 Dec 2005 17:33:40 A.... 17 212 16,81 K
sintfnt.dll Sun 25 Dec 2005 17:33:42 A.... 21 840 21,33 K
snapapi.dll Sat 7 Jan 2006 13:06:42 A.... 102 400 100,00 K
msvcrt23.dll Sun 15 Jan 2006 14:44:28 A.... 41 0,04 K
mswinu~1.dll Wed 25 Jan 2006 20:14:30 A.... 256 0,25 K
l68m0g~1.dll Sat 28 Jan 2006 16:24:04 ..S.R 233 996 228,51 K
winapi32.dll Tue 24 Jan 2006 23:20:50 A.... 77 824 76,00 K
mswinb32.dll Tue 24 Jan 2006 23:22:42 A.... 0 0,00 K
i8420i~1.dll Sun 29 Jan 2006 21:23:40 ..S.R 233 996 228,51 K
33 items found: 33 files (5 H/S), 0 directories.
Total of file sizes: 9 752 092 bytes 9,30 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle SYSTEME
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\WINDOWS\System32
29/01/2006 21:26 235ÿ808 EnnClass.Dll
29/01/2006 21:23 233ÿ996 i8420ihoe84c0.dll
29/01/2006 11:27 235ÿ808 o484lelq1hqe.dll
28/01/2006 16:24 233ÿ996 l68m0gl1e6q.dll
28/01/2006 14:35 235ÿ605 idmui.dll
24/01/2006 23:46 5ÿ120 Thumbs.db
07/03/2005 20:29 <REP> Microsoft
07/03/2005 20:11 <REP> dllcache
6 fichier(s) 1ÿ180ÿ333 octets
2 R‚p(s) 4ÿ001ÿ169ÿ408 octets libres
Bien, on continue.
Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.
Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.
IMPORTANT: NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller ! Ne pas lancer cet outil en mode Sans Échec !!
**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt" ) situé dans le dossier "l2mfix".
Tu vas aussi faire ceci.
* Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.
* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.
Rebonjour!
Voici les différents rapports:
L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 424 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 504 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1624 'explorer.exe'
Killing PID 1624 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 484 'rundll32.exe'
Killing PID 3612 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\gp8ul3l91.dll
Successfully Deleted: C:\WINDOWS\system32\gp8ul3l91.dll
Deleting: C:\WINDOWS\system32\idmui.dll
Successfully Deleted: C:\WINDOWS\system32\idmui.dll
Deleting: C:\WINDOWS\system32\l68m0gl1e6q.dll
Successfully Deleted: C:\WINDOWS\system32\l68m0gl1e6q.dll
Deleting: C:\WINDOWS\system32\mgjter40.dll
Successfully Deleted: C:\WINDOWS\system32\mgjter40.dll
Deleting: C:\WINDOWS\system32\n06q0aj5edo.dll
Successfully Deleted: C:\WINDOWS\system32\n06q0aj5edo.dll
Deleting: C:\WINDOWS\system32\ovcache.dll
Successfully Deleted: C:\WINDOWS\system32\ovcache.dll
Deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
msg11?.dll
0 fichier(s) copi‚(s).
