Gros soucis multiples trojans et spywares

Résolu
Chiktika -  
 ^^Marie^^ -
Bonjour, quelqu'un peut-il m'aider je ne m'en sors pas. J'ai beau utiliser un antivirus (pc cillin et ewido), ainsi que spybot et Microsoft antispyware, mon ordinateur est infesté par quelques spy coriaces dont je n'arrive pas à me débarrasser : entre autres look2me, virtumonde et trojandownloaderAget.Yf

Comment faire ?? La naviguation sur internet est devenue impossible.

Avec par avance mes remerciements à celui qui me sortira de la !!!
Configuration: Win XP
Free box

33 réponses

  • 1
  • 2
Résumé de la discussion

Infection par des spywares coriaces tels que Virtumonde et Look2Me ainsi que TrojanDownloader.Agent.yf sur Windows XP rend la navigation Internet difficile et nécessite une procédure de nettoyage ciblée.
Des étapes essentielles, classées par pertinence, consistent à désactiver la restauration système puis redémarrer, utiliser Process Explorer et KillBox pour localiser et supprimer les fichiers gênants comme wvwur.dll, puis lancer HijackThis.
Dans HijackThis, il faut cocher les entrées suspectes et valider, puis utiliser KillBox pour supprimer définitivement les éléments repérés lors d'un redémarrage, ce qui permet d'éliminer Virtumonde et Look2Me.
Ensuite, relancer un scan avec ewido, nettoyer les cookies et envisager la création d’un point de restauration après nettoyage; en cas de persistance, un examen en mode sans échec peut être nécessaire.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    salut
    télécharge HijackThis ici:
    http://www.hijackthis.de/downloads/hijackthis_199.zip

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (merci à balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    a+
    0
    1. Chiktika
       
      Logfile of HijackThis v1.99.1
      Scan saved at 22:34:03, on 01/11/2005
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      F:\WINDOWS\System32\smss.exe
      F:\WINDOWS\system32\winlogon.exe
      F:\WINDOWS\system32\services.exe
      F:\WINDOWS\system32\lsass.exe
      F:\WINDOWS\system32\svchost.exe
      F:\WINDOWS\System32\svchost.exe
      F:\WINDOWS\system32\spoolsv.exe
      F:\WINDOWS\system32\rundll32.exe
      F:\WINDOWS\Explorer.EXE
      F:\Program Files\Avast4\aswUpdSv.exe
      F:\Program Files\Avast4\ashServ.exe
      F:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
      F:\WINDOWS\System32\CTsvcCDA.EXE
      F:\Program Files\ewido\security suite\ewidoctrl.exe
      F:\Program Files\ewido\security suite\ewidoguard.exe
      F:\WINDOWS\System32\nvsvc32.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      F:\WINDOWS\System32\svchost.exe
      F:\WINDOWS\System32\Tablet.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      F:\WINDOWS\windat.exe
      F:\WINDOWS\system32\cmd.exe
      F:\WINDOWS\system32\ftp.exe
      F:\WINDOWS\cytob.exe
      F:\WINDOWS\system32\wincntrl.exe
      F:\Program Files\Logitech\MouseWare\System\em_exec.exe
      F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      F:\Program Files\Internet Explorer\iexplore.exe
      F:\Program Files\Avast4\ashMaiSv.exe
      F:\Program Files\Avast4\ashWebSv.exe
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - F:\WINDOWS\System32\cbaxx.dll
      O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - F:\WINDOWS\System32\wvwur.dll
      O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [Intel Service Drivers] msconfig16.exe
      O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Microsoft messenger] msnger.exe
      O4 - HKLM\..\Run: [pccguide.exe] "F:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
      O4 - HKLM\..\RunServices: [Intel Service Drivers] msconfig16.exe
      O4 - HKLM\..\RunServices: [Microsoft messenger] msnger.exe
      O4 - HKCU\..\Run: [Intel Service Drivers] msconfig16.exe
      O4 - HKCU\..\Run: [Microsoft messenger] msnger.exe
      O4 - HKCU\..\RunServices: [Intel Service Drivers] msconfig16.exe
      O4 - HKCU\..\RunServices: [Microsoft messenger] msnger.exe
      O4 - Startup: Microsoft AntiSpyware.lnk = F:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
      O4 - Startup: Raccourci vers mwadvanced_fra.lnk = ?
      O8 - Extra context menu item: &MSN Search - res://F:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?2f81a745897e440c9f2a595a7d8758d
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?2f81a745897e440c9f2a595a7d8758d
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
      O18 - Protocol: bwc0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O18 - Protocol: offline-8876480 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Filter: text/html - {65E54F1B-545F-486A-B33A-39EB01425FD0} - (no file)
      O19 - User stylesheet: (file missing)
      O20 - Winlogon Notify: cbaxx - F:\WINDOWS\SYSTEM32\cbaxx.dll
      O20 - Winlogon Notify: khffd - F:\WINDOWS\
      O20 - Winlogon Notify: WebCheck - F:\WINDOWS\system32\en4sl1h71.dll
      O20 - Winlogon Notify: wvwur - F:\WINDOWS\System32\wvwur.dll
      O23 - Service: aim.ex - Unknown owner - F:\WINDOWS\iexplorer.exe (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
      O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
      O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
      O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
      O23 - Service: Intranet Service (IntranetService) - Unknown owner - intranet.exe (file missing)
      O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - F:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: System Manager Service (SMSC) - Unknown owner - F:\WINDOWS\smsc.exe (file missing)
      O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - F:\WINDOWS\System32\Tablet.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      O23 - Service: Windows Archiver (winarc) - Unknown owner - F:\WINDOWS\windat.exe
      O23 - Service: WindowsSysBoot - Unknown owner - F:\WINDOWS\cytob.exe
      O23 - Service: MS Dns Service (WinNet) - Unknown owner - F:\WINDOWS\system32\wincntrl.exe
      0
  2. Utilisateur anonyme
     
    Salut,

    Imprime, ou enregistre ceci dans le bloc note pour ne rien oublier.

