Pop up + infection look2me

Bonjour

Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix. Regarde bien les trois petites notes au bas, avant de débuter.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7

* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Tout d'abord merci de répondre si vite...
Les problèmes commencent puisque lorsque je tente de lancer l'executable Look2Me-Destroyer.exe voici le message qui s'affiche:

"Component 'mswinsck.ocx' or one of its dependencies not correctly registered: a file is missing or invalid"

Bonsoir ,Telecharge


Look2meremover

J'espere que mon aide te sera precieuse

Merci...

Malheureusement lorsque je lance LMRemover.exe j'ai a nouveau un message d'erreur:

"System Error &H8007007E (-2147024770). Le module spécifié est introuvable"

Que faire?

Telecharge ad-adware pour le supprimer
Il est sur le forum

Salut,

1/Télécharge L2Mfix

http://www.atribune.org/downloads/l2mfix.exe ou

Mets-le sur ton bureau.
Lance l’application
Clic sur Accept, ensuite sur Install

2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Puis option 1, Entrée
Poste le 1er rapport.

3/ Ouvre le dossier l2mfix puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche
L’ordinateur va redemarrer
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, ouvre le dossier l2mfix et lance un second.bat

4/ Poste un log HJT.

bonsoir jai le virus trojan downloader jariv pas a men debarasser kelkun peu maider?

Voila le premier rapport:

