[résolu] fenetre inconnue qui s'ouvre

fenetre inconnue qui s'ouvre [résolu] - Sécurité - Windows & Software

Marsh Posté le 30-06-2006 à 17:21:13    

salut
voila depuis quelque jours j'ai des fenetres qui s'ouvre n'importe quand sur mon pc , ce qui me derange pour jouer et surfer sur le net
pouriez vous m'aider!!
cordialement


Message édité par alpha52 le 04-07-2006 à 18:00:47
Reply

Marsh Posté le 30-06-2006 à 17:21:13   

Reply

Marsh Posté le 30-06-2006 à 17:29:37    

Bonjour,
telecharge la version original de hijackthis http://www.merijn.org/files/hijackthis.zip
 
déconnecte toi du net et installe le.
 
lance le en cliquant sur Do a system scan and save a logfile a la fin du scan le bloc note va s'
ouvrir tu fais un copier coller de tout son contenu.

Reply

Marsh Posté le 30-06-2006 à 17:35:19    

voila le rapport que tu m'a demander;
Logfile of HijackThis v1.99.1
Scan saved at 17:33:47, on 30/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\dfndrc_2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\DOCUME~1\Weyandt\MESDOC~1\CURITY~1\wuauboot.exe
C:\WINDOWS\ASEMBL~1\UERINI~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\dfndrb_3.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Weyandt\LOCALS~1\Temp\Rar$EX00.187\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {35DC2968-E2DE-9D74-A746-9D2B5295D1C6} - C:\WINDOWS\system32\wbiktobm.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] c:\\dfndrb_3.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdb_3.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmb_3.exe
O4 - HKLM\..\Run: [tgy8c24a] RUNDLL32.EXE w21a4daa.dll,n 0018c2490000000a21a4daa
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Oaaa] "C:\DOCUME~1\Weyandt\MESDOC~1\CURITY~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\Run: [Fniz] C:\WINDOWS\ASEMBL~1\UERINI~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\spoolsv.dll
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\wanmm.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\wY2time.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
 

Reply

Marsh Posté le 30-06-2006 à 17:38:24    

re,
 
ton log est tres infecté!
tes pubs sont du a look2me, on s'en occupera apres.
 
je regarde ton rapport, retour dans 15 minutes

Reply

Marsh Posté le 30-06-2006 à 17:43:54    

re,
 
en fait on va commencer par look2me ca sera plus simple:
 
Télécharge L2mfix (de Shadowwar)   de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
 
Sauvegarde-le sur le Bureau  
double-clique l2mfix.exe.
Clique sur le bouton Install pour en extraire le contenu et suis les directives,
puis ouvre le nouveau dossier l2mfix qui se trouve sur le Bureau.
Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée.
Le scan débutera sans générer d'indications, puis, après une minute ou deux,
un fichier texte apparaîtra.
tu copies le contenu de ce rapport ("report.txt" ) dans ta prochaine réponse.
 
ATTENTION!
 
Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci :
''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...
alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.

Reply

Marsh Posté le 30-06-2006 à 17:50:02    

voila le rapport fait sans aucun probleme suaf que sa n'a pas pris de temps comme tu la dit ( 1 ou 2 min ) ca a pris meme pas 5 secondes
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wanmm.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000000
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Event"=dword:00000000
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
  00,00,15,e2,04,2a,a7,f8,88,41,b4,28,c2,8f,2a,2a,30,5d,04,00,00,00,04,00,00,\
  00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,a8,58,d8,ad,d9,94,29,ec,\
  f8,f6,48,a2,1f,e1,85,97,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,de,\
  2a,4d,fd,e9,0c,63,35,27,11,18,b6,ac,40,e3,89,f0,01,00,00,e6,29,04,73,ab,c0,\
  5b,be,90,04,d2,bd,06,13,63,9b,19,1f,9d,ac,d6,fe,aa,49,84,dd,9b,f4,86,83,fe,\
  a7,b8,d7,56,cd,17,45,18,75,df,f9,2e,04,cc,4e,6b,b9,d4,25,8c,b3,22,fd,1d,41,\
  25,3d,1d,ef,9b,05,5c,18,8e,bd,f6,a8,b8,ba,d8,25,5e,d0,6e,74,8c,72,7f,28,a2,\
  4c,ce,2d,bb,d6,88,4e,ad,4a,4d,89,75,6f,e3,fc,d1,a9,36,0e,be,35,2a,7f,74,82,\
  87,9b,7d,59,5c,dc,63,1d,57,59,5e,c1,07,e5,65,d6,76,d5,d4,cd,d3,4e,77,1b,07,\
  09,e3,bc,f1,47,88,2e,22,2a,04,bc,02,49,cc,c1,c9,1a,ce,f5,63,a1,c4,e6,e8,df,\
  d7,8f,f3,ac,0d,34,7b,5e,e1,5e,e3,b7,1a,5f,d1,a6,f7,c1,0e,00,4d,52,1d,f8,8f,\
  f5,61,7f,aa,f1,44,29,d4,3a,30,1c,ab,dd,43,7c,a6,c7,0d,8e,f9,29,38,44,e8,85,\
  51,2c,1a,16,3b,09,41,7f,5c,8b,1e,07,35,97,3d,a7,2b,0c,38,a2,8e,29,ac,83,c2,\
  37,b5,18,75,1c,db,fd,6b,2c,7d,21,6c,ad,9b,6d,59,c3,c5,1c,8a,18,16,83,bf,66,\
  4b,09,e7,7f,89,60,ee,04,8b,ca,ee,5f,02,34,0f,fb,e3,bc,97,4b,a6,e6,74,56,1c,\
  87,e6,60,87,91,83,24,d6,3a,92,ce,87,46,30,0b,a2,64,31,22,44,5e,e1,a1,84,9c,\
  2f,a3,52,c3,88,38,97,06,77,0a,0c,88,e9,19,a4,54,12,cb,52,58,9e,03,d7,28,44,\
  c3,f5,c2,6e,d9,56,63,e1,f2,0d,9c,30,5d,2c,83,53,dd,d2,01,b5,5f,d5,4b,bf,85,\
  b7,63,d6,49,e6,0d,7c,66,cf,6c,28,59,9d,94,a9,cd,53,68,2b,a4,f2,3c,3e,05,5c,\
  eb,79,4c,ed,01,b6,fd,ff,d1,24,42,6c,4e,34,01,e5,3a,45,b8,e3,1b,c7,da,76,86,\
  98,b3,3a,29,5a,f9,b9,82,43,b5,1d,7d,2f,49,7d,fc,a8,7b,31,93,b8,6c,31,87,f1,\
  6b,56,0a,6c,d9,8b,ab,bd,f3,be,d1,da,a1,fe,3f,81,12,e9,c4,99,54,b0,9b,4f,8a,\
  4f,04,5a,8d,f5,b9,92,ba,a4,46,06,fc,de,e8,f7,d6,d2,f9,3c,4c,cb,21,24,c1,6d,\
  07,ba,b4,ed,4b,3e,79,dc,28,87,78,3d,5f,ca,8e,14,00,00,00,a8,fe,1c,89,32,4c,\
  d0,27,97,6c,46,b4,32,77,00,b1,39,53,db,94
 