    Désactive la restauration système
    Clic droit sur poste de travail > propriétés > onglet restauration système
    puis cocher "désactiver la restauration système".

    et reboot le pc normalement (pas en mode sans échec)

    1/

    télécharge : process xp ici:
    http://www.sysinternals.com/files/procexpnt.zip

    Télécharge: Pocket Killbox ici
    http://www.downloads.subratam.org/KillBox.exe

    :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
    http://pageperso.aol.fr/balltrap34/killbox.htm

    **

    2/

    Déconnecte toi du net.
    Ferme tous les programmes en cours (média player, internet explorer, ...etc)

    Dézippe (clic droit > extraire) process xp et double clic sur processxp.exe

    * Dans la fenêtre principale de processxp double clic sur winlogon.exe
    Dans la nouvelle fenêtre qui s'ouvre clique sur threads
    sélectionne seulement les lignes qui contiennent wvwur.dll puis clique sur kill pour chacune des lignes trouvées.
    une fois fait, valide avec ok

    * Dans la fenêtre principale de processxp double clic sur explorer.exe
    Dans la nouvelle fenêtre qui s'ouvre clique sur threads
    sélectionner seulement les lignes qui contiennent wvwur.dll puis clique sur kill pour chacune des lignes trouvées.
    une fois fait, valide avec ok

    3/

    puis lancer HijackThis:

    clique sur "do a system scan only"

    * Cocher la case au début de ces lignes:

    O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - F:\WINDOWS\System32\cbaxx.dll

    O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - F:\WINDOWS\System32\wvwur.dll

    O4 - HKLM\..\Run: [Intel Service Drivers] msconfig16.exe

    O4 - HKLM\..\Run: [Microsoft messenger] msnger.exe

    O4 - HKLM\..\RunServices: [Intel Service Drivers] msconfig16.exe

    O4 - HKLM\..\RunServices: [Microsoft messenger] msnger.exe

    O4 - HKCU\..\Run: [Intel Service Drivers] msconfig16.exe

    O4 - HKCU\..\Run: [Microsoft messenger] msnger.exe

    O4 - HKCU\..\RunServices: [Intel Service Drivers] msconfig16.exe

    O4 - HKCU\..\RunServices: [Microsoft messenger] msnger.exe

    O4 - Startup: Raccourci vers mwadvanced_fra.lnk = ?

    O18 - Filter: text/html - {65E54F1B-545F-486A-B33A-39EB01425FD0} - (no file)

    O19 - User stylesheet: (file missing)

    O20 - Winlogon Notify: cbaxx - F:\WINDOWS\SYSTEM32\cbaxx.dll

    O20 - Winlogon Notify: khffd - F:\WINDOWS\

    O20 - Winlogon Notify: WebCheck - F:\WINDOWS\system32\en4sl1h71.dll

    O20 - Winlogon Notify: wvwur - F:\WINDOWS\System32\wvwur.dll

    O23 - Service: aim.ex - Unknown owner - F:\WINDOWS\iexplorer.exe (file missing)

    O23 - Service: Intranet Service (IntranetService) - Unknown owner - intranet.exe (file missing)

    O23 - Service: System Manager Service (SMSC) - Unknown owner - F:\WINDOWS\smsc.exe (file missing)

    O23 - Service: Windows Archiver (winarc) - Unknown owner - F:\WINDOWS\windat.exe

    O23 - Service: WindowsSysBoot - Unknown owner - F:\WINDOWS\cytob.exe

    O23 - Service: MS Dns Service (WinNet) - Unknown owner - F:\WINDOWS\system32\wincntrl.exe

    * Valider avec fix checked

    recherche et supprime ceci

    msconfig16.exe
    msnger.exe
    F:\WINDOWS\iexplorer.exe
    intranet.exe
    F:\WINDOWS\windat.exe
    F:\WINDOWS\cytob.exe
    F:\WINDOWS\system32\wincntrl.exe

    ----------------------------------------------------------------------------
    ¤Arrête ces services :

    Clique sur Démarrer->exécuter->tape: services.msc

    Double-clique: Service: aim.ex

    Règle-le sur "Arrêté" et "Désactivé".

    Fais de meme avec ceci:

    Intranet Service
    System Manager Service
    Windows Archiver
    WindowsSysBoot
    MS Dns Service (WinNet)
    ----------------------------------------------------------------------------

    5/

    Double clic sur killbox.exe (Pocket Killbox)

    - coche: delete on reboot
    - Dans "Full Path of File to Delete"
    copie et colle:

    F:\WINDOWS\System32\wvwur.dll

    - clique sur la croix rouge
    - une fenêtre va apparaître pour confirmation clique sur YES
    - une seconde fenêtre te demande si tu veux redémarrer clique sur YES

    Laisse le pc redémarrer.
    Et après reposte un log HijackThis.

