probleme pour desinstale internet explorer 7
Dernière réponse : dans Sécurité
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 30/03/2006 18:55:55
Infected! C:\WINDOWS\system32\h6j4lg1q16.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109369.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109463.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110960.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110973.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0116910.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118027.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118033.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118323.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118388.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118390.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119320.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119324.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0120525.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121368.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121369.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121939.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122852.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122856.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124845.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124993.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125925.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125935.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126011.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126015.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP196\A0127018.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128336.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128341.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128381.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0139254.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142414.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142701.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142933.dll
Infected! C:\WINDOWS\system32\fpps0377e.dll
Infected! C:\WINDOWS\system32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\h6j4lg1q16.dll
C:\WINDOWS\system32\h6j4lg1q16.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109369.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109369.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109463.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109463.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110960.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110960.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110973.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110973.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0116910.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0116910.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118027.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118027.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118033.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118033.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118323.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118323.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118388.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118388.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118390.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118390.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119320.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119320.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119324.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119324.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0120525.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0120525.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121368.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121368.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121369.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121369.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121939.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121939.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122852.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122852.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122856.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122856.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124845.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124845.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124993.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124993.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125925.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125925.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125935.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125935.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126011.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126011.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126015.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126015.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP196\A0127018.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP196\A0127018.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128336.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128336.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128341.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128341.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128381.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128381.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0139254.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0139254.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142414.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142414.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142701.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142701.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142933.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142933.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fpps0377e.dll
C:\WINDOWS\system32\fpps0377e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3337EC26-CF79-4C17-966E-0E4AFF83CAFE}"
HKCR\Clsid\{3337EC26-CF79-4C17-966E-0E4AFF83CAFE}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1C837BBD-E713-4C93-8528-88D8E5FDDA91}"
HKCR\Clsid\{1C837BBD-E713-4C93-8528-88D8E5FDDA91}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E033217-9E8E-4ABC-82F6-E6784D4416CE}"
HKCR\Clsid\{5E033217-9E8E-4ABC-82F6-E6784D4416CE}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{40F6BD84-58F8-4253-B62F-EECEDD1B9BCB}"
HKCR\Clsid\{40F6BD84-58F8-4253-B62F-EECEDD1B9BCB}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{48497D66-C3A1-47C4-855C-62EEFC4FE49E}"
HKCR\Clsid\{48497D66-C3A1-47C4-855C-62EEFC4FE49E}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Logfile of HijackThis v1.99.1
Scan saved at 19:07:52, on 30/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\??curity\s?rvices.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hebdoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Tuen] "C:\PROGRA~1\SEMBLY~1\rundll32.exe" -vt yazr
O4 - HKCU\..\Run: [SPAMDRIVE] C:\DOCUME~1\Pc\APPLIC~1\INTRAA~1\open remote.exe
O4 - HKCU\..\Run: [Rzroomfn] C:\WINDOWS\??curity\s?rvices.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Scanning for infected files.....
Scan started at 30/03/2006 18:55:55
Infected! C:\WINDOWS\system32\h6j4lg1q16.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109369.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109463.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110960.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110973.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0116910.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118027.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118033.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118323.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118388.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118390.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119320.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119324.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0120525.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121368.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121369.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121939.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122852.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122856.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124845.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124993.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125925.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125935.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126011.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126015.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP196\A0127018.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128336.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128341.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128381.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0139254.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142414.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142701.dll
Infected! C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142933.dll
