fenetre inconnue qui s'ouvre [résolu] - Sécurité - Windows & Software
Marsh Posté le 30-06-2006 à 17:29:37
Bonjour,
telecharge la version original de hijackthis http://www.merijn.org/files/hijackthis.zip
déconnecte toi du net et installe le.
lance le en cliquant sur Do a system scan and save a logfile a la fin du scan le bloc note va s'
ouvrir tu fais un copier coller de tout son contenu.
Marsh Posté le 30-06-2006 à 17:35:19
voila le rapport que tu m'a demander;
Logfile of HijackThis v1.99.1
Scan saved at 17:33:47, on 30/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\dfndrc_2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\DOCUME~1\Weyandt\MESDOC~1\CURITY~1\wuauboot.exe
C:\WINDOWS\ASEMBL~1\UERINI~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\dfndrb_3.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Weyandt\LOCALS~1\Temp\Rar$EX00.187\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {35DC2968-E2DE-9D74-A746-9D2B5295D1C6} - C:\WINDOWS\system32\wbiktobm.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] c:\\dfndrb_3.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdb_3.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmb_3.exe
O4 - HKLM\..\Run: [tgy8c24a] RUNDLL32.EXE w21a4daa.dll,n 0018c2490000000a21a4daa
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Oaaa] "C:\DOCUME~1\Weyandt\MESDOC~1\CURITY~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\Run: [Fniz] C:\WINDOWS\ASEMBL~1\UERINI~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\spoolsv.dll
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\wanmm.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\wY2time.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Marsh Posté le 30-06-2006 à 17:38:24
re,
ton log est tres infecté!
tes pubs sont du a look2me, on s'en occupera apres.
je regarde ton rapport, retour dans 15 minutes
Marsh Posté le 30-06-2006 à 17:43:54
re,
en fait on va commencer par look2me ca sera plus simple:
Télécharge L2mfix (de Shadowwar) de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Sauvegarde-le sur le Bureau
double-clique l2mfix.exe.
Clique sur le bouton Install pour en extraire le contenu et suis les directives,
puis ouvre le nouveau dossier l2mfix qui se trouve sur le Bureau.
Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée.
Le scan débutera sans générer d'indications, puis, après une minute ou deux,
un fichier texte apparaîtra.
tu copies le contenu de ce rapport ("report.txt" ) dans ta prochaine réponse.
ATTENTION!
Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci :
''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...
alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.
Marsh Posté le 30-06-2006 à 17:50:02
voila le rapport fait sans aucun probleme suaf que sa n'a pas pris de temps comme tu la dit ( 1 ou 2 min ) ca a pris meme pas 5 secondes
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wanmm.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000000
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,15,e2,04,2a,a7,f8,88,41,b4,28,c2,8f,2a,2a,30,5d,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,a8,58,d8,ad,d9,94,29,ec,\
f8,f6,48,a2,1f,e1,85,97,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,de,\
2a,4d,fd,e9,0c,63,35,27,11,18,b6,ac,40,e3,89,f0,01,00,00,e6,29,04,73,ab,c0,\
5b,be,90,04,d2,bd,06,13,63,9b,19,1f,9d,ac,d6,fe,aa,49,84,dd,9b,f4,86,83,fe,\
a7,b8,d7,56,cd,17,45,18,75,df,f9,2e,04,cc,4e,6b,b9,d4,25,8c,b3,22,fd,1d,41,\
25,3d,1d,ef,9b,05,5c,18,8e,bd,f6,a8,b8,ba,d8,25,5e,d0,6e,74,8c,72,7f,28,a2,\
4c,ce,2d,bb,d6,88,4e,ad,4a,4d,89,75,6f,e3,fc,d1,a9,36,0e,be,35,2a,7f,74,82,\
87,9b,7d,59,5c,dc,63,1d,57,59,5e,c1,07,e5,65,d6,76,d5,d4,cd,d3,4e,77,1b,07,\
09,e3,bc,f1,47,88,2e,22,2a,04,bc,02,49,cc,c1,c9,1a,ce,f5,63,a1,c4,e6,e8,df,\
d7,8f,f3,ac,0d,34,7b,5e,e1,5e,e3,b7,1a,5f,d1,a6,f7,c1,0e,00,4d,52,1d,f8,8f,\
f5,61,7f,aa,f1,44,29,d4,3a,30,1c,ab,dd,43,7c,a6,c7,0d,8e,f9,29,38,44,e8,85,\
51,2c,1a,16,3b,09,41,7f,5c,8b,1e,07,35,97,3d,a7,2b,0c,38,a2,8e,29,ac,83,c2,\
37,b5,18,75,1c,db,fd,6b,2c,7d,21,6c,ad,9b,6d,59,c3,c5,1c,8a,18,16,83,bf,66,\
4b,09,e7,7f,89,60,ee,04,8b,ca,ee,5f,02,34,0f,fb,e3,bc,97,4b,a6,e6,74,56,1c,\
87,e6,60,87,91,83,24,d6,3a,92,ce,87,46,30,0b,a2,64,31,22,44,5e,e1,a1,84,9c,\