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D424E8EB-F47B-EC4D-1C57-D193D15DCD38}"=""
 
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}"=""
"{D757A54D-604D-4FB3-851C-2C7F7AF265FB}"=""
"{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}"=""
"{1EF0A758-F959-4573-AF39-DD8D7A4101D7}"=""
"{00114F2D-F941-4850-BFDE-A871AC43F82C}"=""
 
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\InprocServer32]
@="C:\\WINDOWS\\system32\\maexch40.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
@=""
"IDEx"="ADDR"
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\wY2time.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\InprocServer32]
@="C:\\WINDOWS\\system32\\wanmm.dll"
"ThreadingModel"="Apartment"
 
**********************************************************************************
Files Found are not all bad files:
 
C:\WINDOWS\SYSTEM32\
   ati2cqag.dll   Wed  3 May 2006  18:09:20   A....        282 624   276,00 K
   ati2dvag.dll   Wed  3 May 2006  18:51:00   A....        258 048   252,00 K
   ati2edxx.dll   Wed  3 May 2006  18:45:08   A....         41 984    41,00 K
   ati2evxx.dll   Wed  3 May 2006  18:44:56   A....         61 440    60,00 K
   ati3duag.dll   Wed  3 May 2006  18:35:26   A....      2 693 280     2,57 M
   atiddc.dll     Wed  3 May 2006  18:43:14   A....         53 248    52,00 K
   atidemgr.dll   Wed  3 May 2006  18:12:26   A....        286 720   280,00 K
   atiiiexx.dll   Wed  3 May 2006  18:54:10   A....        307 200   300,00 K
   atikvmag.dll   Wed  3 May 2006  18:15:58   A....        151 552   148,00 K
   atioglx1.dll   Wed  3 May 2006  18:21:20   A....      6 684 672     6,38 M
   atioglxx.dll   Wed  3 May 2006  18:18:04   A....      5 033 984     4,80 M
   atipdlxx.dll   Wed  3 May 2006  18:45:36   A....        114 688   112,00 K
   atitvo32.dll   Wed  3 May 2006  18:15:10   A....         17 408    17,00 K
   ativvaxx.dll   Wed  3 May 2006  18:29:14   A....      1 408 000     1,34 M
   browseui.dll   Wed 10 May 2006   7:24:34   A....      1 023 488   999,50 K
   cdfview.dll    Wed 10 May 2006   7:24:34   A....        152 064   148,50 K
   danim.dll      Wed 10 May 2006   7:24:34   A....      1 056 768     1,01 M
   dxtmsft.dll    Wed 10 May 2006   7:24:36   A....        357 888   349,50 K
   dxtrans.dll    Wed 10 May 2006   7:24:36   A....        205 312   200,50 K
   extmgr.dll     Wed 10 May 2006   7:24:36   .....         55 808    54,50 K
   iepeers.dll    Wed 10 May 2006   7:24:36   A....        251 392   245,50 K
   inseng.dll     Wed 10 May 2006   7:24:36   A....         96 768    94,50 K
   jgdw400.dll    Thu  1 Jun 2006  20:48:44   A....        163 840   160,00 K
   jgpl400.dll    Thu  1 Jun 2006  20:48:44   A....         27 648    27,00 K
   jscript.dll    Thu 18 May 2006   7:31:22   A....        450 560   440,00 K
   jsproxy.dll    Wed 10 May 2006   7:24:36   A....         16 384    16,00 K
   legitc~1.dll   Mon 19 Jun 2006  16:19:42   .....        571 184   557,80 K
   msgplu~1.dll   Mon  5 Jun 2006  17:14:58   A....         58 952    57,57 K
   mshtml.dll     Fri 19 May 2006  17:09:50   A....      3 073 536     2,93 M
   mshtmled.dll   Wed 10 May 2006   7:24:36   A....        448 512   438,00 K
   msrating.dll   Wed 10 May 2006   7:24:36   A....        146 432   143,00 K
   mstime.dll     Wed 10 May 2006   7:24:38   A....        532 480   520,00 K
   oemdspif.dll   Wed  3 May 2006  18:45:22   A....         77 824    76,00 K
   pngfilt.dll    Wed 10 May 2006   7:24:38   A....         39 424    38,50 K
   rasmans.dll    Sun 14 May 2006  10:48:16   A....        181 248   177,00 K
   shdocvw.dll    Mon 29 May 2006  17:29:14   A....      1 494 528     1,42 M
   shlwapi.dll    Wed 10 May 2006   7:24:40   A....        474 624   463,50 K
   spmsg.dll      Mon  3 Apr 2006  11:40:10   .....         14 048    13,72 K
   spoolsv.dll    Thu 29 Jun 2006  21:23:00   A....         81 920    80,00 K
   tgy8c24a.dll   Thu 29 Jun 2006  21:22:14   A....         61 440    60,00 K
   urlmon.dll     Wed 10 May 2006   7:24:40   A....        615 936   601,50 K
   w21a4daa.dll   Thu 29 Jun 2006  21:22:06   A....         29 696    29,00 K
   wanmm.dll      Fri 30 Jun 2006  13:17:50   ..S.R        234 272   228,78 K
   wbiktobm.dll   Wed 28 Jun 2006  17:07:20   A....        139 264   136,00 K
   wgalogon.dll   Mon 19 Jun 2006  16:20:42   .....        702 768   686,30 K
   wgn32spl.dll   Fri 30 Jun 2006  13:17:44   ..S.R        234 272   228,78 K
   wininet.dll    Wed 10 May 2006   7:24:40   A....        662 528   647,00 K
   wknstrm.dll    Fri 30 Jun 2006  13:17:56   ..S.R        234 272   228,78 K
   wmp.dll        Sat 29 Apr 2006   6:07:48   A....      5 533 696     5,28 M
   wnnipsec.dll   Fri 30 Jun 2006  13:17:48   ..S.R        234 272   228,78 K
   wy2time.dll    Fri 30 Jun 2006  13:17:36   A....        234 272   228,78 K
   xpsp3res.dll   Thu 11 May 2006  10:57:36   A....         26 624    26,00 K
 