Infected! C:\WINDOWS\system32\fpps0377e.dll
Infected! C:\WINDOWS\system32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\h6j4lg1q16.dll
C:\WINDOWS\system32\h6j4lg1q16.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109369.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109369.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109463.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP185\A0109463.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110960.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110960.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110973.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0110973.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0116910.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP187\A0116910.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118027.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118027.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118033.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118033.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118323.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP188\A0118323.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118388.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118388.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118390.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP191\A0118390.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119320.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119320.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119324.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP193\A0119324.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0120525.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0120525.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121368.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121368.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121369.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121369.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121939.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0121939.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122852.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122852.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122856.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP194\A0122856.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124845.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124845.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124993.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0124993.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125925.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125925.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125935.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0125935.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126011.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126011.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126015.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP195\A0126015.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP196\A0127018.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP196\A0127018.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128336.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128336.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128341.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128341.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128381.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0128381.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0139254.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0139254.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142414.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142414.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142701.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142701.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142933.dll
C:\System Volume Information\_restore{0F62EF96-7AE5-4D9C-AD8C-48F6A5376BAF}\RP197\A0142933.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fpps0377e.dll
C:\WINDOWS\system32\fpps0377e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3337EC26-CF79-4C17-966E-0E4AFF83CAFE}"
HKCR\Clsid\{3337EC26-CF79-4C17-966E-0E4AFF83CAFE}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1C837BBD-E713-4C93-8528-88D8E5FDDA91}"
HKCR\Clsid\{1C837BBD-E713-4C93-8528-88D8E5FDDA91}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E033217-9E8E-4ABC-82F6-E6784D4416CE}"
HKCR\Clsid\{5E033217-9E8E-4ABC-82F6-E6784D4416CE}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{40F6BD84-58F8-4253-B62F-EECEDD1B9BCB}"
HKCR\Clsid\{40F6BD84-58F8-4253-B62F-EECEDD1B9BCB}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{48497D66-C3A1-47C4-855C-62EEFC4FE49E}"
HKCR\Clsid\{48497D66-C3A1-47C4-855C-62EEFC4FE49E}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Logfile of HijackThis v1.99.1
Scan saved at 19:07:52, on 30/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\??curity\s?rvices.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hebdoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Tuen] "C:\PROGRA~1\SEMBLY~1\rundll32.exe" -vt yazr
O4 - HKCU\..\Run: [SPAMDRIVE] C:\DOCUME~1\Pc\APPLIC~1\INTRAA~1\open remote.exe
O4 - HKCU\..\Run: [Rzroomfn] C:\WINDOWS\??curity\s?rvices.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Autres pages sur : probleme desinstale internet explorer
Lassé par la pub ? Créez un compte
Infection spyware, on s'occupe ca ;-)
(oui je sais c'etait paps ta question mais c'est plus important)
Poste un rapport Hijackthis
. Telecharge Hijackthis
. Mets le dans un dossier ou sur ton bureau
. Lance le
. Choisi l'option Do a system scan and save a logfile
. Colle le rapport ici
(oui je sais c'etait paps ta question mais c'est plus important)
Poste un rapport Hijackthis
. Telecharge Hijackthis
. Mets le dans un dossier ou sur ton bureau
. Lance le
. Choisi l'option Do a system scan and save a logfile
. Colle le rapport ici
merci
Logfile of HijackThis v1.99.1
Scan saved at 18:32:26, on 30/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\??curity\s?rvices.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hebdoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Tuen] "C:\PROGRA~1\SEMBLY~1\rundll32.exe" -vt yazr
O4 - HKCU\..\Run: [SPAMDRIVE] C:\DOCUME~1\Pc\APPLIC~1\INTRAA~1\open remote.exe
O4 - HKCU\..\Run: [Rzroomfn] C:\WINDOWS\??curity\s?rvices.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\h6j4lg1q16.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:32:26, on 30/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\??curity\s?rvices.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hebdoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Tuen] "C:\PROGRA~1\SEMBLY~1\rundll32.exe" -vt yazr
O4 - HKCU\..\Run: [SPAMDRIVE] C:\DOCUME~1\Pc\APPLIC~1\INTRAA~1\open remote.exe
O4 - HKCU\..\Run: [Rzroomfn] C:\WINDOWS\??curity\s?rvices.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\h6j4lg1q16.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Bah voila c'est pas la faute de IE7, infection L2me.
Imprime ces instructions, ou colle les dans un fichier texte.
Regarde bien l'indication en bas, avant de commencer la procédure.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
. Ferme toutes les fenêtres actives.
. Lance l'outil Look2Me-Destroyer.exe.
. Coche Run this program as a task
. Un message s'affichera :
"Look2Me-Destroyer will close and re-open in approximately 1 minute"-> OK
. Il se relancera après la minute, puis appuie sur le bouton Scan for L2M.
. Les icônes de ton Bureau vont disparaître.
. Le scan termine, clique sur Remove L2M
. Un nouveau message Done Scanning apparaîtra, clique sur OK.
. Suivi de Done removing infected files! Look2Me-Destroyer will now shutdown your computer -> OK.
. Ton PC va s’éteindre.
. Démarre ton PC normalement.
. Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt ,ainsi qu'un rapport HijackThis.
Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
Imprime ces instructions, ou colle les dans un fichier texte.
Regarde bien l'indication en bas, avant de commencer la procédure.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
. Ferme toutes les fenêtres actives.
. Lance l'outil Look2Me-Destroyer.exe.
. Coche Run this program as a task
. Un message s'affichera :
"Look2Me-Destroyer will close and re-open in approximately 1 minute"-> OK
. Il se relancera après la minute, puis appuie sur le bouton Scan for L2M.
. Les icônes de ton Bureau vont disparaître.
. Le scan termine, clique sur Remove L2M
. Un nouveau message Done Scanning apparaîtra, clique sur OK.
. Suivi de Done removing infected files! Look2Me-Destroyer will now shutdown your computer -> OK.
. Ton PC va s’éteindre.
. Démarre ton PC normalement.
. Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt ,ainsi qu'un rapport HijackThis.
Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumProbleme internet explorer 7 et windows media
- ForumProbleme connexion internet explorer 7
- ForumProbleme de pub sur internet explorer 7
- ForumProbleme de page blanche internet explorer 7
- ForumProbleme avec internet explorer 7 sous vista
- ForumProbleme avec internet explorer 7 sur vista
- ForumInternet explorer 7 a rencontré un probleme
- ForumProbleme d'installation internet explorer 7
- solutionsProbleme html internet explorer 7
- ForumInternet explorer 7 probleme affichage
- Voir plus