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\r2p8lc7u1f.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m6460ghse6460.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9F4DF58C-5788-2049-604E-1E82C9D89201}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{5750A522-8688-4F00-B78B-0E70193A1D4B}"=""
"{AE71B412-8EBA-4ABA-A843-00E8D71A0FED}"=""
"{60666C5C-3BEC-4DF9-8DD8-F300FFD58C40}"=""
"{1D5DE7B4-F123-4175-9DF6-2E9F0E82B2A2}"=""
"{1BC83F1E-E3BD-4EAE-A83D-5BCBB312D685}"=""
"{3ADBE80B-FA9B-4246-BFDC-779195709C49}"=""
"{5DBA7FE8-8215-4933-9718-906825C2A418}"=""
"{9D04FBB8-9DC3-4289-956B-A1B80AF90EE4}"=""
"{A0A28A0B-B1A9-4984-99F8-5254EB9FBCE3}"=""
"{2898B277-D7EB-4D4F-8B9D-55E46F7A548C}"=""
"{D4099C3C-99A6-455C-9495-943C712733FE}"=""
"{43BAE9D0-7D37-47CF-BDA2-457B6D486713}"=""
"{B7117765-7AB8-4504-94D9-DAAB58E5E876}"=""
"{BA3758BD-FCF6-47B5-B318-716482B93DD8}"=""
"{3B1B90D3-4BB2-484C-A9B4-D543C0E6F1BB}"=""
"{D960AE65-6B82-46F0-97C7-39E3A8A1CEA8}"=""
"{D060FCF3-9B48-444C-9191-9BC6DDC651BA}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AE71B412-8EBA-4ABA-A843-00E8D71A0FED}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AE71B412-8EBA-4ABA-A843-00E8D71A0FED}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AE71B412-8EBA-4ABA-A843-00E8D71A0FED}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AE71B412-8EBA-4ABA-A843-00E8D71A0FED}\InprocServer32]
@="C:\\WINDOWS\\system32\\smftpub.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{60666C5C-3BEC-4DF9-8DD8-F300FFD58C40}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60666C5C-3BEC-4DF9-8DD8-F300FFD58C40}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60666C5C-3BEC-4DF9-8DD8-F300FFD58C40}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60666C5C-3BEC-4DF9-8DD8-F300FFD58C40}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1D5DE7B4-F123-4175-9DF6-2E9F0E82B2A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D5DE7B4-F123-4175-9DF6-2E9F0E82B2A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D5DE7B4-F123-4175-9DF6-2E9F0E82B2A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D5DE7B4-F123-4175-9DF6-2E9F0E82B2A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\cbgbkend.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1BC83F1E-E3BD-4EAE-A83D-5BCBB312D685}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BC83F1E-E3BD-4EAE-A83D-5BCBB312D685}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BC83F1E-E3BD-4EAE-A83D-5BCBB312D685}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BC83F1E-E3BD-4EAE-A83D-5BCBB312D685}\InprocServer32]
@="C:\\WINDOWS\\system32\\nirsptb.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3ADBE80B-FA9B-4246-BFDC-779195709C49}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3ADBE80B-FA9B-4246-BFDC-779195709C49}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3ADBE80B-FA9B-4246-BFDC-779195709C49}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3ADBE80B-FA9B-4246-BFDC-779195709C49}\InprocServer32]
@="C:\\WINDOWS\\system32\\pqrfctrs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5DBA7FE8-8215-4933-9718-906825C2A418}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5DBA7FE8-8215-4933-9718-906825C2A418}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5DBA7FE8-8215-4933-9718-906825C2A418}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5DBA7FE8-8215-4933-9718-906825C2A418}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9D04FBB8-9DC3-4289-956B-A1B80AF90EE4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9D04FBB8-9DC3-4289-956B-A1B80AF90EE4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9D04FBB8-9DC3-4289-956B-A1B80AF90EE4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9D04FBB8-9DC3-4289-956B-A1B80AF90EE4}\InprocServer32]
@="C:\\WINDOWS\\system32\\cefview.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A0A28A0B-B1A9-4984-99F8-5254EB9FBCE3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A0A28A0B-B1A9-4984-99F8-5254EB9FBCE3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A0A28A0B-B1A9-4984-99F8-5254EB9FBCE3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A0A28A0B-B1A9-4984-99F8-5254EB9FBCE3}\InprocServer32]
@="C:\\WINDOWS\\system32\\wrerrFRA.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2898B277-D7EB-4D4F-8B9D-55E46F7A548C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2898B277-D7EB-4D4F-8B9D-55E46F7A548C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2898B277-D7EB-4D4F-8B9D-55E46F7A548C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2898B277-D7EB-4D4F-8B9D-55E46F7A548C}\InprocServer32]
@="C:\\WINDOWS\\system32\\onffilt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D4099C3C-99A6-455C-9495-943C712733FE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D4099C3C-99A6-455C-9495-943C712733FE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D4099C3C-99A6-455C-9495-943C712733FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D4099C3C-99A6-455C-9495-943C712733FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\dxsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{43BAE9D0-7D37-47CF-BDA2-457B6D486713}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{43BAE9D0-7D37-47CF-BDA2-457B6D486713}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{43BAE9D0-7D37-47CF-BDA2-457B6D486713}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{43BAE9D0-7D37-47CF-BDA2-457B6D486713}\InprocServer32]
@="C:\\WINDOWS\\system32\\cmgbkend.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B7117765-7AB8-4504-94D9-DAAB58E5E876}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7117765-7AB8-4504-94D9-DAAB58E5E876}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7117765-7AB8-4504-94D9-DAAB58E5E876}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7117765-7AB8-4504-94D9-DAAB58E5E876}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BA3758BD-FCF6-47B5-B318-716482B93DD8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA3758BD-FCF6-47B5-B318-716482B93DD8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA3758BD-FCF6-47B5-B318-716482B93DD8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA3758BD-FCF6-47B5-B318-716482B93DD8}\InprocServer32]
@="C:\\WINDOWS\\system32\\oabcjt32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3B1B90D3-4BB2-484C-A9B4-D543C0E6F1BB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B1B90D3-4BB2-484C-A9B4-D543C0E6F1BB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B1B90D3-4BB2-484C-A9B4-D543C0E6F1BB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B1B90D3-4BB2-484C-A9B4-D543C0E6F1BB}\InprocServer32]
@="C:\\WINDOWS\\system32\\dlnput.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D960AE65-6B82-46F0-97C7-39E3A8A1CEA8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D960AE65-6B82-46F0-97C7-39E3A8A1CEA8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D960AE65-6B82-46F0-97C7-39E3A8A1CEA8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D960AE65-6B82-46F0-97C7-39E3A8A1CEA8}\InprocServer32]
@="C:\\WINDOWS\\system32\\mndtcprx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D060FCF3-9B48-444C-9191-9BC6DDC651BA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D060FCF3-9B48-444C-9191-9BC6DDC651BA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D060FCF3-9B48-444C-9191-9BC6DDC651BA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D060FCF3-9B48-444C-9191-9BC6DDC651BA}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aza80g~1.dll Tue 21 Feb 2006 19:24:10 ..S.R 237 010 231,45 K
cbgbkend.dll Sun 19 Feb 2006 0:19:28 ..S.R 235 980 230,45 K
dn2q01~1.dll Mon 20 Feb 2006 8:26:10 ..S.R 234 117 228,63 K
en4sl1~1.dll Sun 19 Feb 2006 20:23:06 ..S.R 235 341 229,82 K
en6ml1~1.dll Mon 20 Feb 2006 17:15:52 ..S.R 234 211 228,72 K
enjul1~1.dll Sun 19 Feb 2006 17:42:56 ..S.R 235 980 230,45 K
f20olc~1.dll Sun 19 Feb 2006 0:19:30 ..S.R 236 545 231,00 K
gpl8l3~1.dll Tue 21 Feb 2006 0:40:42 ..S.R 234 015 228,53 K
gpnql3~1.dll Sun 19 Feb 2006 20:40:12 ..S.R 234 714 229,21 K
hr0q05~1.dll Mon 20 Feb 2006 21:25:30 ..S.R 235 629 230,11 K
hr2205~1.dll Sun 19 Feb 2006 20:21:04 ..S.R 234 966 229,46 K
j2j60c~1.dll Tue 21 Feb 2006 19:26:32 ..S.R 236 994 231,44 K
j4j60e~1.dll Mon 20 Feb 2006 7:20:56 ..S.R 237 210 231,65 K
kt2ql7~1.dll Tue 21 Feb 2006 14:45:50 ..S.R 234 665 229,16 K
l6j80g~1.dll Tue 21 Feb 2006 19:24:08 ..S.R 233 656 228,18 K
l8j8li~1.dll Sun 19 Feb 2006 15:03:58 ..S.R 234 157 228,67 K
lvls09~1.dll Mon 20 Feb 2006 20:39:46 ..S.R 234 187 228,70 K
m646lg~1.dll Sun 19 Feb 2006 13:51:52 ..S.R 236 873 231,32 K
mac42.dll Sun 19 Feb 2006 13:53:38 ..S.R 235 980 230,45 K
mv6ql9~1.dll Sun 19 Feb 2006 21:28:26 ..S.R 235 467 229,95 K
mvlsl9~1.dll Sun 19 Feb 2006 13:43:56 ..S.R 236 420 230,88 K
n4p4le~1.dll Sun 19 Feb 2006 15:04:00 ..S.R 236 858 231,30 K
nirsptb.dll Sun 19 Feb 2006 16:00:56 ..S.R 235 980 230,45 K
pqrfctrs.dll Sun 19 Feb 2006 18:00:48 ..S.R 236 483 230,94 K
q2680c~1.dll Mon 20 Feb 2006 19:49:34 ..S.R 234 502 229,00 K
r2p8lc~1.dll Tue 21 Feb 2006 19:18:26 ..S.R 236 977 231,42 K
s4pule~1.dll Tue 21 Feb 2006 19:19:26 ..S.R 235 105 229,59 K
s6pulg~1.dll Sun 19 Feb 2006 20:20:30 ..S.R 236 483 230,94 K
sirenacm.dll Tue 24 Jan 2006 19:34:24 A.... 118 784 116,00 K
smftpub.dll Sat 18 Feb 2006 20:42:02 ..S.R 235 980 230,45 K
twpi32.dll Sun 19 Feb 2006 13:43:52 ..S.R 235 980 230,45 K
w.dll Sat 18 Feb 2006 20:44:32 A.... 62 0,06 K
winnb57.dll Sun 19 Feb 2006 15:08:34 A.... 303 104 296,00 K
__dele~1.dll Mon 20 Feb 2006 20:30:46 A.... 234 187 228,70 K
__dele~2.dll Tue 21 Feb 2006 20:14:30 A.... 236 977 231,42 K