52 items found:  52 files (4 H/S), 0 directories.
   Total of file sizes:  37 390 792 bytes     35,66 M
Locate .tmp files:
 
No matches found.
**********************************************************************************
Directory Listing of system files:
 Le volume dans le lecteur C n'a pas de nom.
 Le num‚ro de s‚rie du volume est 6032-A273
 
 R‚pertoire de C:\WINDOWS\System32
 
30/06/2006  13:17           234ÿ272 wknstrm.dll
30/06/2006  13:17           234ÿ272 wanmm.dll
30/06/2006  13:17           234ÿ272 wnnipsec.dll
30/06/2006  13:17           234ÿ272 wgn32spl.dll
30/06/2006  13:16    <REP>          dllcache
19/05/2006  18:46    <REP>          Microsoft
               4 fichier(s)          937ÿ088 octets
               2 R‚p(s)  52ÿ872ÿ433ÿ664 octets libres

Reply

Marsh Posté le 30-06-2006 à 19:04:17    

re,
 
on va maintenant supprimer look2me:
 
Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.
 
Du dossier l2mfix situé sur ton Bureau,
 double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite Entrée .
 Les icônes du Bureau vont disparaître (tout à fait normal).  
L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC.
 Appuie sur n'importe quelle touche pour redémarrer.
 Après le redémarrage, un fichier texte devrait apparaître.
 Copie/colle le contenu de ce rapport dans ta prochaine réponse.
 
**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt" ) situé dans le dossier "l2mfix".

Reply

Marsh Posté le 02-07-2006 à 17:42:56    

voila le rapport ( desolé pour le retard )  
L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.
 
Adding Administrative privleges.  
Checking for L2MFix account(0=no 1=yes):  
1
 Granting SeDebugPrivilege to L2MFIX   ... successful
 
Running From:
C:\WINDOWS\system32
 
Killing Processes!  
  Killing 'smss.exe'
\SystemRoot\System32\smss.exe (580)
  Killing 'winlogon.exe'
winlogon.exe    (676)
  Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (3076)
  Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\cfbcatq.dll",DllGetVersion (1692)
rundll32.exe "C:\WINDOWS\system32\cdbjmon.dll",DllGetVersion (272)
"C:\WINDOWS\system32\RUNDLL32.EXE" w21a4daa.dll,n 0018c2490000000a21a4daa (3628)
Restoring Sedebugprivilege:
 Granting SeDebugPrivilege to Administrateurs   ... successful
 
Scanning First Pass. Please Wait!
 
First Pass Completed  
 
Second Pass Scanning  
 
Second pass Completed!
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\cdbjmon.dll  
Successfully Deleted: C:\WINDOWS\system32\cdbjmon.dll  
Deleting: C:\WINDOWS\system32\cfbcatq.dll  
Successfully Deleted: C:\WINDOWS\system32\cfbcatq.dll  
Deleting: C:\WINDOWS\system32\jt6u07j9e.dll  
Successfully Deleted: C:\WINDOWS\system32\jt6u07j9e.dll  
Deleting: C:\WINDOWS\system32\l8l6li3s18.dll  
Successfully Deleted: C:\WINDOWS\system32\l8l6li3s18.dll  
Deleting: C:\WINDOWS\system32\wanmm.dll  
Successfully Deleted: C:\WINDOWS\system32\wanmm.dll  
Deleting: C:\WINDOWS\system32\wgn32spl.dll  
Successfully Deleted: C:\WINDOWS\system32\wgn32spl.dll  
Deleting: C:\WINDOWS\system32\wnnipsec.dll  
Successfully Deleted: C:\WINDOWS\system32\wnnipsec.dll  
Deleting: C:\WINDOWS\system32\wY2time.dll  
Successfully Deleted: C:\WINDOWS\system32\wY2time.dll  
 
msg11?.dll  
        0 fichier(s) copi‚(s).
 