    A+
    0
    1. Chiktika
       
      Rebonsoir, j'ai fais comme tu as dit cependant : impossible de trouver et de supprimer :
      F:\WINDOWS\iexplorer.exe
      intranet.exe
      F:\WINDOWS\windat.exe
      F:\WINDOWS\system32\wincntrl.exe

      et impossible de supprimer F:\WINDOWS\System32\wvwur.dll

      voici le hijacks :

      Logfile of HijackThis v1.99.1
      Scan saved at 00:32:15, on 02/11/2005
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      F:\WINDOWS\System32\smss.exe
      F:\WINDOWS\system32\winlogon.exe
      F:\WINDOWS\system32\services.exe
      F:\WINDOWS\system32\lsass.exe
      F:\WINDOWS\system32\svchost.exe
      F:\WINDOWS\System32\svchost.exe
      F:\WINDOWS\system32\spoolsv.exe
      F:\WINDOWS\system32\rundll32.exe
      F:\WINDOWS\Explorer.EXE
      F:\Program Files\Avast4\aswUpdSv.exe
      F:\Program Files\Avast4\ashServ.exe
      F:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
      F:\WINDOWS\System32\whkwi.exe
      F:\WINDOWS\System32\CTsvcCDA.EXE
      F:\Program Files\ewido\security suite\ewidoctrl.exe
      F:\Program Files\ewido\security suite\ewidoguard.exe
      F:\WINDOWS\System32\nvsvc32.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      F:\WINDOWS\System32\svchost.exe
      F:\WINDOWS\System32\Tablet.exe
      F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      F:\Program Files\Internet Explorer\iexplore.exe
      F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
      F:\WINDOWS\system32\cmd.exe
      F:\Program Files\Avast4\ashMaiSv.exe
      F:\WINDOWS\system32\ftp.exe
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\HijackThis.exe
      F:\Program Files\Avast4\ashWebSv.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - F:\WINDOWS\system32\cbaxx.dll
      O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - F:\WINDOWS\System32\wvwur.dll
      O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [pccguide.exe] "F:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
      O4 - HKLM\..\Run: [Microsoft Updote] whkwi.exe
      O4 - HKLM\..\RunServices: [Microsoft Updote] whkwi.exe
      O4 - Startup: Microsoft AntiSpyware.lnk = F:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
      O8 - Extra context menu item: &MSN Search - res://F:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?2f81a745897e440c9f2a595a7d8758d
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?2f81a745897e440c9f2a595a7d8758d
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
      O18 - Protocol: bwc0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O18 - Protocol: offline-8876480 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - Winlogon Notify: cbaxx - F:\WINDOWS\SYSTEM32\cbaxx.dll
      O20 - Winlogon Notify: RunOnceEx - F:\WINDOWS\system32\enr8l19u1.dll
      O20 - Winlogon Notify: wvwur - F:\WINDOWS\System32\wvwur.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
      O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
      O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
      O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
      O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - F:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - F:\WINDOWS\System32\Tablet.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

      merci de ta patience.
      0
  3. Utilisateur anonyme
     
    re
    Télécharge l2mfix ici:

    http://www.downloads.subratam.org/l2mfix.exe

    Double clic sur l2mfix.exe pour lancer l'extraction
    Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche entrée.
    Le bloc note va s'ouvrir avec le résultat du scan.
    Fais un copier coller du résultat ici.

    a demain, bises
    a+
    0
    1. Chiktika
       
      L2MFIX find log 1.04a
      These are the registry keys present
      **********************************************************************************
      Winlogon/notify:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbaxx]
      "Asynchronous"=dword:00000001
      "DllName"="cbaxx.dll"
      "Impersonate"=dword:00000000
      "Logon"="Logon"
      "Logoff"="Logoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
      6c,00,00,00
      "Logoff"="ChainWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Logoff"="CryptnetWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
      "DLLName"="cscdll.dll"
      "Logon"="WinlogonLogonEvent"
      "Logoff"="WinlogonLogoffEvent"
      "ScreenSaver"="WinlogonScreenSaverEvent"
      "Startup"="WinlogonStartupEvent"
      "Shutdown"="WinlogonShutdownEvent"
      "StartShell"="WinlogonStartShellEvent"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx]
      "Asynchronous"=dword:00000000
      "DllName"="F:\\WINDOWS\\system32\\enr8l19u1.dll"
      "Impersonate"=dword:00000000
      "Logon"="WinLogon"
      "Logoff"="WinLogoff"
      "Shutdown"="WinShutdown"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
      "DLLName"="wlnotify.dll"
      "Logon"="SCardStartCertProp"
      "Logoff"="SCardStopCertProp"
      "Lock"="SCardSuspendCertProp"
      "Unlock"="SCardResumeCertProp"
      "Enabled"=dword:00000001
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "StartShell"="SchedStartShell"
      "Logoff"="SchedEventLogOff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
      "Logoff"="WLEventLogoff"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001
      "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
      "DLLName"="WlNotify.dll"
      "Lock"="SensLockEvent"
      "Logon"="SensLogonEvent"
      "Logoff"="SensLogoffEvent"
      "Safe"=dword:00000001
      "MaxWait"=dword:00000258
      "StartScreenSaver"="SensStartScreenSaverEvent"
      "StopScreenSaver"="SensStopScreenSaverEvent"
      "Startup"="SensStartupEvent"
      "Shutdown"="SensShutdownEvent"
      "StartShell"="SensStartShellEvent"
      "PostShell"="SensPostShellEvent"
      "Disconnect"="SensDisconnectEvent"
      "Reconnect"="SensReconnectEvent"
      "Unlock"="SensUnlockEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "Logoff"="TSEventLogoff"
      "Logon"="TSEventLogon"
      "PostShell"="TSEventPostShell"
      "Shutdown"="TSEventShutdown"
      "StartShell"="TSEventStartShell"
      "Startup"="TSEventStartup"
      "MaxWait"=dword:00000258
      "Reconnect"="TSEventReconnect"
      "Disconnect"="TSEventDisconnect"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
      "DLLName"="wlnotify.dll"
      "Logon"="RegisterTicketExpiredNotificationEvent"
      "Logoff"="UnregisterTicketExpiredNotificationEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvwur]
      "Asynchronous"=dword:00000001
      "DllName"="F:\\WINDOWS\\System32\\wvwur.dll"
      "Impersonate"=dword:00000000
      "Startup"="SysLogon"
      "Logoff"="SysLogoff"


      RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
      Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
      This program is Freeware, use it on your own risk!

      Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
      (NI) ALLOW Full access AUTORITE NT\SYSTEM
      (IO) ALLOW Full access AUTORITE NT\SYSTEM
      (ID-NI) ALLOW Read BUILTIN\Utilisateurs
      (ID-IO) ALLOW Read BUILTIN\Utilisateurs
      (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
      (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
      (ID-NI) ALLOW Full access BUILTIN\Administrateurs
      (ID-IO) ALLOW Full access BUILTIN\Administrateurs
      (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
      (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
      (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


      **********************************************************************************
      useragent:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      "{725D6E80-130C-87C1-A4F7-14D07FAA9940}"=""

      **********************************************************************************
      Shell Extension key:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
      "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
      "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
      "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
      "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
      "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
      "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
      "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
      "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
      "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
      "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
      "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
      "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
      "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
      "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
      "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
      "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
      "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
      "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
      "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
      "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
      "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
      "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
      "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
      "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
      "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
      "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
      "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
      "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
      "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
      "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
      "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
      "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
      "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
      "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"
      "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
      "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
      "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
      "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
      "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
      "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
      "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
      "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
      "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
      "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
      "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
      "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
      "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
      "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
      "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
      "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
      "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
      "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
      "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
      "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
      "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
      "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
      "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
      "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
      "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
      "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
      "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
      "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
      "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
      "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
      "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
      "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
      "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
      "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
      "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
      "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
      "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
      "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
      "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
      "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
      "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
      "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
      "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
      "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
      "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
      "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
      "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
      "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
      "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
      "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
      "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
      "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
      "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
      "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
      "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
      "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
      "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
      "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
      "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
      "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
      "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
      "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
      "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
      "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
      "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
      "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
      "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
      "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
      "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
      "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
      "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
      "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
      "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
      "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
      "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
      "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
      "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
      "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
      "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
      "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
      "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
      "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
      "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
      "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
      "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
      "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
      "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
      "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
      "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
      "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
      "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
      "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
      "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
      "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
      "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
      "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
      "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
      "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
      "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
      "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
      "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
      "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
      "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
      "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
      "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
      "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
      "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
      "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
      "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
      "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
      "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
      "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
      "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
      "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
      "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
      "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
      "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
      "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
      "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
      "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
      "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
      "{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
      "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
      "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
      "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
      "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
      "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
      "{65756541-C65C-11CD-0000-4B656E696100}"="Panda Antivirus"
      "{780BCB64-0CAF-473c-A9FC-E08C03D75515}"="Matroska Shell Extension, Properties Page CLSID"
      "{78DC191E-EFC1-4532-9A71-224577A86A7D}"="Matroska Shell Extension, Thumbnail Handler CLSID"
      "{794D04CA-70AC-4020-80EB-FFD59DEF8027}"="Matroska Shell Extension, Tooltip Provider CLSID"
      "{789111D8-68A3-46a3-9663-145A3FF4C9C9}"="Matroska Shell Extension, ContextMenu CLSID"
      "{781395AF-A127-469f-A06F-59B482AF4F3F}"="Matroska Shell Extension, Column Provider CLSID"
      "{79BC0345-1015-11D2-A299-006008312725}"="blue.shell"
      "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
      "{B446400D-0030-457b-8F64-422A19605186}"="Logitech Gallery"
      "{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
      "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler"
      "{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}"="Macromedia FTP & RDS"
      "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
      "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
      "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
      "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
      "{17089F83-4D23-4CC0-9496-53AF9ADC526F}"=""
      "{684C994D-37A5-449B-8A08-20ECC54ADAED}"=""
      "{177C8E85-3499-4D47-BBC6-6A9D758FEEB1}"=""
      "{88EF9757-814B-4488-8062-D0FE342E863F}"=""
      "{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows Desktop Search"
      "{97090E2F-3062-4459-855B-014F0D3CDBB1}"="MSN Deskbar"
      "{48F45200-91E6-11CE-8A4F-0080C81A28D4}"="TMD Shell Extension"
      "{771A9DA0-731A-11CE-993C-00AA004ADB6C}"="VBPropSheet"
      "{96DACD3B-B03A-4526-AF3E-6A65ED85CE49}"=""

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D426CFD0-87FC-4906-98D9-A23F5D515D61}]
      @="MSN Desktop Search Outlook Express ISearchFolder Class"

      **********************************************************************************
      HKEY ROOT CLASSIDS:
      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{17089F83-4D23-4CC0-9496-53AF9ADC526F}]
      @=""
      "IDEx"="ADDR"

      [HKEY_CLASSES_ROOT\CLSID\{17089F83-4D23-4CC0-9496-53AF9ADC526F}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{17089F83-4D23-4CC0-9496-53AF9ADC526F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{17089F83-4D23-4CC0-9496-53AF9ADC526F}\InprocServer32]
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{177C8E85-3499-4D47-BBC6-6A9D758FEEB1}]
      @=""
      "IDEx"="AD"