35 items found: 35 files (30 H/S), 0 directories.
Total of file sizes: 7 961 579 bytes 7,59 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Tue 21 Feb 2006 20:18:30 ..... 236 977 231,42 K
__dele~1.tmp Mon 20 Feb 2006 20:32:46 A.... 234 187 228,70 K

2 items found: 2 files, 0 directories.
Total of file sizes: 471 164 bytes 460,12 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 708A-5C89

R‚pertoire de C:\WINDOWS\System32

21/02/2006 19:26 236ÿ994 j2j60c1sef.dll
21/02/2006 19:24 237ÿ010 aza80g1ue6.dll
21/02/2006 19:24 233ÿ656 l6j80g1ue6.dll
21/02/2006 19:19 235ÿ105 s4pule791h.dll
21/02/2006 19:18 235ÿ105 wJdll
21/02/2006 19:18 236ÿ977 r2p8lc7u1f.dll
21/02/2006 14:45 234ÿ665 kt2ql7f51.dll
21/02/2006 00:40 234ÿ015 gpl8l33u1.dll
20/02/2006 21:25 235ÿ629 hr0q05d5e.dll
20/02/2006 20:39 234ÿ187 lvls0937e.dll
20/02/2006 20:21 <REP> dllcache
20/02/2006 19:49 234ÿ502 q2680cjuefo80.dll
20/02/2006 17:15 234ÿ211 en6ml1j11.dll
20/02/2006 08:26 234ÿ117 dn2q01f5e.dll
20/02/2006 07:20 237ÿ210 j4j60e1seh.dll
19/02/2006 21:28 235ÿ467 mv6ql9j51.dll
19/02/2006 20:40 234ÿ714 gpnql3551.dll
19/02/2006 20:23 235ÿ341 en4sl1h71.dll
19/02/2006 20:21 234ÿ966 hr2205foe.dll
19/02/2006 20:20 236ÿ483 s6pulg7916.dll
19/02/2006 18:00 236ÿ483 pqrfctrs.dll
19/02/2006 17:42 235ÿ980 enjul1191.dll
19/02/2006 16:00 235ÿ980 nirsptb.dll
19/02/2006 15:03 236ÿ858 n4p4le7q1h.dll
19/02/2006 15:03 234ÿ157 l8j8li1u18.dll
19/02/2006 13:53 235ÿ980 mac42.dll
19/02/2006 13:51 236ÿ873 m646lghs1646.dll
19/02/2006 13:43 236ÿ420 mvlsl9371.dll
19/02/2006 13:43 235ÿ980 tWpi32.dll
19/02/2006 00:19 236ÿ545 f20olcd31f0.dll
19/02/2006 00:19 235ÿ980 cbgbkend.dll
18/02/2006 20:42 235ÿ980 smftpub.dll
31 fichier(s) 7ÿ303ÿ570 octets
1 R‚p(s) 49ÿ484ÿ668ÿ928 octets libres

Reposte un log HJT.

Et voici je log HJT:

Logfile of HijackThis v1.99.1
Scan saved at 20:28:34, on 21/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\C ici kon rentre\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Program Files\mrbookmakerfrMPP\MPPoker.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://fr.errorsafe.com/pages/scanner_fr/ErrorSafeScann...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\r2p8lc7u1f.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\m6460ghse6460.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Désolé pour ces horribles messages à ralonge...
Merci de continuer à m'aider...

J'espère ne pas vous avoir dégouté avec mes messages et mes problèmes...n'hésitez pas à répondre même si ce n'est que dans les prochains jours j'attendrais une réponse...

Merci

Bonsoir

Tu n'as pas bien regardé mes instructions concernant Look2me.Destroyer.
Pour le problème de fichier, je te donnais le lien pour le résoudre en bas de mon post.

Look2me est toujours présent.

On continue avec L2mfix.
Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.