2f,a3,52,c3,88,38,97,06,77,0a,0c,88,e9,19,a4,54,12,cb,52,58,9e,03,d7,28,44,\
c3,f5,c2,6e,d9,56,63,e1,f2,0d,9c,30,5d,2c,83,53,dd,d2,01,b5,5f,d5,4b,bf,85,\
b7,63,d6,49,e6,0d,7c,66,cf,6c,28,59,9d,94,a9,cd,53,68,2b,a4,f2,3c,3e,05,5c,\
eb,79,4c,ed,01,b6,fd,ff,d1,24,42,6c,4e,34,01,e5,3a,45,b8,e3,1b,c7,da,76,86,\
98,b3,3a,29,5a,f9,b9,82,43,b5,1d,7d,2f,49,7d,fc,a8,7b,31,93,b8,6c,31,87,f1,\
6b,56,0a,6c,d9,8b,ab,bd,f3,be,d1,da,a1,fe,3f,81,12,e9,c4,99,54,b0,9b,4f,8a,\
4f,04,5a,8d,f5,b9,92,ba,a4,46,06,fc,de,e8,f7,d6,d2,f9,3c,4c,cb,21,24,c1,6d,\
07,ba,b4,ed,4b,3e,79,dc,28,87,78,3d,5f,ca,8e,14,00,00,00,a8,fe,1c,89,32,4c,\
d0,27,97,6c,46,b4,32,77,00,b1,39,53,db,94
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D424E8EB-F47B-EC4D-1C57-D193D15DCD38}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de proprits du fichier multimdia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de scurit NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des proprits de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de scurit DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donnes endommages de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets rseau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension icne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de scurit des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions rseau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions rseau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interprteur de commandes pour l'environnement d'excution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donnes Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tches planifies"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tches et menu Dmarrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Excuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du tlchargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet intgr de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Bote d'entre de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalise MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Paramtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de dmarrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="numrateur d'applications installes"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de rsum (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chane"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chane"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}"=""
"{D757A54D-604D-4FB3-851C-2C7F7AF265FB}"=""
"{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}"=""
"{1EF0A758-F959-4573-AF39-DD8D7A4101D7}"=""
"{00114F2D-F941-4850-BFDE-A871AC43F82C}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\InprocServer32]
@="C:\\WINDOWS\\system32\\maexch40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\wY2time.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\InprocServer32]
@="C:\\WINDOWS\\system32\\wanmm.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
ati2cqag.dll Wed 3 May 2006 18:09:20 A.... 282 624 276,00 K
ati2dvag.dll Wed 3 May 2006 18:51:00 A.... 258 048 252,00 K
ati2edxx.dll Wed 3 May 2006 18:45:08 A.... 41 984 41,00 K
ati2evxx.dll Wed 3 May 2006 18:44:56 A.... 61 440 60,00 K
ati3duag.dll Wed 3 May 2006 18:35:26 A.... 2 693 280 2,57 M
atiddc.dll Wed 3 May 2006 18:43:14 A.... 53 248 52,00 K
atidemgr.dll Wed 3 May 2006 18:12:26 A.... 286 720 280,00 K
atiiiexx.dll Wed 3 May 2006 18:54:10 A.... 307 200 300,00 K
atikvmag.dll Wed 3 May 2006 18:15:58 A.... 151 552 148,00 K
atioglx1.dll Wed 3 May 2006 18:21:20 A.... 6 684 672 6,38 M
atioglxx.dll Wed 3 May 2006 18:18:04 A.... 5 033 984 4,80 M
atipdlxx.dll Wed 3 May 2006 18:45:36 A.... 114 688 112,00 K
atitvo32.dll Wed 3 May 2006 18:15:10 A.... 17 408 17,00 K
ativvaxx.dll Wed 3 May 2006 18:29:14 A.... 1 408 000 1,34 M
browseui.dll Wed 10 May 2006 7:24:34 A.... 1 023 488 999,50 K
cdfview.dll Wed 10 May 2006 7:24:34 A.... 152 064 148,50 K
danim.dll Wed 10 May 2006 7:24:34 A.... 1 056 768 1,01 M
dxtmsft.dll Wed 10 May 2006 7:24:36 A.... 357 888 349,50 K
dxtrans.dll Wed 10 May 2006 7:24:36 A.... 205 312 200,50 K
extmgr.dll Wed 10 May 2006 7:24:36 ..... 55 808 54,50 K
iepeers.dll Wed 10 May 2006 7:24:36 A.... 251 392 245,50 K
inseng.dll Wed 10 May 2006 7:24:36 A.... 96 768 94,50 K