      [HKEY_CLASSES_ROOT\CLSID\{177C8E85-3499-4D47-BBC6-6A9D758FEEB1}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{177C8E85-3499-4D47-BBC6-6A9D758FEEB1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{177C8E85-3499-4D47-BBC6-6A9D758FEEB1}\InprocServer32]
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{96DACD3B-B03A-4526-AF3E-6A65ED85CE49}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{96DACD3B-B03A-4526-AF3E-6A65ED85CE49}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{96DACD3B-B03A-4526-AF3E-6A65ED85CE49}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{96DACD3B-B03A-4526-AF3E-6A65ED85CE49}\InprocServer32]
      @="F:\\WINDOWS\\system32\\ueerenv.dll"
      "ThreadingModel"="Apartment"

      **********************************************************************************
      Files Found are not all bad files:
      Locate .tmp files:
      Directory Listing of system files:
      Le volume dans le lecteur F n'a pas de nom.
      Le num‚ro de s‚rie du volume est 28CD-EBE6

      R‚pertoire de F:\WINDOWS\System32

      02/11/2005 00:40 185ÿ679 ruwvw.ini
      02/11/2005 00:30 234ÿ193 ueerenv.dll
      02/11/2005 00:30 235ÿ538 ir4ol5h31.dll
      02/11/2005 00:20 235ÿ263 j0p0la7m1d.dll
      01/11/2005 23:50 234ÿ272 lvp0097me.dll
      01/11/2005 23:35 235ÿ659 dllayx.dll
      01/11/2005 23:35 234ÿ193 enr8l19u1.dll
      01/11/2005 22:58 189ÿ952 whkwi.exe
      01/11/2005 22:56 235ÿ509 enrol1931.dll
      01/11/2005 22:46 234ÿ752 l4l60e3seh.dll
      01/11/2005 22:27 235ÿ063 hr4u05h9e.dll
      01/11/2005 20:16 235ÿ569 enn4l15q1.dll
      31/10/2005 18:33 180ÿ844 ruwvw.bak1
      29/10/2005 17:33 180ÿ844 ruwvw.bak2
      29/10/2005 14:58 236ÿ032 wincntrl.exe
      28/10/2005 10:34 174ÿ651 dffhk.ini
      28/10/2005 09:21 175ÿ944 dffhk.bak1
      19/10/2005 11:07 <REP> dllcache
      02/06/2005 17:27 1ÿ890 KGyGaAvL.sys
      27/04/2004 17:38 <REP> Microsoft
      11/01/2004 11:16 32 {7DB2476F-C91B-4C46-896C-583464AE1325}.dat
      11/01/2004 11:15 32 {66A3443B-B25A-4CF6-999E-BE144264BD48}.dat
      11/01/2004 11:15 32 {84C35323-0607-4AD5-B514-35F49C0B5B91}.dat
      11/01/2004 11:13 32 {CD6C43A1-7017-4896-872D-080E4A3479C1}.dat
      11/01/2004 11:13 32 {EAA976E1-6E3E-44B0-8E4A-8662D824270E}.dat
      11/01/2004 11:13 32 {08BD0C93-BC33-4D9C-9CB1-1F5770CF1F31}.dat
      24 fichier(s) 3ÿ676ÿ039 octets
      2 R‚p(s) 4ÿ357ÿ496ÿ832 octets libres


      Merci beaucoup, bonne nuit.
      A demain bizz.
      0
  4. Utilisateur anonyme
     
    salut
    bien dormi?
    remet un hijack this stp

    a+
    0
    1. Chiktika
       
      Pas bien dormie, manque de sommeil ;))) et l'ordi qui a failli ne jamais redemarrer !!!
      voici le hijack du matin

      Logfile of HijackThis v1.99.1
      Scan saved at 10:24:54, on 02/11/2005
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      F:\WINDOWS\System32\smss.exe
      F:\WINDOWS\system32\winlogon.exe
      F:\WINDOWS\system32\services.exe
      F:\WINDOWS\system32\lsass.exe
      F:\WINDOWS\system32\svchost.exe
      F:\WINDOWS\System32\svchost.exe
      F:\WINDOWS\system32\spoolsv.exe
      F:\WINDOWS\system32\rundll32.exe
      F:\WINDOWS\Explorer.EXE
      F:\Program Files\Avast4\aswUpdSv.exe
      F:\Program Files\Avast4\ashServ.exe
      F:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
      F:\WINDOWS\System32\whkwi.exe
      F:\WINDOWS\System32\CTsvcCDA.EXE
      F:\Program Files\ewido\security suite\ewidoctrl.exe
      F:\Program Files\ewido\security suite\ewidoguard.exe
      F:\WINDOWS\System32\nvsvc32.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      F:\WINDOWS\System32\svchost.exe
      F:\WINDOWS\System32\Tablet.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
      F:\Program Files\Avast4\ashMaiSv.exe
      F:\WINDOWS\system32\cmd.exe
      F:\WINDOWS\system32\ftp.exe
      F:\Program Files\Avast4\ashWebSv.exe
      F:\Program Files\MSN Messenger\msnmsgr.exe
      F:\Program Files\Internet Explorer\iexplore.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - F:\WINDOWS\system32\cbaxx.dll
      O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - F:\WINDOWS\System32\wvwur.dll
      O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [pccguide.exe] "F:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
      O4 - HKLM\..\Run: [Microsoft Updote] whkwi.exe
      O4 - HKLM\..\RunServices: [Microsoft Updote] whkwi.exe
      O4 - Startup: Microsoft AntiSpyware.lnk = F:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
      O8 - Extra context menu item: &MSN Search - res://F:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?2f81a745897e440c9f2a595a7d8758d
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?2f81a745897e440c9f2a595a7d8758d
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
      O18 - Protocol: bwc0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O18 - Protocol: offline-8876480 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - Winlogon Notify: cbaxx - F:\WINDOWS\SYSTEM32\cbaxx.dll
      O20 - Winlogon Notify: RunOnceEx - F:\WINDOWS\system32\ir4ol5h31.dll
      O20 - Winlogon Notify: wvwur - F:\WINDOWS\System32\wvwur.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
      O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
      O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
      O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
      O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - F:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - F:\WINDOWS\System32\Tablet.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Bonjour,

    Méthode à suivre dans l'ordre...
    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4 <<nouvelle version.
    http://www.safer-networking.org/fr/index.html

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06 <<nouvelle version.
    http://www.lavasoftusa.com/software/adaware/
    -Une aide:
    http://www.tutopat.com/viewtopic.php?t=1191
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf
    ----------------------------------------------------------------------------
    ¤Désactive ta restauration système (uniquement si tu es sous XP):
    Clic droit sur poste de travail puis,
    propriété, tu cliques sur onglet restauration système
    tu coches la case « désactiver la restauration » et applique.
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et temporary internet file:

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Windows\Temp

    :: Le contenu du dossier prefetch ::

    * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

    * Ne pas oublier de vider la corbeille !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - F:\WINDOWS\system32\cbaxx.dll

    O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - F:\WINDOWS\System32\wvwur.dll

    O4 - HKLM\..\Run: [Microsoft Updote] whkwi.exe

    O4 - HKLM\..\RunServices: [Microsoft Updote] whkwi.exe

    O20 - Winlogon Notify: cbaxx - F:\WINDOWS\SYSTEM32\cbaxx.dll

    O20 - Winlogon Notify: RunOnceEx - F:\WINDOWS\system32\ir4ol5h31.dll

    O20 - Winlogon Notify: wvwur - F:\WINDOWS\System32\wvwur.dll
    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    whkwi.exe

    ***

    Maintenant relances l2mfix.bat
    et choisis l'option 2
    Il va te demander d'appuyer sur une touche pour redémarrer
    appuie sur n'importe quelle touche et laisse le pc redémarrer
    le bloc note va s'ouvrir, copie et colle le contenu ici

    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+
    0
    1. Chiktika
       
      Bon bilan de la journée : ce matin j'ai fait tout comme tu as dis, ca n'a eu aucun effet.
      J'ai réessayer ce soir où j'avais plus de temps : voici le hijack, le bmoc note de l2mfix ne s'est pas affiché apres le redemarrage.

      Logfile of HijackThis v1.99.1
      Scan saved at 19:06:08, on 02/11/2005
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      F:\WINDOWS\System32\smss.exe
      F:\WINDOWS\system32\winlogon.exe
      F:\WINDOWS\system32\services.exe
      F:\WINDOWS\system32\lsass.exe
      F:\WINDOWS\system32\svchost.exe
      F:\WINDOWS\System32\svchost.exe
      F:\WINDOWS\system32\spoolsv.exe
      F:\WINDOWS\Explorer.EXE
      F:\WINDOWS\System32\rundll32.exe
      F:\Program Files\Avast4\aswUpdSv.exe
      F:\Program Files\Avast4\ashServ.exe
      F:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
      F:\WINDOWS\System32\CTsvcCDA.EXE
      F:\Program Files\ewido\security suite\ewidoctrl.exe
      F:\Program Files\Yahoo!\Messenger\ypager.exe
      F:\Program Files\ewido\security suite\ewidoguard.exe
      F:\WINDOWS\System32\nvsvc32.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      F:\WINDOWS\System32\svchost.exe
      F:\WINDOWS\System32\Tablet.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      F:\WINDOWS\system32\cmd.exe
      F:\WINDOWS\system32\ftp.exe
      F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
      F:\Program Files\Avast4\ashWebSv.exe
      F:\Program Files\Avast4\ashMaiSv.exe
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      O1 - Hosts: :127.0.0.1
      O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [pccguide.exe] "F:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
      O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
      O4 - Startup: Microsoft AntiSpyware.lnk = F:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
      O8 - Extra context menu item: &MSN Search - res://F:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?2f81a745897e440c9f2a595a7d8758d
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?2f81a745897e440c9f2a595a7d8758d
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
      O18 - Protocol: bwc0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O18 - Protocol: offline-8876480 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
      O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
      O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
      O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
      O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - F:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - F:\WINDOWS\System32\Tablet.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

      Elwido ne me signale plus d'attaques comme j'avais avant, c'est plutot bon signe, juste une du spyware look2me. Sinon toujours autant de fenetres popup qui s'ouvrent toute seule, sais tu pourquoi l'anti popup de la msn bar ne les bloque pas comme elle l'avait toujours fait avant ??
      Merci beaucoup !!
      0
  7. Utilisateur anonyme
     
    resalut
    tu peux m expliker ces pubs?

    et peux tu colle le rapport du scan d ewido?

    a+
    0
    1. Chiktika
       
      Voici le rapport de scan ewido :

      il y avait du boulot !!!

      ---------------------------------------------------------
      ewido security suite - Rapport de scan
      ---------------------------------------------------------

      + Créé le: 19:15:53, 03/11/2005
      + Somme de contrôle: D42CC47C

      + Résultats du scan:

      HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Nettoyer et sauvegarder
      HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Nettoyer et sauvegarder
      HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Nettoyer et sauvegarder
      HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Nettoyer et sauvegarder
      [1140] F:\WINDOWS\system32\sulgntfy.dll -> Spyware.Look2Me : Erreur durant le nettoyage
      [1268] F:\WINDOWS\system32\vvrbis.dll -> Spyware.Look2Me : Erreur durant le nettoyage
      F:\!KillBox\wvwur.dll -> Spyware.Virtumonde : Nettoyer et sauvegarder
      :mozilla.18:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Casinotropez : Nettoyer et sauvegarder
      :mozilla.19:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Casinotropez : Nettoyer et sauvegarder
      :mozilla.20:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Casinotropez : Nettoyer et sauvegarder
      :mozilla.21:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.22:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.23:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.24:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.25:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.26:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.30:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
      :mozilla.37:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Sitestat : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051101-234847-309.dll -> TrojanDownloader.Agent.yf : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051101-234847-944.dll -> Spyware.Virtumonde : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051101-235308-526.dll -> TrojanDownloader.Agent.yf : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051101-235308-833.dll -> Spyware.Virtumonde : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051101-235508-197.dll -> Spyware.Virtumonde : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051101-235508-740.dll -> TrojanDownloader.Agent.yf : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051101-235844-221.dll -> Spyware.Virtumonde : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051101-235844-992.dll -> TrojanDownloader.Agent.yf : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051102-110304-614.dll -> TrojanDownloader.Agent.yf : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051102-110304-875.dll -> Spyware.Virtumonde : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051102-130416-156.dll -> Spyware.Virtumonde : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\backups\backup-20051102-185319-357.dll -> Spyware.Virtumonde : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@2o7[1].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@casinotropez[2].txt -> Spyware.Cookie.Casinotropez : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@paypopup[2].txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@www.casinotropez[2].txt -> Spyware.Cookie.Casinotropez : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Local Settings\Temporary Internet Files\Content.IE5\PQ0STCDN\web[1].exe -> TrojanDownloader.Small.bnj : Nettoyer et sauvegarder
      F:\WINDOWS\system32\cpusapi.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\dllayx.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\en48l1hu1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\enn4l15q1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\enrol1931.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\f80o0id3e80.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\hr4u05h9e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\j0p0la7m1d.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\l46o0ej3eho.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\l4l60e3seh.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\lvp0097me.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\wT2topl.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\wvwur.dll -> Spyware.Virtumonde : Nettoyer et sauvegarder
      F:\WINDOWS\system32\__delete_on_reboot__MAC71CHT.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\__delete_on_reboot__mlctfp.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\__delete_on_reboot__nutrap.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\__delete_on_reboot__vvrbis.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      F:\WINDOWS\system32\__delete_on_reboot__wznstrm.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      ::Fin du rapport

      Sinon pour les pubs, elles apparaissent régulièrement meme qd je n'ouvre pas de pages ie.
      Des pubs pour des smileys, des sites de rencontres des casinos ......, il y en a pour tout les gouts !!!!
      0
  8. Utilisateur anonyme
     
    salut
    telecharge ceci
    http://www.wintotal.de/server/l2mfix.zip
    dezippe le et execute le, suis la procedure

    puis remet un scan chez ewido stp

    a+
    0
    1. chiktika Messages postés 41 Date d'inscription   Statut Membre
       
      Enfin le nouveau rapport ewido, ca prend un temps fou !!!

      ---------------------------------------------------------
      ewido security suite - Rapport de scan
      ---------------------------------------------------------

      + Créé le: 23:39:00, 03/11/2005
      + Somme de contrôle: 6110DF40

      + Résultats du scan:

      [1084] F:\WINDOWS\system32\sulgntfy.dll -> Spyware.Look2Me : Erreur durant le nettoyage
      [1268] F:\WINDOWS\system32\mcwsock.dll -> Spyware.Look2Me : Erreur durant le nettoyage
      :mozilla.9:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
      :mozilla.10:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
      :mozilla.11:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
      :mozilla.13:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.14:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.15:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.16:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.17:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.18:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      :mozilla.22:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Casinotropez : Nettoyer et sauvegarder
      :mozilla.23:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Casinotropez : Nettoyer et sauvegarder
      :mozilla.27:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
      :mozilla.33:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Sitestat : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@adtech[2].txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@com[2].txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@paypopup[1].txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
      F:\Documents and Settings\Ramissou\Cookies\ramissou@weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
      F:\WINDOWS\system32\wincntrl.exe -> Backdoor.Rbot.ahp : Nettoyer et sauvegarder
      F:\WINDOWS\system32\__delete_on_reboot__mcwsock.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
      ::Fin du rapport

      Merci, merci ....
      Bonne nuit.
      0
  9. Utilisateur anonyme
     
    re
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    Recherche et supprime ceci

    F:\WINDOWS\system32\sulgntfy.dll
    F:\WINDOWS\system32\mcwsock.dll
    F:\WINDOWS\system32\wincntrl.exe
    F:\WINDOWS\system32\__delete_on_reboot__mcwsock.dll

    puis supprime tes cookies dans panneau de config, option internet

    a+
    0
    1. chiktika Messages postés 41 Date d'inscription   Statut Membre
       
      Re,
      Alors j'ai fais comme tu as dit seulement :

      F:\WINDOWS\system32\sulgntfy.dll est présent mais insupprimable car "deja ulitiser par une autre programme". Sais tu de quel programme il peut s'agir ??

      Les autres fichiers sont introuvables.

      a++
      0
  10. Utilisateur anonyme
     
    re,
    supprime les en mode sans echec

    a+
    0
    1. chiktika Messages postés 41 Date d'inscription   Statut Membre
       
      Je m'excuse, mais ca ne marche pas plus en mode sans échec, désolée.

      Encore et toujours merci de ton attention.
      0
  11. chiktika Messages postés 41 Date d'inscription   Statut Membre
     
    Salut !!

    Alors la c'est très bizarre !! Ton programme de suppression fonctionne il me confimre la suppression du fichier , mais il ne disparait pas, lorsque je relance la recherche de ce fichier dans l'explorateur, il le retrouve a la meme place !!