J'ai utiliser Look2ME destroyer comme indiqué dans le premier message (désolé hier j'étais un peu fatigué...) et j'ai également lancé L2mfix voila le rapport HJT:

Logfile of HijackThis v1.99.1
Scan saved at 19:16:15, on 22/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\C ici kon rentre\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Program Files\mrbookmakerfrMPP\MPPoker.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://fr.errorsafe.com/pages/scanner_fr/ErrorSafeScann...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Voila aussi le ficheir Look2Me detroyer.txt:

Look2Me-Destroyer V1.0.6

Scanning for infected files.....
Scan started at 22/02/2006 19:11:06

Infected! C:\WINDOWS\system32\aza0lgjm16oa.dll
Infected! C:\WINDOWS\system32\m6460ghse6460.dll
Infected! C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP1\A0000001.dll
Infected! C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP1\A0000009.dll
Infected! C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001020.dll
Infected! C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001021.dll
Infected! C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001029.dll
Infected! C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001036.dll
Infected! C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001041.dll
Infected! C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001042.dll
Infected! C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0002041.dll
Infected! C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0003047.dll
Infected! C:\WINDOWS\system32\aza0lgjm16oa.dll
Infected! C:\WINDOWS\system32\aza80g1ue6.dll
Infected! C:\WINDOWS\system32\cbgbkend.dll
Infected! C:\WINDOWS\system32\dn2q01f5e.dll
Infected! C:\WINDOWS\system32\dn4u01h9e.dll
Infected! C:\WINDOWS\system32\en4sl1h71.dll
Infected! C:\WINDOWS\system32\en6ml1j11.dll
Infected! C:\WINDOWS\system32\enjul1191.dll
Infected! C:\WINDOWS\system32\f20olcd31f0.dll
Infected! C:\WINDOWS\system32\fpl8033ue.dll
Infected! C:\WINDOWS\system32\gpl8l33u1.dll
Infected! C:\WINDOWS\system32\gpnql3551.dll
Infected! C:\WINDOWS\system32\hr0q05d5e.dll
Infected! C:\WINDOWS\system32\hr2205foe.dll
Infected! C:\WINDOWS\system32\i660lgjm16oa.dll
Infected! C:\WINDOWS\system32\j2j60c1sef.dll
Infected! C:\WINDOWS\system32\j4j60e1seh.dll
Infected! C:\WINDOWS\system32\kt2ql7f51.dll
Infected! C:\WINDOWS\system32\l6j80g1ue6.dll
Infected! C:\WINDOWS\system32\l8j8li1u18.dll
Infected! C:\WINDOWS\system32\lvls0937e.dll
Infected! C:\WINDOWS\system32\m646lghs1646.dll
Infected! C:\WINDOWS\system32\mac42.dll
Infected! C:\WINDOWS\system32\mv6ql9j51.dll
Infected! C:\WINDOWS\system32\mvlsl9371.dll
Infected! C:\WINDOWS\system32\n4p4le7q1h.dll
Infected! C:\WINDOWS\system32\nirsptb.dll
Infected! C:\WINDOWS\system32\pqrfctrs.dll
Infected! C:\WINDOWS\system32\q2680cjuefo80.dll
Infected! C:\WINDOWS\system32\s4pule791h.dll
Infected! C:\WINDOWS\system32\s6pulg7916.dll
Infected! C:\WINDOWS\system32\smftpub.dll
Infected! C:\WINDOWS\system32\t6r80g9ue6.dll
Infected! C:\WINDOWS\system32\tWpi32.dll
Infected! C:\WINDOWS\system32\__delete_on_reboot__rJcpldlg.dll
Infected! C:\WINDOWS\system32\__delete_on_reboot__sLfrslv.dll
Infected! C:\WINDOWS\System32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\aza0lgjm16oa.dll
C:\WINDOWS\system32\aza0lgjm16oa.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP1\A0000001.dll
C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP1\A0000001.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP1\A0000009.dll
C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP1\A0000009.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001020.dll
C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001020.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001021.dll
C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001021.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001029.dll
C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001029.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001036.dll
C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001036.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001041.dll
C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001041.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001042.dll
C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0001042.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0002041.dll