Desktop.ini sucessfully removed
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\gp8ul3l91.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\gp8ul3l91.dll
C:\WINDOWS\system32\idmui.dll
C:\WINDOWS\system32\l68m0gl1e6q.dll
C:\WINDOWS\system32\mgjter40.dll
C:\WINDOWS\system32\n06q0aj5edo.dll
C:\WINDOWS\system32\ovcache.dll
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{77F41675-C7D2-46FE-B034-E958DD94D8F4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77F41675-C7D2-46FE-B034-E958DD94D8F4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77F41675-C7D2-46FE-B034-E958DD94D8F4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77F41675-C7D2-46FE-B034-E958DD94D8F4}\InprocServer32]
@="C:\\WINDOWS\\system32\\ovcache.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2B5DCA7F-D595-445D-B771-201C0DB85576}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2B5DCA7F-D595-445D-B771-201C0DB85576}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2B5DCA7F-D595-445D-B771-201C0DB85576}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2B5DCA7F-D595-445D-B771-201C0DB85576}\InprocServer32]
@="C:\\WINDOWS\\system32\\idmui.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{77F41675-C7D2-46FE-B034-E958DD94D8F4}"=-
"{2B5DCA7F-D595-445D-B771-201C0DB85576}"=-
[-HKEY_CLASSES_ROOT\CLSID\{77F41675-C7D2-46FE-B034-E958DD94D8F4}]
[-HKEY_CLASSES_ROOT\CLSID\{2B5DCA7F-D595-445D-B771-201C0DB85576}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/gp8ul3l91.dll (deflated 5%)
adding: dlls/idmui.dll (deflated 5%)
adding: dlls/l68m0gl1e6q.dll (deflated 4%)
adding: dlls/mgjter40.dll (deflated 4%)
adding: dlls/n06q0aj5edo.dll (deflated 4%)
adding: dlls/ovcache.dll (deflated 5%)
adding: dlls/guard.tmp (deflated 5%)
adding: backregs/notibac.reg (deflated 87%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/77F41675-C7D2-46FE-B034-E958DD94D8F4.reg (deflated 70%)
adding: backregs/2B5DCA7F-D595-445D-B771-201C0DB85576.reg (deflated 70%)
Logfile of HijackThis v1.99.1
Scan saved at 21:53:13, on 30/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Nam\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fav&oritoo-It! - res://favexplorer.dll/#209
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Favoritoo - {846CD11F-AB86-11D5-ABF2-0008C7F7DBEE} - Shdocvw.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/141ff9 [...] 601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {BCBB7BE7-AD2E-11D5-ABF5-0008C7F7DBEE} - http://www.favoritoo.com/FavExplorer/favexplorer.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O18 - Protocol: bw+0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\gp8ul3l91.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
SmitFraudFix v2.15
Rapport fait à 21:54:08,93 le 30/01/2006
Executé à partir de C:\Documents and Settings\Nam\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
C:\WINDOWS\icont.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Nam\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
C:\Documents and Settings\Nam\Bureau\Remove Spyware.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Bonsoir
Plus de Look2me, mais des restes de l'autre infection.
1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Ewido
http://www.ewido.net/fr/download/
Tu l'installes et tu le mets à jour.
2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
3 Relances SmitfraudFix
Choisis cette fois l’option 2 et réponds oui à tout.
4 Relance un scan HijackThis et coche les lignes ci-dessous :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/141ff9 [...] 601_fr.cab
O16 - DPF: {BCBB7BE7-AD2E-11D5-ABF5-0008C7F7DBEE} - http://www.favoritoo.com/FavExplorer/favexplorer.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O18 - Protocol: bw+0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2339E77E-25C7-4B5D-8457-5C00102C9BEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\gp8ul3l91.dll (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
5 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
6 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
C:\WINDOWS\system32\P2P Networking
7 Lance le nettoyage avec CCleaner.
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
8 Lance Ewido.
Fais un scan en mode complet.
Sauvegardes le rapport.
9 Redémarre normalement
Communiques le deuxième rapport de SmitfraudFix, celui d'Ewido avec un nouveau rapport Hijackthis.
Re
j'efface ce post, car il fait doublon. ;-)
Voici les rapports:
SmitFraudFix v2.15
Rapport fait à 23:47:22,76 le 31/01/2006
Executé à partir de C:\Documents and Settings\Nam\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Nam\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 23:47:00, 31/01/2006
+ Somme de contrôle: 9C0E9404
+ Résultats du scan:
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Nettoyer et sauvegarder
HKU\S-1-5-21-3041221816-2482452233-430316231-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Nettoyer et sauvegarder
HKU\S-1-5-21-3041221816-2482452233-430316231-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Nettoyer et sauvegarder
HKU\S-1-5-21-3041221816-2482452233-430316231-1005\Software\Need2Find -> Spyware.Need2Find : Nettoyer et sauvegarder
HKU\S-1-5-21-3041221816-2482452233-430316231-1005\Software\Need2Find\bar -> Spyware.Need2Find : Nettoyer et sauvegarder
C:\WINDOWS\system32\shell386.exe -> Downloader.VB.vb : Nettoyer et sauvegarder
C:\WINDOWS\system32\intxt.exe -> Adware.CashDeluxe : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller3.dll -> Downloader.WebP2PInstaller : Nettoyer et sauvegarder
C:\WINDOWS\azesearch.bmp -> Adware.Azesearch : Nettoyer et sauvegarder
C:\WINDOWS\drsmartload95a.exe -> Downloader.Adload.j : Nettoyer et sauvegarder
C:\WINDOWS\temp.000.exe -> Adware.CashDeluxe : Nettoyer et sauvegarder
C:\WINDOWS\winsysupd3.exe -> Hijacker.StartPage.ahg : Nettoyer et sauvegarder
C:\WINDOWS\winsysban3.exe -> Hijacker.VB.kc : Nettoyer et sauvegarder
C:\WINDOWS\myupdates.exe -> Downloader.Adload.l : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\dlls\gp8ul3l91.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\dlls\idmui.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\dlls\l68m0gl1e6q.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\dlls\mgjter40.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\dlls\n06q0aj5edo.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\dlls\ovcache.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\dlls\guard.tmp -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\backup.zip/dlls/gp8ul3l91.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\backup.zip/dlls/idmui.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\backup.zip/dlls/l68m0gl1e6q.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\backup.zip/dlls/mgjter40.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\backup.zip/dlls/n06q0aj5edo.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\backup.zip/dlls/ovcache.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Bureau\l2mfix\backup.zip/dlls/guard.tmp -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Nam\Cookies\nam@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Agent.jo : Nettoyer et sauvegarder