 
 
Restoring Windows Update Certificates.:
 
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wanmm.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallNotifyShown"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
  00,00,15,e2,04,2a,a7,f8,88,41,b4,28,c2,8f,2a,2a,30,5d,04,00,00,00,04,00,00,\
  00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,d9,c2,d6,b9,af,55,58,be,\
  46,f5,7d,04,af,91,57,c8,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,d5,\
  49,16,31,df,09,2e,64,d8,0e,4e,ad,40,f5,a5,34,18,02,00,00,f9,e2,14,ea,77,68,\
  16,3c,65,56,c8,b9,64,a8,f4,e4,51,9c,9d,71,18,10,db,b8,62,3c,a4,a1,36,f8,3f,\
  39,53,7f,03,f0,2d,61,96,cf,88,fe,49,16,cd,43,d9,0e,1c,38,9f,57,0a,6e,f5,c5,\
  cb,ed,4e,67,3c,d4,38,d7,e0,b7,61,ca,46,df,88,8a,64,82,b3,e2,73,1e,5d,b4,55,\
  6b,bf,ba,af,23,49,13,6d,b6,79,c9,a7,19,4b,37,df,d0,97,ae,b2,32,fa,d4,9e,5a,\
  8a,58,fd,6d,f8,c3,8c,c1,d9,95,b5,d0,57,b6,7a,1b,1c,85,31,e7,9a,ab,15,ee,c8,\
  46,bc,54,bf,54,b7,2a,fc,07,95,24,6c,9c,15,6b,b7,4b,3b,39,80,82,d7,cb,99,b3,\
  ad,bf,ca,3b,f5,02,49,b1,8b,05,4b,0a,93,f5,b4,71,a7,d2,53,ad,e9,99,fe,96,3a,\
  d5,03,b5,b6,37,2a,72,4e,42,61,a6,b5,ab,e4,4c,dd,5d,ab,7a,5e,57,65,45,d8,61,\
  24,8b,82,4e,32,fc,3c,41,f4,e2,ad,97,b4,0b,b1,9c,5f,90,e8,f6,a7,40,e0,8d,8a,\
  58,7a,65,21,40,84,c7,53,57,10,8a,b6,56,9b,80,3b,81,58,c9,03,cd,ff,a1,20,9d,\
  01,e4,98,d8,25,04,9d,57,b7,74,e4,b1,30,6e,20,42,8a,ba,70,9a,c4,09,8e,07,52,\
  f8,3c,df,e9,11,3c,61,55,6c,25,0c,b7,45,21,8c,f7,4e,7d,d6,d5,97,2c,48,ae,1a,\
  0d,46,2e,a5,b8,f5,a1,5f,8c,24,24,2f,e5,0e,e2,97,21,3c,55,bc,e4,a2,ea,88,10,\
  b6,00,54,ec,88,53,b3,1b,72,b1,05,1c,3f,ff,14,99,3a,2d,8c,60,8a,ea,12,f5,73,\
  63,47,07,2c,ea,aa,84,67,58,46,82,90,f6,18,3a,49,23,fd,0c,34,2f,82,0c,ac,27,\
  62,7c,ea,68,be,bc,cd,a7,5e,d7,5a,a4,bd,06,6d,dd,eb,0f,93,0a,38,7b,5f,72,ff,\
  8a,a5,15,6c,d9,da,26,d7,ea,df,73,63,21,aa,4e,1b,05,b6,29,6e,fc,ec,20,fd,c0,\
  93,f8,e0,64,a7,30,56,0a,60,0e,eb,f0,ef,72,98,a1,c5,e4,9c,cd,73,66,e3,92,8d,\
  b8,59,49,c1,db,72,da,62,72,53,a3,2f,4f,ca,94,e0,09,14,da,47,b3,a8,e6,8f,70,\
  c6,0a,89,cc,3f,34,1b,6c,39,17,89,34,51,60,3f,ed,31,3c,b5,35,4d,18,b6,88,00,\
  c3,bc,a8,fe,34,86,f4,27,dd,d1,87,34,88,1a,92,95,e0,59,61,a2,b2,09,67,27,8a,\
  bb,1c,f4,3d,d7,14,00,00,00,fa,7f,ab,dd,af,b2,c7,dd,a5,d6,4b,43,18,11,44,94,\
  80,27,48,2b
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
 
The following are the files found:  
****************************************************************************
C:\WINDOWS\system32\cdbjmon.dll  
C:\WINDOWS\system32\cfbcatq.dll  
C:\WINDOWS\system32\jt6u07j9e.dll  
C:\WINDOWS\system32\l8l6li3s18.dll  
C:\WINDOWS\system32\wanmm.dll  
C:\WINDOWS\system32\wgn32spl.dll  
C:\WINDOWS\system32\wnnipsec.dll  
C:\WINDOWS\system32\wY2time.dll  
 
Registry Entries that were Deleted:  
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder.  
****************************************************************************
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\InprocServer32]
@="C:\\WINDOWS\\system32\\maexch40.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
@=""
"IDEx"="ADDR"
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\wY2time.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\InprocServer32]
@="C:\\WINDOWS\\system32\\cdbjmon.dll"
"ThreadingModel"="Apartment"
 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}"=-
"{D757A54D-604D-4FB3-851C-2C7F7AF265FB}"=-
"{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}"=-
"{1EF0A758-F959-4573-AF39-DD8D7A4101D7}"=-
"{00114F2D-F941-4850-BFDE-A871AC43F82C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}]
[-HKEY_CLASSES_ROOT\CLSID\{D757A54D-604D-4FB3-851C-2C7F7AF265FB}]
[-HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
[-HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
[-HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
REGEDIT4
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:  
****************************************************************************
 