    Sinon au démarrage j'ai toujours ewido qui me detecte spyware.look2me et toujours autant de pub qui apparraissent.

    a++
    0
  12. Utilisateur anonyme
     
    re
    remet un hijack this

    un rapport ewido

    et eventuellement ceci
    Telecharge ceci
    http://www.silentrunners.org/Silent%20Runners.vbs
    Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

    A+
    0
  13. chiktika Messages postés 41 Date d'inscription   Statut Membre
     
    Merci !!
    Voici le HJ, rapport ewido ds 1 heure a peu près ;)

    Logfile of HijackThis v1.99.1
    Scan saved at 13:09:36, on 05/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\System32\rundll32.exe
    F:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
    F:\Program Files\Avast4\aswUpdSv.exe
    F:\Program Files\Yahoo!\Messenger\ypager.exe
    F:\Program Files\Avast4\ashServ.exe
    F:\WINDOWS\System32\CTsvcCDA.EXE
    F:\Program Files\ewido\security suite\ewidoctrl.exe
    F:\Program Files\ewido\security suite\ewidoguard.exe
    F:\WINDOWS\System32\nvsvc32.exe
    F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\Tablet.exe
    F:\WINDOWS\system32\cmd.exe
    F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    F:\WINDOWS\system32\ftp.exe
    F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    F:\Program Files\Avast4\ashWebSv.exe
    F:\Program Files\Avast4\ashMaiSv.exe
    F:\Program Files\Outlook Express\msimn.exe
    F:\Program Files\Logitech\MouseWare\System\em_exec.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\WINDOWS\System32\LVComsX.exe
    F:\Documents and Settings\Ramissou\Bureau\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: :127.0.0.1
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [pccguide.exe] "F:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [second] C:\T‚l‚chargement Finis\FreshDownload\l2mfix2\l2mfix\second.bat
    O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - Startup: Microsoft AntiSpyware.lnk = F:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
    O4 - Startup: Raccourci vers mwadvanced_fra.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://F:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?2f81a745897e440c9f2a595a7d8758d
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?2f81a745897e440c9f2a595a7d8758d
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
    O18 - Protocol: bwc0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {41AC1620-00BF-4F8E-8FC1-AE868BD606D3} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - F:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - F:\WINDOWS\System32\Tablet.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    0
  14. chiktika Messages postés 41 Date d'inscription   Statut Membre
     
    rapport ewido ---------------------------------------------------------
    ewido security suite - Rapport de scan
    ---------------------------------------------------------

    + Créé le: 14:51:41, 05/11/2005
    + Somme de contrôle: AA1413C1

    + Résultats du scan:

    [1080] F:\WINDOWS\system32\sulgntfy.dll -> Spyware.Look2Me : Erreur durant le nettoyage
    [1264] F:\WINDOWS\system32\movidctl.dll -> Spyware.Look2Me : Erreur durant le nettoyage
    :mozilla.7:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.10:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.11:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.12:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.13:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.14:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.15:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.17:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
    :mozilla.19:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
    :mozilla.20:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
    :mozilla.39:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder
    :mozilla.42:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Casinotropez : Nettoyer et sauvegarder
    :mozilla.43:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Casinotropez : Nettoyer et sauvegarder
    :mozilla.46:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
    :mozilla.50:F:\Documents and Settings\Ramissou\Application Data\Mozilla\Firefox\Profiles\default.e73\cookies.txt -> Spyware.Cookie.Sitestat : Nettoyer et sauvegarder
    F:\Documents and Settings\Ramissou\Cookies\ramissou@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
    F:\Documents and Settings\Ramissou\Cookies\ramissou@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    F:\Documents and Settings\Ramissou\Cookies\ramissou@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
    F:\Documents and Settings\Ramissou\Cookies\ramissou@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
    F:\Documents and Settings\Ramissou\Cookies\ramissou@paypopup[2].txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    F:\WINDOWS\system32\__delete_on_reboot__movidctl.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    ::Fin du rapport

    Par contre ton programme ne veux pas s'executer je recois un message d'erreur windows script host ...

    @+
    0
  15. chiktika Messages postés 41 Date d'inscription   Statut Membre
     
    Re !
    Je comprends de moins en moins.
    FxSpL2Me.exe a analysé tous les disques et résultat du scan = il ne trouve pas spyware.look2me.
    Alors que au rédemarrage suivant, Ewido le détecte.

    Merci, salut.
    0
  16. Utilisateur anonyme
     
    Telecharge ceci
    http://www.silentrunners.org/Silent%20Runners.vbs
    Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

    A+
    0
    1. chiktika Messages postés 41 Date d'inscription   Statut Membre
       
      De retour on the web, ne t'inquiètes pas je ne laisse pas tomber.

      SilentRunners ne marche pas, je te recopie le message d'erreur que ca m'affiche qd je le lance.

      WINDOWS SCRIPT HOST
      Script : c:\telechargements...............\SilentRunners.vbs
      Ligne : 637
      Caract : 2
      Erreur : 0X80041003
      Code : 80041003
      Source : (null)

      et voila le fichier texte qu'il me cree :
      "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
      Operating System: Windows XP
      Output limited to non-default values, except where indicated by "{++}"

      je ne sais pas si ca va t'aider...
      merci a+
      0
  17. Utilisateur anonyme
     
    re,
    atend qq minutes avant d aller dans le fichier texte

    a+
    0
  18. chiktika Messages postés 41 Date d'inscription   Statut Membre
     
    Je m'excuse mais il n'y a rien de plus ds le fichier texte, meme après attente.
    0
  19. Utilisateur anonyme
     
    re,
    redonne un rapport recent de ewido, on va les supprimer directement par un logiciel

    a+
    0
  • 1
  • 2