C:\Program Files\Need2Find -> Spyware.Need2Find : Nettoyer et sauvegarder
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Nettoyer et sauvegarder
C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Nettoyer et sauvegarder
C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Nettoyer et sauvegarder
C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Nettoyer et sauvegarder
C:\Program Files\TBONBin -> Adware.BetterInternet : Nettoyer et sauvegarder
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : Nettoyer et sauvegarder
C:\Program Files\InetGet2\stubNsbg.exe -> Spyware.Maxifiles : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP145\A0020249.DLL -> Spyware.MyWebSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP145\A0020250.DLL -> Spyware.MyWebSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0020312.DLL -> Spyware.MySearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0021312.dll -> Spyware.MySearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0021329.exe -> Not-A-Virus.Hoax.Win32.Renos.av : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0021330.exe -> Hijacker.VB.kc : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0021331.exe -> Hijacker.StartPage.ahg : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0021332.exe -> Hijacker.StartPage.agp : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0021333.exe -> Downloader.PurityScan.au : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022400.dll -> Spyware.RXBar : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022429.DLL -> Spyware.AzSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022445.exe -> Downloader.Small.cgl : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022446.exe -> Downloader.Adload.j : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022608.exe -> Dropper.VB.kk : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022615.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022618.exe -> Downloader.Adload.j : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022619.exe -> Trojan.Small : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022620.exe -> Logger.Small.dg : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022622.exe -> Trojan.Small : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022623.exe -> Not-A-Virus.Hoax.Win32.Renos.av : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022627.exe -> Downloader.Adload.j : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022678.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP146\A0022685.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0022705.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0022706.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0022848.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0022951.exe -> Spyware.Maxifiles : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023121.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023027.exe -> Downloader.Adload.j : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023047.exe -> Downloader.Adload.l : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023049.exe -> Hijacker.VB.kc : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023051.exe -> Hijacker.StartPage.ahg : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023064.DLL -> Spyware.AzSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023070.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023090.dll -> Spyware.AzSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023106.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023112.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023116.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023131.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023136.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023141.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023146.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023395.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP147\A0023400.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0023416.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0023422.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0024420.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0024424.ocx -> Spyware.AzSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0024425.dll -> Spyware.AzSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0024427.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0024428.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0024429.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0024432.EXE -> Adware.BetterInternet : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0024458.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP148\A0024463.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024500.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024501.DLL -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024504.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024509.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024516.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024519.exe -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024522.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024527.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024531.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024536.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024545.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP149\A0024550.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024556.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024557.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024579.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024693.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024712.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024722.Dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024727.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024734.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024735.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024736.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP150\A0024737.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP151\A0025117.exe -> Spyware.AdURL : Nettoyer et sauvegarder
C:\drsmartload46a.exe -> Downloader.Adload.j : Nettoyer et sauvegarder
::Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 23:47:52, on 31/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Documents and Settings\Nam\Bureau\Ewido\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\Nam\Bureau\HijackThis.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Fav&oritoo-It! - res://favexplorer.dll/#209
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Favoritoo - {846CD11F-AB86-11D5-ABF2-0008C7F7DBEE} - Shdocvw.dll (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Nam\Bureau\Ewido\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Il y a 824 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