****************************************************************************
Checking for L2MFix account(0=no 1=yes):  
0
Zipping up files for submission:
  adding: dlls/cdbjmon.dll (164 bytes security) (deflated 4%)
  adding: dlls/cfbcatq.dll (164 bytes security) (deflated 4%)
  adding: dlls/jt6u07j9e.dll (164 bytes security) (deflated 5%)
  adding: dlls/l8l6li3s18.dll (164 bytes security) (deflated 5%)
  adding: dlls/wanmm.dll (164 bytes security) (deflated 4%)
  adding: dlls/wgn32spl.dll (164 bytes security) (deflated 4%)
  adding: dlls/wnnipsec.dll (164 bytes security) (deflated 4%)
  adding: dlls/wY2time.dll (164 bytes security) (deflated 4%)
  adding: backregs/00114F2D-F941-4850-BFDE-A871AC43F82C.reg (212 bytes security) (deflated 70%)
  adding: backregs/1EF0A758-F959-4573-AF39-DD8D7A4101D7.reg (212 bytes security) (deflated 69%)
  adding: backregs/1FD86AAB-E279-4F55-90BB-7BA659D63AAA.reg (212 bytes security) (deflated 70%)
  adding: backregs/notibac.reg (164 bytes security) (deflated 76%)
  adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Reply

Marsh Posté le 02-07-2006 à 22:13:38    

bonjour,
 
ce rapport n'est je pense pas entier, donc poste le en entier et post aussi un nouveau rapport hijackthis

Reply

Marsh Posté le 02-07-2006 à 23:41:14    

voila desole ::rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 23:37:24, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\dfndrb_3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\DOCUME~1\Weyandt\MESDOC~1\CURITY~1\wuauboot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Weyandt\LOCALS~1\Temp\Rar$EX00.782\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {35DC2968-E2DE-9D74-A746-9D2B5295D1C6} - C:\WINDOWS\system32\wbiktobm.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\dfndrb_3.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdb_3.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmb_3.exe
O4 - HKLM\..\Run: [tgy8c24a] RUNDLL32.EXE w21a4daa.dll,n 0018c2490000000a21a4daa
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Oaaa] "C:\DOCUME~1\Weyandt\MESDOC~1\CURITY~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\Run: [Fniz] C:\WINDOWS\ASEMBL~1\UERINI~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\spoolsv.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wanmm.dll (file missing)
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\wY2time.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\wY2time.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
 
 
 
 
 
second rapport::mais aparamentc'est le meme
 
L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.
 
Adding Administrative privleges.  
Checking for L2MFix account(0=no 1=yes):  
1
 Granting SeDebugPrivilege to L2MFIX   ... successful
 
Running From:
C:\WINDOWS\system32
 
Killing Processes!  
  Killing 'smss.exe'
\SystemRoot\System32\smss.exe (580)
  Killing 'winlogon.exe'
winlogon.exe    (676)
  Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (3076)
  Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\cfbcatq.dll",DllGetVersion (1692)
rundll32.exe "C:\WINDOWS\system32\cdbjmon.dll",DllGetVersion (272)
"C:\WINDOWS\system32\RUNDLL32.EXE" w21a4daa.dll,n 0018c2490000000a21a4daa (3628)
Restoring Sedebugprivilege:
 Granting SeDebugPrivilege to Administrateurs   ... successful
 
Scanning First Pass. Please Wait!
 
First Pass Completed  
 
Second Pass Scanning  
 
Second pass Completed!
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\cdbjmon.dll  
Successfully Deleted: C:\WINDOWS\system32\cdbjmon.dll  
Deleting: C:\WINDOWS\system32\cfbcatq.dll  
Successfully Deleted: C:\WINDOWS\system32\cfbcatq.dll  
Deleting: C:\WINDOWS\system32\jt6u07j9e.dll  
Successfully Deleted: C:\WINDOWS\system32\jt6u07j9e.dll  
Deleting: C:\WINDOWS\system32\l8l6li3s18.dll  
Successfully Deleted: C:\WINDOWS\system32\l8l6li3s18.dll  
Deleting: C:\WINDOWS\system32\wanmm.dll  
Successfully Deleted: C:\WINDOWS\system32\wanmm.dll  
Deleting: C:\WINDOWS\system32\wgn32spl.dll  
Successfully Deleted: C:\WINDOWS\system32\wgn32spl.dll  
Deleting: C:\WINDOWS\system32\wnnipsec.dll  
Successfully Deleted: C:\WINDOWS\system32\wnnipsec.dll  
Deleting: C:\WINDOWS\system32\wY2time.dll  
Successfully Deleted: C:\WINDOWS\system32\wY2time.dll  
 
msg11?.dll  
        0 fichier(s) copi‚(s).
 