jgdw400.dll Thu 1 Jun 2006 20:48:44 A.... 163 840 160,00 K
jgpl400.dll Thu 1 Jun 2006 20:48:44 A.... 27 648 27,00 K
jscript.dll Thu 18 May 2006 7:31:22 A.... 450 560 440,00 K
jsproxy.dll Wed 10 May 2006 7:24:36 A.... 16 384 16,00 K
legitc~1.dll Mon 19 Jun 2006 16:19:42 ..... 571 184 557,80 K
msgplu~1.dll Mon 5 Jun 2006 17:14:58 A.... 58 952 57,57 K
mshtml.dll Fri 19 May 2006 17:09:50 A.... 3 073 536 2,93 M
mshtmled.dll Wed 10 May 2006 7:24:36 A.... 448 512 438,00 K
msrating.dll Wed 10 May 2006 7:24:36 A.... 146 432 143,00 K
mstime.dll Wed 10 May 2006 7:24:38 A.... 532 480 520,00 K
oemdspif.dll Wed 3 May 2006 18:45:22 A.... 77 824 76,00 K
pngfilt.dll Wed 10 May 2006 7:24:38 A.... 39 424 38,50 K
rasmans.dll Sun 14 May 2006 10:48:16 A.... 181 248 177,00 K
shdocvw.dll Mon 29 May 2006 17:29:14 A.... 1 494 528 1,42 M
shlwapi.dll Wed 10 May 2006 7:24:40 A.... 474 624 463,50 K
spmsg.dll Mon 3 Apr 2006 11:40:10 ..... 14 048 13,72 K
spoolsv.dll Thu 29 Jun 2006 21:23:00 A.... 81 920 80,00 K
tgy8c24a.dll Thu 29 Jun 2006 21:22:14 A.... 61 440 60,00 K
urlmon.dll Wed 10 May 2006 7:24:40 A.... 615 936 601,50 K
w21a4daa.dll Thu 29 Jun 2006 21:22:06 A.... 29 696 29,00 K
wanmm.dll Fri 30 Jun 2006 13:17:50 ..S.R 234 272 228,78 K
wbiktobm.dll Wed 28 Jun 2006 17:07:20 A.... 139 264 136,00 K
wgalogon.dll Mon 19 Jun 2006 16:20:42 ..... 702 768 686,30 K
wgn32spl.dll Fri 30 Jun 2006 13:17:44 ..S.R 234 272 228,78 K
wininet.dll Wed 10 May 2006 7:24:40 A.... 662 528 647,00 K
wknstrm.dll Fri 30 Jun 2006 13:17:56 ..S.R 234 272 228,78 K
wmp.dll Sat 29 Apr 2006 6:07:48 A.... 5 533 696 5,28 M
wnnipsec.dll Fri 30 Jun 2006 13:17:48 ..S.R 234 272 228,78 K
wy2time.dll Fri 30 Jun 2006 13:17:36 A.... 234 272 228,78 K
xpsp3res.dll Thu 11 May 2006 10:57:36 A.... 26 624 26,00 K
52 items found: 52 files (4 H/S), 0 directories.
Total of file sizes: 37 390 792 bytes 35,66 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 6032-A273
Rpertoire de C:\WINDOWS\System32
30/06/2006 13:17 234ÿ272 wknstrm.dll
30/06/2006 13:17 234ÿ272 wanmm.dll
30/06/2006 13:17 234ÿ272 wnnipsec.dll
30/06/2006 13:17 234ÿ272 wgn32spl.dll
30/06/2006 13:16 <REP> dllcache
19/05/2006 18:46 <REP> Microsoft
4 fichier(s) 937ÿ088 octets
2 Rp(s) 52ÿ872ÿ433ÿ664 octets libres
Marsh Posté le 30-06-2006 à 19:04:17
re,
on va maintenant supprimer look2me:
Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.
Du dossier l2mfix situé sur ton Bureau,
double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite Entrée .
Les icônes du Bureau vont disparaître (tout à fait normal).
L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC.
Appuie sur n'importe quelle touche pour redémarrer.
Après le redémarrage, un fichier texte devrait apparaître.
Copie/colle le contenu de ce rapport dans ta prochaine réponse.
**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt" ) situé dans le dossier "l2mfix".
Marsh Posté le 02-07-2006 à 17:42:56
voila le rapport ( desolé pour le retard )
L2mfix 051206
Creating Account.
La commande s'est termine correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (580)
Killing 'winlogon.exe'
winlogon.exe (676)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (3076)
Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\cfbcatq.dll",DllGetVersion (1692)
rundll32.exe "C:\WINDOWS\system32\cdbjmon.dll",DllGetVersion (272)
"C:\WINDOWS\system32\RUNDLL32.EXE" w21a4daa.dll,n 0018c2490000000a21a4daa (3628)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
Deleting: C:\WINDOWS\system32\cdbjmon.dll
Successfully Deleted: C:\WINDOWS\system32\cdbjmon.dll
Deleting: C:\WINDOWS\system32\cfbcatq.dll
Successfully Deleted: C:\WINDOWS\system32\cfbcatq.dll
Deleting: C:\WINDOWS\system32\jt6u07j9e.dll
Successfully Deleted: C:\WINDOWS\system32\jt6u07j9e.dll
Deleting: C:\WINDOWS\system32\l8l6li3s18.dll
Successfully Deleted: C:\WINDOWS\system32\l8l6li3s18.dll
Deleting: C:\WINDOWS\system32\wanmm.dll
Successfully Deleted: C:\WINDOWS\system32\wanmm.dll
Deleting: C:\WINDOWS\system32\wgn32spl.dll
Successfully Deleted: C:\WINDOWS\system32\wgn32spl.dll
Deleting: C:\WINDOWS\system32\wnnipsec.dll
Successfully Deleted: C:\WINDOWS\system32\wnnipsec.dll
Deleting: C:\WINDOWS\system32\wY2time.dll
Successfully Deleted: C:\WINDOWS\system32\wY2time.dll
msg11?.dll
0 fichier(s) copi(s).