C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0002041.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0003047.dll
C:\System Volume Information\_restore{65D9C058-2A24-4AD0-855F-3F860C572BE0}\RP2\A0003047.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza0lgjm16oa.dll
C:\WINDOWS\system32\aza0lgjm16oa.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza80g1ue6.dll
C:\WINDOWS\system32\aza80g1ue6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cbgbkend.dll
C:\WINDOWS\system32\cbgbkend.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dn2q01f5e.dll
C:\WINDOWS\system32\dn2q01f5e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dn4u01h9e.dll
C:\WINDOWS\system32\dn4u01h9e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en4sl1h71.dll
C:\WINDOWS\system32\en4sl1h71.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en6ml1j11.dll
C:\WINDOWS\system32\en6ml1j11.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enjul1191.dll
C:\WINDOWS\system32\enjul1191.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\f20olcd31f0.dll
C:\WINDOWS\system32\f20olcd31f0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fpl8033ue.dll
C:\WINDOWS\system32\fpl8033ue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gpl8l33u1.dll
C:\WINDOWS\system32\gpl8l33u1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gpnql3551.dll
C:\WINDOWS\system32\gpnql3551.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr0q05d5e.dll
C:\WINDOWS\system32\hr0q05d5e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr2205foe.dll
C:\WINDOWS\system32\hr2205foe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i660lgjm16oa.dll
C:\WINDOWS\system32\i660lgjm16oa.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\j2j60c1sef.dll
C:\WINDOWS\system32\j2j60c1sef.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\j4j60e1seh.dll
C:\WINDOWS\system32\j4j60e1seh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kt2ql7f51.dll
C:\WINDOWS\system32\kt2ql7f51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l6j80g1ue6.dll
C:\WINDOWS\system32\l6j80g1ue6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l8j8li1u18.dll
C:\WINDOWS\system32\l8j8li1u18.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lvls0937e.dll
C:\WINDOWS\system32\lvls0937e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m646lghs1646.dll
C:\WINDOWS\system32\m646lghs1646.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mac42.dll
C:\WINDOWS\system32\mac42.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mv6ql9j51.dll
C:\WINDOWS\system32\mv6ql9j51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mvlsl9371.dll
C:\WINDOWS\system32\mvlsl9371.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n4p4le7q1h.dll
C:\WINDOWS\system32\n4p4le7q1h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\nirsptb.dll
C:\WINDOWS\system32\nirsptb.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\pqrfctrs.dll
C:\WINDOWS\system32\pqrfctrs.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q2680cjuefo80.dll
C:\WINDOWS\system32\q2680cjuefo80.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\s4pule791h.dll
C:\WINDOWS\system32\s4pule791h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\s6pulg7916.dll
C:\WINDOWS\system32\s6pulg7916.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\smftpub.dll
C:\WINDOWS\system32\smftpub.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\t6r80g9ue6.dll
C:\WINDOWS\system32\t6r80g9ue6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\tWpi32.dll
C:\WINDOWS\system32\tWpi32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\__delete_on_reboot__rJcpldlg.dll
C:\WINDOWS\system32\__delete_on_reboot__rJcpldlg.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\__delete_on_reboot__sLfrslv.dll
C:\WINDOWS\system32\__delete_on_reboot__sLfrslv.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Je vous écoute our la suite...merci

PS: a noter qu'au redenarrage du PC apres avoir lancé Look2Me detroyer.exe je n'ais pas eus de message d'ewido indiquant une infection look2Me...plus de pop-up pour le moment d'ailleurs, mais toujours les message a propos de VCClient.exe VCMain.exe...

Pour VCC
Fix ces lignes

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

Supprime
C:\Program Files\Common Files\VCClient

Ca y est je l'ais fait et en effet plus de messages au démarrage...
Ca sent bon la fin des ennuis ça...

Y a t-il autre chose à faire?

En tout cas déjà merci...

Bonsoir

Il faudrait reposter un rapport HijackThis pour vérification.