 
 
Restoring Windows Update Certificates.:
 
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wanmm.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallNotifyShown"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
  00,00,15,e2,04,2a,a7,f8,88,41,b4,28,c2,8f,2a,2a,30,5d,04,00,00,00,04,00,00,\
  00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,d9,c2,d6,b9,af,55,58,be,\
  46,f5,7d,04,af,91,57,c8,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,d5,\
  49,16,31,df,09,2e,64,d8,0e,4e,ad,40,f5,a5,34,18,02,00,00,f9,e2,14,ea,77,68,\
  16,3c,65,56,c8,b9,64,a8,f4,e4,51,9c,9d,71,18,10,db,b8,62,3c,a4,a1,36,f8,3f,\
  39,53,7f,03,f0,2d,61,96,cf,88,fe,49,16,cd,43,d9,0e,1c,38,9f,57,0a,6e,f5,c5,\
  cb,ed,4e,67,3c,d4,38,d7,e0,b7,61,ca,46,df,88,8a,64,82,b3,e2,73,1e,5d,b4,55,\
  6b,bf,ba,af,23,49,13,6d,b6,79,c9,a7,19,4b,37,df,d0,97,ae,b2,32,fa,d4,9e,5a,\
  8a,58,fd,6d,f8,c3,8c,c1,d9,95,b5,d0,57,b6,7a,1b,1c,85,31,e7,9a,ab,15,ee,c8,\
  46,bc,54,bf,54,b7,2a,fc,07,95,24,6c,9c,15,6b,b7,4b,3b,39,80,82,d7,cb,99,b3,\
  ad,bf,ca,3b,f5,02,49,b1,8b,05,4b,0a,93,f5,b4,71,a7,d2,53,ad,e9,99,fe,96,3a,\
  d5,03,b5,b6,37,2a,72,4e,42,61,a6,b5,ab,e4,4c,dd,5d,ab,7a,5e,57,65,45,d8,61,\
  24,8b,82,4e,32,fc,3c,41,f4,e2,ad,97,b4,0b,b1,9c,5f,90,e8,f6,a7,40,e0,8d,8a,\
  58,7a,65,21,40,84,c7,53,57,10,8a,b6,56,9b,80,3b,81,58,c9,03,cd,ff,a1,20,9d,\
  01,e4,98,d8,25,04,9d,57,b7,74,e4,b1,30,6e,20,42,8a,ba,70,9a,c4,09,8e,07,52,\
  f8,3c,df,e9,11,3c,61,55,6c,25,0c,b7,45,21,8c,f7,4e,7d,d6,d5,97,2c,48,ae,1a,\
  0d,46,2e,a5,b8,f5,a1,5f,8c,24,24,2f,e5,0e,e2,97,21,3c,55,bc,e4,a2,ea,88,10,\
  b6,00,54,ec,88,53,b3,1b,72,b1,05,1c,3f,ff,14,99,3a,2d,8c,60,8a,ea,12,f5,73,\
  63,47,07,2c,ea,aa,84,67,58,46,82,90,f6,18,3a,49,23,fd,0c,34,2f,82,0c,ac,27,\
  62,7c,ea,68,be,bc,cd,a7,5e,d7,5a,a4,bd,06,6d,dd,eb,0f,93,0a,38,7b,5f,72,ff,\
  8a,a5,15,6c,d9,da,26,d7,ea,df,73,63,21,aa,4e,1b,05,b6,29,6e,fc,ec,20,fd,c0,\
  93,f8,e0,64,a7,30,56,0a,60,0e,eb,f0,ef,72,98,a1,c5,e4,9c,cd,73,66,e3,92,8d,\
  b8,59,49,c1,db,72,da,62,72,53,a3,2f,4f,ca,94,e0,09,14,da,47,b3,a8,e6,8f,70,\
  c6,0a,89,cc,3f,34,1b,6c,39,17,89,34,51,60,3f,ed,31,3c,b5,35,4d,18,b6,88,00,\
  c3,bc,a8,fe,34,86,f4,27,dd,d1,87,34,88,1a,92,95,e0,59,61,a2,b2,09,67,27,8a,\
  bb,1c,f4,3d,d7,14,00,00,00,fa,7f,ab,dd,af,b2,c7,dd,a5,d6,4b,43,18,11,44,94,\
  80,27,48,2b
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
 
The following are the files found:  
****************************************************************************
C:\WINDOWS\system32\cdbjmon.dll  
C:\WINDOWS\system32\cfbcatq.dll  
C:\WINDOWS\system32\jt6u07j9e.dll  
C:\WINDOWS\system32\l8l6li3s18.dll  
C:\WINDOWS\system32\wanmm.dll  
C:\WINDOWS\system32\wgn32spl.dll  
C:\WINDOWS\system32\wnnipsec.dll  
C:\WINDOWS\system32\wY2time.dll  
 
Registry Entries that were Deleted:  
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder.  
****************************************************************************
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\InprocServer32]
@="C:\\WINDOWS\\system32\\maexch40.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
@=""
"IDEx"="ADDR"
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\wY2time.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\InprocServer32]
@="C:\\WINDOWS\\system32\\cdbjmon.dll"
"ThreadingModel"="Apartment"
 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}"=-
"{D757A54D-604D-4FB3-851C-2C7F7AF265FB}"=-
"{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}"=-
"{1EF0A758-F959-4573-AF39-DD8D7A4101D7}"=-
"{00114F2D-F941-4850-BFDE-A871AC43F82C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}]
[-HKEY_CLASSES_ROOT\CLSID\{D757A54D-604D-4FB3-851C-2C7F7AF265FB}]
[-HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
[-HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
[-HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
REGEDIT4
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:  
****************************************************************************
 