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wanmm.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallNotifyShown"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,15,e2,04,2a,a7,f8,88,41,b4,28,c2,8f,2a,2a,30,5d,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,d9,c2,d6,b9,af,55,58,be,\
46,f5,7d,04,af,91,57,c8,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,d5,\
49,16,31,df,09,2e,64,d8,0e,4e,ad,40,f5,a5,34,18,02,00,00,f9,e2,14,ea,77,68,\
16,3c,65,56,c8,b9,64,a8,f4,e4,51,9c,9d,71,18,10,db,b8,62,3c,a4,a1,36,f8,3f,\
39,53,7f,03,f0,2d,61,96,cf,88,fe,49,16,cd,43,d9,0e,1c,38,9f,57,0a,6e,f5,c5,\
cb,ed,4e,67,3c,d4,38,d7,e0,b7,61,ca,46,df,88,8a,64,82,b3,e2,73,1e,5d,b4,55,\
6b,bf,ba,af,23,49,13,6d,b6,79,c9,a7,19,4b,37,df,d0,97,ae,b2,32,fa,d4,9e,5a,\
8a,58,fd,6d,f8,c3,8c,c1,d9,95,b5,d0,57,b6,7a,1b,1c,85,31,e7,9a,ab,15,ee,c8,\
46,bc,54,bf,54,b7,2a,fc,07,95,24,6c,9c,15,6b,b7,4b,3b,39,80,82,d7,cb,99,b3,\
ad,bf,ca,3b,f5,02,49,b1,8b,05,4b,0a,93,f5,b4,71,a7,d2,53,ad,e9,99,fe,96,3a,\
d5,03,b5,b6,37,2a,72,4e,42,61,a6,b5,ab,e4,4c,dd,5d,ab,7a,5e,57,65,45,d8,61,\
24,8b,82,4e,32,fc,3c,41,f4,e2,ad,97,b4,0b,b1,9c,5f,90,e8,f6,a7,40,e0,8d,8a,\
58,7a,65,21,40,84,c7,53,57,10,8a,b6,56,9b,80,3b,81,58,c9,03,cd,ff,a1,20,9d,\
01,e4,98,d8,25,04,9d,57,b7,74,e4,b1,30,6e,20,42,8a,ba,70,9a,c4,09,8e,07,52,\
f8,3c,df,e9,11,3c,61,55,6c,25,0c,b7,45,21,8c,f7,4e,7d,d6,d5,97,2c,48,ae,1a,\
0d,46,2e,a5,b8,f5,a1,5f,8c,24,24,2f,e5,0e,e2,97,21,3c,55,bc,e4,a2,ea,88,10,\
b6,00,54,ec,88,53,b3,1b,72,b1,05,1c,3f,ff,14,99,3a,2d,8c,60,8a,ea,12,f5,73,\
63,47,07,2c,ea,aa,84,67,58,46,82,90,f6,18,3a,49,23,fd,0c,34,2f,82,0c,ac,27,\
62,7c,ea,68,be,bc,cd,a7,5e,d7,5a,a4,bd,06,6d,dd,eb,0f,93,0a,38,7b,5f,72,ff,\
8a,a5,15,6c,d9,da,26,d7,ea,df,73,63,21,aa,4e,1b,05,b6,29,6e,fc,ec,20,fd,c0,\
93,f8,e0,64,a7,30,56,0a,60,0e,eb,f0,ef,72,98,a1,c5,e4,9c,cd,73,66,e3,92,8d,\
b8,59,49,c1,db,72,da,62,72,53,a3,2f,4f,ca,94,e0,09,14,da,47,b3,a8,e6,8f,70,\
c6,0a,89,cc,3f,34,1b,6c,39,17,89,34,51,60,3f,ed,31,3c,b5,35,4d,18,b6,88,00,\
c3,bc,a8,fe,34,86,f4,27,dd,d1,87,34,88,1a,92,95,e0,59,61,a2,b2,09,67,27,8a,\
bb,1c,f4,3d,d7,14,00,00,00,fa,7f,ab,dd,af,b2,c7,dd,a5,d6,4b,43,18,11,44,94,\
80,27,48,2b
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cdbjmon.dll
C:\WINDOWS\system32\cfbcatq.dll
C:\WINDOWS\system32\jt6u07j9e.dll
C:\WINDOWS\system32\l8l6li3s18.dll
C:\WINDOWS\system32\wanmm.dll
C:\WINDOWS\system32\wgn32spl.dll
C:\WINDOWS\system32\wnnipsec.dll
C:\WINDOWS\system32\wY2time.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\InprocServer32]
@="C:\\WINDOWS\\system32\\maexch40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\wY2time.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\InprocServer32]
@="C:\\WINDOWS\\system32\\cdbjmon.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}"=-
"{D757A54D-604D-4FB3-851C-2C7F7AF265FB}"=-
"{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}"=-
"{1EF0A758-F959-4573-AF39-DD8D7A4101D7}"=-
"{00114F2D-F941-4850-BFDE-A871AC43F82C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}]
[-HKEY_CLASSES_ROOT\CLSID\{D757A54D-604D-4FB3-851C-2C7F7AF265FB}]
[-HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
[-HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
[-HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/cdbjmon.dll (164 bytes security) (deflated 4%)
adding: dlls/cfbcatq.dll (164 bytes security) (deflated 4%)
adding: dlls/jt6u07j9e.dll (164 bytes security) (deflated 5%)
adding: dlls/l8l6li3s18.dll (164 bytes security) (deflated 5%)
adding: dlls/wanmm.dll (164 bytes security) (deflated 4%)
adding: dlls/wgn32spl.dll (164 bytes security) (deflated 4%)
adding: dlls/wnnipsec.dll (164 bytes security) (deflated 4%)
adding: dlls/wY2time.dll (164 bytes security) (deflated 4%)
adding: backregs/00114F2D-F941-4850-BFDE-A871AC43F82C.reg (212 bytes security) (deflated 70%)
adding: backregs/1EF0A758-F959-4573-AF39-DD8D7A4101D7.reg (212 bytes security) (deflated 69%)
adding: backregs/1FD86AAB-E279-4F55-90BB-7BA659D63AAA.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 76%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Marsh Posté le 02-07-2006 à 22:13:38
bonjour,
ce rapport n'est je pense pas entier, donc poste le en entier et post aussi un nouveau rapport hijackthis
Marsh Posté le 02-07-2006 à 23:41:14
voila desole ::rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 23:37:24, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\dfndrb_3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\DOCUME~1\Weyandt\MESDOC~1\CURITY~1\wuauboot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Weyandt\LOCALS~1\Temp\Rar$EX00.782\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {35DC2968-E2DE-9D74-A746-9D2B5295D1C6} - C:\WINDOWS\system32\wbiktobm.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\dfndrb_3.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdb_3.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmb_3.exe
O4 - HKLM\..\Run: [tgy8c24a] RUNDLL32.EXE w21a4daa.dll,n 0018c2490000000a21a4daa
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Oaaa] "C:\DOCUME~1\Weyandt\MESDOC~1\CURITY~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\Run: [Fniz] C:\WINDOWS\ASEMBL~1\UERINI~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\spoolsv.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wanmm.dll (file missing)
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\wY2time.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\wY2time.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
second rapport::mais aparamentc'est le meme
L2mfix 051206
Creating Account.
La commande s'est termine correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (580)
Killing 'winlogon.exe'
winlogon.exe (676)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (3076)
Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\cfbcatq.dll",DllGetVersion (1692)
rundll32.exe "C:\WINDOWS\system32\cdbjmon.dll",DllGetVersion (272)
"C:\WINDOWS\system32\RUNDLL32.EXE" w21a4daa.dll,n 0018c2490000000a21a4daa (3628)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
Deleting: C:\WINDOWS\system32\cdbjmon.dll
Successfully Deleted: C:\WINDOWS\system32\cdbjmon.dll
Deleting: C:\WINDOWS\system32\cfbcatq.dll
Successfully Deleted: C:\WINDOWS\system32\cfbcatq.dll
Deleting: C:\WINDOWS\system32\jt6u07j9e.dll
Successfully Deleted: C:\WINDOWS\system32\jt6u07j9e.dll
Deleting: C:\WINDOWS\system32\l8l6li3s18.dll
Successfully Deleted: C:\WINDOWS\system32\l8l6li3s18.dll
Deleting: C:\WINDOWS\system32\wanmm.dll
Successfully Deleted: C:\WINDOWS\system32\wanmm.dll
Deleting: C:\WINDOWS\system32\wgn32spl.dll
Successfully Deleted: C:\WINDOWS\system32\wgn32spl.dll
Deleting: C:\WINDOWS\system32\wnnipsec.dll
Successfully Deleted: C:\WINDOWS\system32\wnnipsec.dll
Deleting: C:\WINDOWS\system32\wY2time.dll
Successfully Deleted: C:\WINDOWS\system32\wY2time.dll
msg11?.dll
0 fichier(s) copi(s).
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wanmm.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallNotifyShown"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,15,e2,04,2a,a7,f8,88,41,b4,28,c2,8f,2a,2a,30,5d,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,d9,c2,d6,b9,af,55,58,be,\
46,f5,7d,04,af,91,57,c8,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,d5,\
49,16,31,df,09,2e,64,d8,0e,4e,ad,40,f5,a5,34,18,02,00,00,f9,e2,14,ea,77,68,\
16,3c,65,56,c8,b9,64,a8,f4,e4,51,9c,9d,71,18,10,db,b8,62,3c,a4,a1,36,f8,3f,\
39,53,7f,03,f0,2d,61,96,cf,88,fe,49,16,cd,43,d9,0e,1c,38,9f,57,0a,6e,f5,c5,\
cb,ed,4e,67,3c,d4,38,d7,e0,b7,61,ca,46,df,88,8a,64,82,b3,e2,73,1e,5d,b4,55,\
6b,bf,ba,af,23,49,13,6d,b6,79,c9,a7,19,4b,37,df,d0,97,ae,b2,32,fa,d4,9e,5a,\
8a,58,fd,6d,f8,c3,8c,c1,d9,95,b5,d0,57,b6,7a,1b,1c,85,31,e7,9a,ab,15,ee,c8,\
46,bc,54,bf,54,b7,2a,fc,07,95,24,6c,9c,15,6b,b7,4b,3b,39,80,82,d7,cb,99,b3,\
ad,bf,ca,3b,f5,02,49,b1,8b,05,4b,0a,93,f5,b4,71,a7,d2,53,ad,e9,99,fe,96,3a,\
d5,03,b5,b6,37,2a,72,4e,42,61,a6,b5,ab,e4,4c,dd,5d,ab,7a,5e,57,65,45,d8,61,\
24,8b,82,4e,32,fc,3c,41,f4,e2,ad,97,b4,0b,b1,9c,5f,90,e8,f6,a7,40,e0,8d,8a,\
58,7a,65,21,40,84,c7,53,57,10,8a,b6,56,9b,80,3b,81,58,c9,03,cd,ff,a1,20,9d,\
01,e4,98,d8,25,04,9d,57,b7,74,e4,b1,30,6e,20,42,8a,ba,70,9a,c4,09,8e,07,52,\
f8,3c,df,e9,11,3c,61,55,6c,25,0c,b7,45,21,8c,f7,4e,7d,d6,d5,97,2c,48,ae,1a,\
0d,46,2e,a5,b8,f5,a1,5f,8c,24,24,2f,e5,0e,e2,97,21,3c,55,bc,e4,a2,ea,88,10,\
b6,00,54,ec,88,53,b3,1b,72,b1,05,1c,3f,ff,14,99,3a,2d,8c,60,8a,ea,12,f5,73,\
63,47,07,2c,ea,aa,84,67,58,46,82,90,f6,18,3a,49,23,fd,0c,34,2f,82,0c,ac,27,\
62,7c,ea,68,be,bc,cd,a7,5e,d7,5a,a4,bd,06,6d,dd,eb,0f,93,0a,38,7b,5f,72,ff,\
8a,a5,15,6c,d9,da,26,d7,ea,df,73,63,21,aa,4e,1b,05,b6,29,6e,fc,ec,20,fd,c0,\
93,f8,e0,64,a7,30,56,0a,60,0e,eb,f0,ef,72,98,a1,c5,e4,9c,cd,73,66,e3,92,8d,\
b8,59,49,c1,db,72,da,62,72,53,a3,2f,4f,ca,94,e0,09,14,da,47,b3,a8,e6,8f,70,\
c6,0a,89,cc,3f,34,1b,6c,39,17,89,34,51,60,3f,ed,31,3c,b5,35,4d,18,b6,88,00,\
c3,bc,a8,fe,34,86,f4,27,dd,d1,87,34,88,1a,92,95,e0,59,61,a2,b2,09,67,27,8a,\
bb,1c,f4,3d,d7,14,00,00,00,fa,7f,ab,dd,af,b2,c7,dd,a5,d6,4b,43,18,11,44,94,\
80,27,48,2b
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cdbjmon.dll
C:\WINDOWS\system32\cfbcatq.dll
C:\WINDOWS\system32\jt6u07j9e.dll
C:\WINDOWS\system32\l8l6li3s18.dll
C:\WINDOWS\system32\wanmm.dll
C:\WINDOWS\system32\wgn32spl.dll
C:\WINDOWS\system32\wnnipsec.dll
C:\WINDOWS\system32\wY2time.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\InprocServer32]
@="C:\\WINDOWS\\system32\\maexch40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\wY2time.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\InprocServer32]
@="C:\\WINDOWS\\system32\\cdbjmon.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}"=-
"{D757A54D-604D-4FB3-851C-2C7F7AF265FB}"=-
"{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}"=-
"{1EF0A758-F959-4573-AF39-DD8D7A4101D7}"=-
"{00114F2D-F941-4850-BFDE-A871AC43F82C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}]
[-HKEY_CLASSES_ROOT\CLSID\{D757A54D-604D-4FB3-851C-2C7F7AF265FB}]
[-HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
[-HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
[-HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/cdbjmon.dll (164 bytes security) (deflated 4%)
adding: dlls/cfbcatq.dll (164 bytes security) (deflated 4%)
adding: dlls/jt6u07j9e.dll (164 bytes security) (deflated 5%)
adding: dlls/l8l6li3s18.dll (164 bytes security) (deflated 5%)
adding: dlls/wanmm.dll (164 bytes security) (deflated 4%)
adding: dlls/wgn32spl.dll (164 bytes security) (deflated 4%)
adding: dlls/wnnipsec.dll (164 bytes security) (deflated 4%)
adding: dlls/wY2time.dll (164 bytes security) (deflated 4%)
adding: backregs/00114F2D-F941-4850-BFDE-A871AC43F82C.reg (212 bytes security) (deflated 70%)
adding: backregs/1EF0A758-F959-4573-AF39-DD8D7A4101D7.reg (212 bytes security) (deflated 69%)
adding: backregs/1FD86AAB-E279-4F55-90BB-7BA659D63AAA.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 76%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Marsh Posté le 03-07-2006 à 09:55:09
bonjour,
1/Télécharge http://www.ewido.net/en/download/ Ewido anti-spyware
Lance Ewido et clique sur le bouton Update (barre d'outils - au haut). Sous Manual Update clique Start update.
Tu verras ceci juste au bas, lorsque la mise à jour sera complétée : "Update successful"
Ferme Ewido. Ne pas le lancer tout de suite.
2/demarre en mode sans echec http://www.sosordi.net/Faq/Faq.2.html
3/
demarrer/panneau de configuration/ajouts et suppresions de programmes et verifie la presence de:
Network Monitor
si ce programme est present desinstalle le.
4/fais:
demarer executer services.msc repere Network Monitor
Double clic dessus ans le champs Statut du service met le sur [color=red]arrêté [/color]
dans le champs Type de démarrage met le sur [color=red]désactivé [/color] puis
Appliquer puis ok .
5/lance hijackthis en cliquant sur do a scan system only coche ces lignes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {35DC2968-E2DE-9D74-A746-9D2B5295D1C6} - C:\WINDOWS\system32\wbiktobm.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [defender] C:\\dfndrb_3.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdb_3.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmb_3.exe
O4 - HKLM\..\Run: [tgy8c24a] RUNDLL32.EXE w21a4daa.dll,n 0018c2490000000a21a4daa
O4 - HKCU\..\Run: [Oaaa] "C:\DOCUME~1\Weyandt\MESDOC~1\CURITY~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\Run: [Fniz] C:\WINDOWS\ASEMBL~1\UERINI~1.EXE
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wanmm.dll (file missing)
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\wY2time.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\wY2time.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked
6/pour supprimer les fichiers nefastes on va tous les afficher en faisant comme ceci:
Citation : Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage : |
7/supprime ce qui est en gras:
C:\WINDOWS\system32\ wbiktobm.dll<== le fichier
C:\\ dfndrb_3.exe<== le fichier
c:\\ kybrdb_3.exe<== le fichier
c:\\ nwnmb_3.exe<== le fichier
C:\Documents and Settings\Weyandt\Mes Documents\ CURITY~1<== tout le dossier qui commence
par CURITY
C:\WINDOWS\ASEMBL~1\ UERINI~1.EXE<== le fichier
C:\Program Files\ Network Monitor<== tout le dossier
8/ Du mode Sans Échec, lance Ewido et clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan. Le scan prendra un certain temps, donc sois patient.
Ewido affichera une liste des fichiers détectés, sur la gauche. En fin de scan, l'outil appliquera les "Actions" à appliquer automatiquement. Clique sur le bouton Apply all actions. Ewido affichera "All actions have been applied" du côté droit.
Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit sûr (sur ton Bureau, par exemple).
9/redemarre en mode normal
10/poste le rapport d'ewido ainsi qu'un nouveau log hijackthis.
bon courage, et si tu as la moindre question n'hesite surtout pas
@+
Marsh Posté le 03-07-2006 à 19:13:13
voila 1er petit probleme quand je met le pc en mode sans echec pour supprime Network Monitor il me mais une erreur en anglais comme quoi il ne peut pas me le supprime ???
Marsh Posté le 03-07-2006 à 20:49:51
bonjour,
tu essayes de faire tout ce que j'ai ecrit et ce que tu n'as pas reussi, tu me le diras une fois avoir posté le nouveau log et en precisant (pas reussia supprimer quoi? le dossier? pas reussi a desactiver le service? a l'arreté?....)
Marsh Posté le 03-07-2006 à 23:24:43
voila je te donne mes rapport ainsi que mes problemes rencontrer;
problemes:je n'ai pas reussi a suppr. Network Monitor
je n'ai pas trouvé:O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
pas trouvé:kybrdb_3.exe<== le fichier
nwnmb_3.exe
C:\Documents and Settings\Weyandt\Mes Documents\ CURITY~1<== tout le dossier qui commence
par CURITY
C:\WINDOWS\ASEMBL~1\ UERINI~1.EXE<== le fichier
rapport du scan
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 23:18:28 03/07/2006
+ Scan result:
C:\WINDOWS\V2V5YW5kdA\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\V2V5YW5kdA\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\50L4UXKQ\ac3[1].txt -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tgy8c24a.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/cdbjmon.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/cfbcatq.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/jt6u07j9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/l8l6li3s18.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/wY2time.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/wanmm.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/wgn32spl.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\backup.zip/dlls/wnnipsec.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\cdbjmon.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\cfbcatq.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\jt6u07j9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\l8l6li3s18.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\wY2time.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\wanmm.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\wgn32spl.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Bureau\l2mfix\dlls\wnnipsec.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\IGDZFALR\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1801674531-725345543-1003\Dc2.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\LEL3WMAA\kybrdb_3[1].exe -> Backdoor.VB.ary : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\F055R4G0\drsmartload849a[1].exe -> Downloader.Adload.ck : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\LEL3WMAA\drsmartload45a[1].exe -> Downloader.Adload.ck : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\QQU5LL0U\drsmartload46a[1].exe -> Downloader.Adload.ck : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\PCH9BXDF\nwnmb_3[1].exe -> Downloader.Adload.cm : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\E7YN61QZ\nwnmc_2[1].exe -> Downloader.Adload.cn : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TG547U5\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\50L4UXKQ\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Мicrosoft\wowexec.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\F9KKGRJF\al3[1].txt -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\M303PQJY\ac3_0010[1].exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w21a4daa.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\DC3AZ7DZ\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\E7YN61QZ\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\7BX1X5PQ\dfndrc_2[1].exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\S5K34BKJ\dfndrb_3[1].exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1801674531-725345543-1003\Dc3.exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
C:\dfndrb_3.exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\F9KKGRJF\kybrdc_2[1].exe -> Downloader.VB.agi : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\M303PQJY\drsmartload[1].exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\F055R4G0\nwnmb_2[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.461:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.583:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.593:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@boonty.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.443:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.234:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.235:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.34:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.141:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.142:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.143:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.292:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.60:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.402:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.591:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.126:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned.
:mozilla.216:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.54:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.139:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.357:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.358:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.359:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.360:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.361:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.124:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned.
:mozilla.580:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.617:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.618:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@ehg-ypcorp.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.456:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.457:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.585:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.586:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.545:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.217:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.131:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.132:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.356:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.250:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.251:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.252:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.47:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.193:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.194:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.195:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.196:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.197:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.198:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.199:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.200:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.201:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.202:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.203:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.55:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.57:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.58:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.59:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.340:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.341:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.342:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.343:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.344:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.345:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.346:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.347:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.337:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.338:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.339:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.83:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.84:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.87:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.90:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.91:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.418:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.419:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.122:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.123:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.77:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.78:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.85:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.92:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.93:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.94:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.284:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
:mozilla.411:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.412:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.113:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.114:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.115:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.117:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.246:C:\Documents and Settings\Weyandt\Application Data\Mozilla\Firefox\Profiles\omqhynws.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Weyandt\Cookies\weyandt@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Weyandt\Local Settings\Temporary Internet Files\Content.IE5\IGDZFALR\!update-4020[1].0000 -> Trojan.PurityAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Weyandt\Mes documents\ѕеcurity\wuauboot.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
::Report end
rapport hijackthis;;
Logfile of HijackThis v1.99.1
Scan saved at 23:24:21, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Weyandt\LOCALS~1\Temp\Rar$EX00.359\HijackThis.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\spoolsv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Marsh Posté le 04-07-2006 à 09:34:25
Bonjour,
redemarre en mode sans echec, et avec hijackthis, tu coches et tu fixes cette ligne:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
redemarre en mode normal et repost un nouveau log hijackthis.
@+
Marsh Posté le 04-07-2006 à 12:56:48
voila je te donne le rapport;;
Logfile of HijackThis v1.99.1
Scan saved at 12:54:59, on 04/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Weyandt\LOCALS~1\Temp\Rar$EX00.296\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\spoolsv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Marsh Posté le 04-07-2006 à 13:55:49
Bonjour,
ton rapport est propre, beau travail
As tu encore des problemes avec ton PC?
Marsh Posté le 04-07-2006 à 15:04:01
aparament je n'ai plus de probleme
j'ai juste quelque questions;
de quoi provien ces spam? (de mon antivirus ? )
et ci ewido et mieu que adware ?
Marsh Posté le 04-07-2006 à 17:39:30
re,
ton antivirus a du laisser passer des bestioles...
Citation : et ci ewido et mieu que adware ? |
ils n'ont pas la meme "fonction" tu peux les garder tout les deux
As tu encore des problemes?
Si tu n'as pu de problemes pense a mettre la question en resolu, pour se faire tu edites ton
titre (premier message) et tu mets devant [résolu]
@+
Marsh Posté le 04-07-2006 à 17:59:45
non je n'ai plus de probleme mais je pense que cela doit venir de mon antivitus xar windows me dit qu'il et perimé et quand je veut le mettre a jour il me dit echec de la mise a jour !! peut etre une solution ?
Marsh Posté le 04-07-2006 à 18:10:06
re,
Faut poster dans une autre partie du forum pour ce probleme
Marsh Posté le 30-06-2006 à 17:21:13
salut
voila depuis quelque jours j'ai des fenetres qui s'ouvre n'importe quand sur mon pc , ce qui me derange pour jouer et surfer sur le net
pouriez vous m'aider!!
cordialement
Message édité par alpha52 le 04-07-2006 à 18:00:47