****************************************************************************
Checking for L2MFix account(0=no 1=yes):  
0
Zipping up files for submission:
  adding: dlls/cdbjmon.dll (164 bytes security) (deflated 4%)
  adding: dlls/cfbcatq.dll (164 bytes security) (deflated 4%)
  adding: dlls/jt6u07j9e.dll (164 bytes security) (deflated 5%)
  adding: dlls/l8l6li3s18.dll (164 bytes security) (deflated 5%)
  adding: dlls/wanmm.dll (164 bytes security) (deflated 4%)
  adding: dlls/wgn32spl.dll (164 bytes security) (deflated 4%)
  adding: dlls/wnnipsec.dll (164 bytes security) (deflated 4%)
  adding: dlls/wY2time.dll (164 bytes security) (deflated 4%)
  adding: backregs/00114F2D-F941-4850-BFDE-A871AC43F82C.reg (212 bytes security) (deflated 70%)
  adding: backregs/1EF0A758-F959-4573-AF39-DD8D7A4101D7.reg (212 bytes security) (deflated 69%)
  adding: backregs/1FD86AAB-E279-4F55-90BB-7BA659D63AAA.reg (212 bytes security) (deflated 70%)
  adding: backregs/notibac.reg (164 bytes security) (deflated 76%)
  adding: backregs/shell.reg (164 bytes security) (deflated 73%)
 

Reply

Marsh Posté le 02-07-2006 à 23:41:14   

Reply

Marsh Posté le 03-07-2006 à 09:55:09    

bonjour,
 
1/Télécharge http://www.ewido.net/en/download/ Ewido anti-spyware
 
Lance Ewido et clique sur le bouton Update (barre d'outils - au haut). Sous Manual Update clique Start update.
 
Tu verras ceci juste au bas, lorsque la mise à jour sera complétée : "Update successful"
 
Ferme Ewido. Ne pas le lancer tout de suite.
 
 
 
2/demarre en mode sans echec http://www.sosordi.net/Faq/Faq.2.html
 
3/
demarrer/panneau de configuration/ajouts et suppresions de programmes et verifie la presence de:
 
Network Monitor  
 
si ce programme est present desinstalle le.
 
 
4/fais:
demarer executer services.msc repere Network Monitor  
 
Double clic dessus :dans le champs Statut du service met le sur [color=red]arrêté [/color]
dans le champs Type de démarrage met le sur [color=red]désactivé [/color] puis
Appliquer puis ok .
 
 
5/lance hijackthis en cliquant sur do a scan system only coche ces lignes:
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com  
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens  
R3 - URLSearchHook: (no name) - {35DC2968-E2DE-9D74-A746-9D2B5295D1C6} - C:\WINDOWS\system32\wbiktobm.dll  
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)  
O4 - HKLM\..\Run: [defender] C:\\dfndrb_3.exe  
O4 - HKLM\..\Run: [keyboard] c:\\kybrdb_3.exe  
O4 - HKLM\..\Run: [newname] c:\\nwnmb_3.exe  
O4 - HKLM\..\Run: [tgy8c24a] RUNDLL32.EXE w21a4daa.dll,n 0018c2490000000a21a4daa  
O4 - HKCU\..\Run: [Oaaa] "C:\DOCUME~1\Weyandt\MESDOC~1\CURITY~1\wuauboot.exe" -vt yazr  
O4 - HKCU\..\Run: [Fniz] C:\WINDOWS\ASEMBL~1\UERINI~1.EXE  
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wanmm.dll (file missing)  
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\wY2time.dll (file missing)  
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\wY2time.dll (file missing)  
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe  
 
 
Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked
 
 
6/pour supprimer les fichiers nefastes on va tous les afficher en faisant comme ceci:
 

Citation :

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Cocher la case : Afficher les fichiers et dossiers cachés
Décocher la case : Masquer les extensions des fichiers dont le type est connu
Décocher la case : Masquer les fichiers protégés du système d'exploitation
cliquer sur "Appliquer"
cliquer sur le bouton "Appliquer à tous les dossiers" / OK


 
7/supprime ce qui est en gras:
 
C:\WINDOWS\system32\ wbiktobm.dll<== le fichier
C:\\ dfndrb_3.exe<== le fichier
c:\\ kybrdb_3.exe<== le fichier
c:\\ nwnmb_3.exe<== le fichier
C:\Documents and Settings\Weyandt\Mes Documents\ CURITY~1<== tout le dossier qui commence
par CURITY
C:\WINDOWS\ASEMBL~1\ UERINI~1.EXE<== le fichier
C:\Program Files\ Network Monitor<== tout le dossier
 
 
8/ Du mode Sans Échec, lance Ewido et clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan.  Le scan prendra un certain temps, donc sois patient.
 
Ewido affichera une liste des fichiers détectés, sur la gauche. En fin de scan, l'outil appliquera les "Actions" à appliquer automatiquement. Clique sur le bouton Apply all actions. Ewido affichera "All actions have been applied" du côté droit.
 
Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit sûr (sur ton Bureau, par exemple).
 
 
9/redemarre en mode normal
 
10/poste le rapport d'ewido ainsi qu'un nouveau log hijackthis.
 
bon courage, et si tu as la moindre question n'hesite surtout pas ;)
 
@+

Reply

Marsh Posté le 03-07-2006 à 19:13:13    

voila 1er petit probleme quand je met le pc en mode sans echec pour supprime Network Monitor il me mais une erreur en anglais comme quoi il ne peut pas me le supprime ???

Reply

Marsh Posté le 03-07-2006 à 20:49:51    

bonjour,
 
tu essayes de faire tout ce que j'ai ecrit et ce que tu n'as pas reussi, tu me le diras une fois avoir posté le nouveau log et en precisant (pas reussia supprimer quoi? le dossier? pas reussi a desactiver le service? a l'arreté?....)

Reply

Marsh Posté le 03-07-2006 à 23:24:43    

voila je te donne mes rapport ainsi que mes problemes rencontrer;
problemes:je n'ai pas reussi a suppr. Network Monitor  
je n'ai pas trouvé:O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe  
pas trouvé:kybrdb_3.exe<== le fichier
nwnmb_3.exe
C:\Documents and Settings\Weyandt\Mes Documents\ CURITY~1<== tout le dossier qui commence
par CURITY
C:\WINDOWS\ASEMBL~1\ UERINI~1.EXE<== le fichier
 
 
rapport du scan
 
 
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
 
 + Created at: 23:18:28 03/07/2006
 
 + Scan result:  
 
 
 
C:\WINDOWS\V2V5YW5kdA\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\V2V5YW5kdA\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\50L4UXKQ\ac3[1].txt -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tgy8c24a.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/cdbjmon.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/cfbcatq.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/jt6u07j9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/l8l6li3s18.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/wY2time.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/wanmm.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/wgn32spl.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/wnnipsec.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\cdbjmon.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\cfbcatq.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\jt6u07j9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\l8l6li3s18.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\wY2time.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\wanmm.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\wgn32spl.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\wnnipsec.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\IGDZFALR\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1801674531-725345543-1003\Dc2.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\LEL3WMAA\kybrdb_3[1].exe -> Backdoor.VB.ary : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\F055R4G0\drsmartload849a[1].exe -> Downloader.Adload.ck : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\LEL3WMAA\drsmartload45a[1].exe -> Downloader.Adload.ck : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\QQU5LL0U\drsmartload46a[1].exe -> Downloader.Adload.ck : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\PCH9BXDF\nwnmb_3[1].exe -> Downloader.Adload.cm : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\E7YN61QZ\nwnmc_2[1].exe -> Downloader.Adload.cn : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TG547U5\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\50L4UXKQ\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Мicrosoft\wowexec.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\F9KKGRJF\al3[1].txt -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\M303PQJY\ac3_0010[1].exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w21a4daa.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\DC3AZ7DZ\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\E7YN61QZ\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\7BX1X5PQ\dfndrc_2[1].exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\S5K34BKJ\dfndrb_3[1].exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1801674531-725345543-1003\Dc3.exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
C:\dfndrb_3.exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\F9KKGRJF\kybrdc_2[1].exe -> Downloader.VB.agi : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\M303PQJY\drsmartload[1].exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\F055R4G0\nwnmb_2[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.461:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.583:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.593:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@boonty.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.443:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.234:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.235:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.34:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.141:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.142:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.143:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.292:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.60:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.402:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.591:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.126:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned.
:mozilla.216:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.54:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.139:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.357:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.358:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.359:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.360:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.361:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.124:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned.
:mozilla.580:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.617:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.618:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@ehg-ypcorp.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.456:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.457:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.585:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.586:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.545:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.217:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.131:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.132:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.356:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.250:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.251:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.252:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.47:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.193:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.194:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.195:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.196:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.197:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.198:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.199:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.200:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.201:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.202:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.203:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.55:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.57:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.58:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.59:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.340:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.341:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.342:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.343:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.344:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.345:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.346:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.347:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.337:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.338:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.339:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.83:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.84:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.87:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.90:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.91:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.418:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.419:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.122:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.123:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.77:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.78:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.85:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.92:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.93:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.94:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.284:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
:mozilla.411:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.412:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.113:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.114:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.115:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.117:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.246:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\IGDZFALR\!update-4020[1].0000 -> Trojan.PurityAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Mes documents\ѕеcurity\wuauboot.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
 
 
::Report end
 
rapport hijackthis;;
 
 
Logfile of HijackThis v1.99.1
Scan saved at 23:24:21, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Weyandt\LOCALS~1\Temp\Rar$EX00.359\HijackThis.exe
 
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\spoolsv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
 
 
 
 
 

Reply

Marsh Posté le 04-07-2006 à 09:34:25    

Bonjour,
 
redemarre en mode sans echec, et avec hijackthis, tu coches et tu fixes cette ligne:
 
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)  
 
redemarre en mode normal et repost un nouveau log hijackthis.
 
@+

Reply

Marsh Posté le 04-07-2006 à 12:56:48    

voila je te donne le rapport;;
Logfile of HijackThis v1.99.1
Scan saved at 12:54:59, on 04/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Weyandt\LOCALS~1\Temp\Rar$EX00.296\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
 
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\spoolsv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
 

Reply

Marsh Posté le 04-07-2006 à 13:55:49    

Bonjour,
 
ton rapport est propre, beau travail ;)
 
As tu encore des problemes avec ton PC?

Reply

Marsh Posté le 04-07-2006 à 15:04:01    

aparament je n'ai plus de probleme
j'ai juste quelque questions;
de quoi provien ces spam? (de mon antivirus ? )
et ci ewido et mieu que adware ?

Reply

Marsh Posté le 04-07-2006 à 17:39:30    

re,
 
ton antivirus a du laisser passer des bestioles...
 

Citation :

et ci ewido et mieu que adware ?


 
ils n'ont pas la meme "fonction" tu peux les garder tout les deux
 
As tu encore des problemes?
 
Si tu n'as pu de problemes pense a mettre la question en resolu, pour se faire tu edites ton
titre (premier message) et tu mets devant [résolu]
 
@+ :hello:
 

Reply

Marsh Posté le 04-07-2006 à 17:59:45    

non je n'ai plus de probleme mais je pense que cela doit venir de mon antivitus xar windows me dit qu'il et perimé et quand je veut le mettre a jour il me dit echec de la mise a jour !! peut etre une solution ?

Reply

Marsh Posté le 04-07-2006 à 18:10:06    

re,
 
Faut poster dans une autre partie du forum pour ce probleme

Reply

Marsh Posté le 04-07-2006 à 18:20:44    

lol oki merci pour ton aide c vraiment cool

Reply

Marsh Posté le 04-07-2006 à 18:28:21    

de rien ;)
 
@+ :hello:

Reply

Marsh Posté le    

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed