besoin d'aide pour hjthis apres évalution

Question

BonjourTout d'abord desolé de devoir poster un sujet pour un probleme recurrant comme celui la.J'ai été contaminé pas des spy. J'ai suivi a la lettre le super topic expliquant comment s'en debarrasser. J'ai utilisé ad-aware, spy bot et a squared en mode sans echec. Cette manipulation m'a permis d'effacer environ 60 fichiers infestés.Le probleme persistant j'ai utilisé le logiciel hjthis en suivant les conseils du tutoriel. J'ai pu "fixer" quelqu'uns. Notament avec l'aide de : http://www.hijackthis.deDes pubs continuent malgré tout à apparaître ...Je me permet de vous poster mon ficher log obtenu par hjthis comme vous le verrez il n'est plus tres important et n'étant pas très sur je préfère demander de l'aide avant de "fixer" sans être sur.D'avance un gros MERCI !Logfile of HijackThis v1.99.1Scan saved at 17:51:15, on 08/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32undll32.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\LTSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Apoint2K\Apntex.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\WINDOWS\system32\DRIVERS\dcfssvc.exeC:\WINDOWS\System32\hphmon03.exeC:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\windows\sp2update00.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\WINDOWS\System32
vsvc32.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\Program Files\a-squared\a2guard.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\System32\HPHipm09.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\lachkar\Mes documents\Spy\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exeO4 - HKLM\..\Run: [POINTER] point32.exeO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXEO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quietO4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bff3af7d050da5/housecall.antivirus.com/housecall/xscan53.cabO16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\hr2u05f9e.dllO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bGFjaGthcg\command.exe (file missing)O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exeO23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeSur http://www.hijackthis.de/index.php#anl : O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL et O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\hr2u05f9e.dllsont inconnusO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bGFjaGthcg\command.exe (file missing)est Inutile mais reviens toujours apres l'avoir Fixer

regis59 · Answer

salutevite ce robot sur ce site, il va te faire cocher des conneries...Télécharge l2mfix ici: http://www.downloads.subratam.org/l2mfix.exe Double clic sur l2mfix.exe pour lancer l'extraction. Dans le dossier l2mfix, double clic sur l2mfix.bat et choisis l'option #1 (et pas autre chose) et valide avec la touche entrée. Le bloc note va s'ouvrir avec le résultat du scan. Fais un copier coller du résultat sur le forum.ensuiterelance l2mfix et choisis l'option 2 accepte le redémarrage du pc une fois fais poste le rapport de l'option 2Une fois fais, remet un hijack thisa+

Tibo · Answer

Merci Regis59 je m'y met tout de suite et j'envoie ca ...

regis59 · Answer

Pas de quoia+

Tibo · Answer

Voici le resultat du scan avec l'option 1, je lance immediatement la seconde L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr] "Asynchronous"=dword:00000000 "DllName"="C:\WINDOWS\system32\hr2u05f9e.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{9016042F-65C4-C578-5029-AFEA66FBFC56}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{D3581EB7-5E16-4182-9F58-86FA713B42F9}"="AOL" "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v7" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{B1E741E7-1E77-40D4-9FD8-51949B9CCBD0}"="Pa&nicware Pop-Up Stopper Pro" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{03660697-3536-4FBE-B656-E2C1FA84BAF4}"="" "{79510D30-8F35-4A67-B081-8AEA3FCFC3A1}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{03660697-3536-4FBE-B656-E2C1FA84BAF4}] @="" [HKEY_CLASSES_ROOT\CLSID\{03660697-3536-4FBE-B656-E2C1FA84BAF4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{03660697-3536-4FBE-B656-E2C1FA84BAF4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{03660697-3536-4FBE-B656-E2C1FA84BAF4}\InprocServer32] @="C:\WINDOWS\system32\awwav.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{79510D30-8F35-4A67-B081-8AEA3FCFC3A1}] @="" [HKEY_CLASSES_ROOT\CLSID\{79510D30-8F35-4A67-B081-8AEA3FCFC3A1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{79510D30-8F35-4A67-B081-8AEA3FCFC3A1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{79510D30-8F35-4A67-B081-8AEA3FCFC3A1}\InprocServer32] @="C:\WINDOWS\system32\ujtheme.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Tue 8 Nov 2005 2:13:26 A.... 687 592 671,48 K autamocx.dll Tue 8 Nov 2005 2:12:44 A.... 45 056 44,00 K awwav.dll Tue 8 Nov 2005 14:54:28 ..S.R 236 129 230,59 K browseui.dll Sat 3 Sep 2005 1:06:12 A.... 1 020 416 996,50 K cdfview.dll Sat 3 Sep 2005 1:06:12 A.... 152 064 148,50 K cdosys.dll Sat 10 Sep 2005 2:55:14 A.... 2 067 968 1,97 M danim.dll Sat 3 Sep 2005 1:06:12 A.... 1 056 256 1,00 M divx.dll Wed 28 Sep 2005 22:29:14 A.... 693 248 677,00 K divx_x~1.dll Wed 28 Sep 2005 22:29:12 A.... 688 128 672,00 K divx_x~2.dll Wed 28 Sep 2005 22:29:12 A.... 688 128 672,00 K divx_x~3.dll Wed 28 Sep 2005 22:29:12 A.... 671 744 656,00 K dxtrans.dll Sat 3 Sep 2005 1:06:12 A.... 205 312 200,50 K extmgr.dll Sat 3 Sep 2005 1:06:12 ..... 55 808 54,50 K hr2u05~1.dll Tue 8 Nov 2005 13:32:58 ..S.R 236 129 230,59 K iepeers.dll Sat 3 Sep 2005 1:06:12 A.... 251 392 245,50 K inseng.dll Sat 3 Sep 2005 1:06:12 A.... 96 768 94,50 K legitc~1.dll Mon 29 Aug 2005 13:27:12 A.... 520 968 508,76 K linkinfo.dll Thu 1 Sep 2005 2:43:38 A.... 19 968 19,50 K lvn809~1.dll Tue 8 Nov 2005 14:53:14 ..S.R 234 881 229,38 K mshtml.dll Tue 4 Oct 2005 16:26:06 A.... 3 013 120 2,87 M mshtmled.dll Sat 3 Sep 2005 1:06:12 A.... 448 512 438,00 K msrating.dll Sat 3 Sep 2005 1:06:12 A.... 146 432 143,00 K mstime.dll Sat 3 Sep 2005 1:06:12 A.... 530 432 518,00 K netman.dll Mon 22 Aug 2005 19:35:10 A.... 197 632 193,00 K pncrt.dll Tue 16 Aug 2005 12:10:26 A.... 278 528 272,00 K pndx5016.dll Tue 16 Aug 2005 12:10:30 A.... 6 656 6,50 K pndx5032.dll Tue 16 Aug 2005 12:10:30 A.... 5 632 5,50 K pngfilt.dll Sat 3 Sep 2005 1:06:12 A.... 39 424 38,50 K quartz.dll Tue 30 Aug 2005 4:55:44 A.... 1 293 312 1,23 M rmoc3260.dll Tue 16 Aug 2005 12:10:54 A.... 176 167 172,04 K shdocvw.dll Sat 3 Sep 2005 1:06:12 A.... 1 484 288 1,41 M shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M shlwapi.dll Sat 3 Sep 2005 1:06:12 A.... 474 112 463,00 K sirenacm.dll Mon 19 Sep 2005 6:00:34 A.... 119 856 117,05 K ujtheme.dll Tue 8 Nov 2005 13:32:42 ..S.R 235 536 230,02 K umpnpmgr.dll Tue 23 Aug 2005 4:39:36 A.... 124 928 122,00 K urlmon.dll Sat 3 Sep 2005 1:06:12 A.... 605 696 591,50 K wininet.dll Sat 3 Sep 2005 1:06:12 A.... 662 528 647,00 K winsrv.dll Thu 1 Sep 2005 2:43:38 A.... 292 352 285,50 K 39 items found: 39 files (4 H/S), 0 directories. Total of file sizes: 28 269 978 bytes 26,96 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle BOOT Le num‚ro de s‚rie du volume est 6461-EE39 R‚pertoire de C:\WINDOWS\System32 08/11/2005 14:54 236ÿ129 awwav.dll 08/11/2005 14:53 234ÿ881 lvn8095ue.dll 08/11/2005 13:32 236ÿ129 hr2u05f9e.dll 08/11/2005 13:32 235ÿ536 ujtheme.dll 17/10/2005 12:35 dllcache 01/07/2003 00:44 Microsoft 4 fichier(s) 942ÿ675 octets 2 R‚p(s) 7ÿ702ÿ024ÿ192 octets libres

Tibo · Answer

Voici le resultat du second scan, j'ai perdu quelque objet de mon bureau mais rien de grave. Et mon bureau etait planté une fois le resultat affiché.L2Mfix 1.04a Running From:C:\DOCUME~1\lachkar\MESDOC~1\Spy\l2mfix\l2mfix  RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Denying C(CI) access for predefined group "Administrators" - adding new ACCESS DENY entry Registry Permissions set too:RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(CI)    DENY   --C-------   	BUILTIN\Administrateurs(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE Setting up for Reboot  Starting Reboot! Setting DirectoryC:\Documents and Settings\lachkar\Mes documents\Spy\l2mfix\l2mfix System Rebooted!  Running From:C:\Documents and Settings\lachkar\Mes documents\Spy\l2mfix\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.orgKilling PID 136 'explorer.exe'Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.orgKilling PID 668 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed  Second Pass Scanning  Second pass Completed!Backing Up: C:\WINDOWS\system32\lvn8095ue.dll        1 fichier(s) copi‚(s).Backing Up: C:\WINDOWS\system32\mlctf.dll        1 fichier(s) copi‚(s).Backing Up: C:\WINDOWS\system32\ujtheme.dll        1 fichier(s) copi‚(s).deleting: C:\WINDOWS\system32\lvn8095ue.dll  Successfully Deleted: C:\WINDOWS\system32\lvn8095ue.dlldeleting: C:\WINDOWS\system32\mlctf.dll  Successfully Deleted: C:\WINDOWS\system32\mlctf.dlldeleting: C:\WINDOWS\system32\ujtheme.dll  Successfully Deleted: C:\WINDOWS\system32\ujtheme.dll Desktop.ini sucessfully removed  Zipping up files for submission:  adding: lvn8095ue.dll (164 bytes security) (deflated 5%)  adding: mlctf.dll (164 bytes security) (deflated 5%)  adding: ujtheme.dll (164 bytes security) (deflated 5%)  adding: clear.reg (164 bytes security) (deflated 36%)  adding: echo.reg (164 bytes security) (deflated 17%)  adding: desktop.ini (164 bytes security) (stored 0%)  adding: direct.txt (164 bytes security) (deflated 15%)  adding: lo2.txt (164 bytes security) (deflated 73%)  adding: readme.txt (164 bytes security) (deflated 52%)  adding: report.txt (164 bytes security) (deflated 64%)  adding: test.txt (164 bytes security) (deflated 50%)  adding: test2.txt (164 bytes security) (deflated 17%)  adding: test3.txt (164 bytes security) (deflated 17%)  adding: test5.txt (164 bytes security) (deflated 17%)  adding: xfind.txt (164 bytes security) (deflated 45%)  adding: backregs/03660697-3536-4FBE-B656-E2C1FA84BAF4.reg (164 bytes security) (deflated 70%)  adding: backregs/79510D30-8F35-4A67-B081-8AEA3FCFC3A1.reg (164 bytes security) (deflated 70%)  adding: backregs/notibac.reg (164 bytes security) (deflated 87%)  adding: backregs/shell.reg (164 bytes security) (deflated 73%) Restoring Registry Permissions:  RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Revoking access for predefined group "Administrators"Inherited ACE can not be revoked here!Inherited ACE can not be revoked here! Registry permissions set too:RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and aboveCopyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)This program is Freeware, use it on your own risk!Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRERestoring Sedebugprivilege:  Granting SeDebugPrivilege to Administrators   ... failed (GetAccountSid(Administrators)=1332  Restoring Windows Update Certificates.: deleting local copy: lvn8095ue.dll   deleting local copy: mlctf.dll   deleting local copy: ujtheme.dll    The following Is the Current Export of the Winlogon notify key:****************************************************************************Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\  6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\  6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\  6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]"DLLName"="wzcdlg.dll""Logon"="WZCEventLogon""Logoff"="WZCEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000000 The following are the files found: ****************************************************************************C:\WINDOWS\system32\lvn8095ue.dll C:\WINDOWS\system32\mlctf.dll C:\WINDOWS\system32\ujtheme.dll  Registry Entries that were Deleted: Please verify that the listing looks ok.  If there was something deleted wrongly there are backups in the backreg folder. ****************************************************************************REGEDIT4[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{03660697-3536-4FBE-B656-E2C1FA84BAF4}"=-"{79510D30-8F35-4A67-B081-8AEA3FCFC3A1}"=-[-HKEY_CLASSES_ROOT\CLSID\{03660697-3536-4FBE-B656-E2C1FA84BAF4}][-HKEY_CLASSES_ROOT\CLSID\{79510D30-8F35-4A67-B081-8AEA3FCFC3A1}]REGEDIT4[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"SV1"=""****************************************************************************Desktop.ini Contents: ****************************************************************************[.ShellClassInfo]CLSID={645FF040-5081-101B-9F08-00AA002F954E}****************************************************************************

Tibo · Answer

Et voici le log de hjthis :Logfile of HijackThis v1.99.1Scan saved at 19:38:44, on 08/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\LTSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\WINDOWS\System32\hphmon03.exeC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\windows\sp2update00.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\a-squared\a2guard.exeC:\Program Files\Apoint2K\Apntex.exeC:\WINDOWS\system32\DRIVERS\dcfssvc.exeC:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32
vsvc32.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\HPHipm09.exeC:\Program Files\PowerArchiver\POWERARC.EXEC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\lachkar\Mes documents\Spy\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exeO4 - HKLM\..\Run: [POINTER] point32.exeO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXEO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quietO4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bff3af7d050da5/housecall.antivirus.com/housecall/xscan53.cabO16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bGFjaGthcg\command.exe (file missing)O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exeO23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeEncore merci et promis je regarderai à 5 ou 6 fois avant de télécharger des trucs ...

moe31 · Answer

salut tiboEn attendant régis, est ce que tu peux faire analyser ces deux fichiers ici:http://www.virustotal.com/xhtml/virustotal_en.htmlclic sur parcourir, selectionne ou copie et colle le chemin entier du fichier et valide.Ensuite clic sur sendFais pareil pour le second et poste les deux rapportsC:\windows\sp2update00.exe C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLa+

Tibo · Answer

Salut moe31 et merci de te pencher sur mon probleme,J'ai fait analyser mes 2 fichiers et dans les 2 cas aucun virus n'a été trouvé. C'est déjà une bonne nouvelle. En suite les pubs intenpestives n'apparaissent plus depuis l2mfix. Ce logiciel efface il les virus ou ne fait il que scanner ? Je vais laisser mon ordi connecté le temps d'aller manger et je vous tien au courant.regis et moe si vous habitez sur Paris c'est avec plaisir que je vous offre un verre ...

Tibo · Answer

aïe je me suis peut etre enflammé un peu vite voici le rapport de virustotal sur le fichier sp2update.exe :Antivirus Version Update Result AntiVir 6.32.0.6 11.08.2005 TR/Dldr.VB.NH.1 Avast 4.6.695.0 11.07.2005 no virus found AVG 718 11.03.2005 Downloader.Generic.DUP Avira 6.32.0.6 11.08.2005 TR/Dldr.VB.NH.1 BitDefender 7.2 11.08.2005 Trojan.Downloader.Vb.NH CAT-QuickHeal 8.00 11.07.2005 TrojanDownloader.VB.nh ClamAV devel-20050917 11.07.2005 no virus found DrWeb 4.33 11.08.2005 Trojan.DownLoader.4598 eTrust-Iris 7.1.194.0 11.08.2005 no virus found eTrust-Vet 11.9.1.0 11.08.2005 no virus found Fortinet 2.48.0.0 11.08.2005 W32/VB.NH-tr F-Prot 3.16c 11.07.2005 destructive program named W32/Startpage.ARB Ikarus 0.2.59.0 11.08.2005 Backdoor.Win32.Hupigon.BV Kaspersky 4.0.2.24 11.08.2005 Trojan-Downloader.Win32.VB.nh McAfee 4623 11.08.2005 Downloader-QE NOD32v2 1.1279 11.08.2005 probably unknown NewHeur_PE virus Norman 5.70.10 11.08.2005 W32/DLoader.KNQ Panda 8.02.00 11.08.2005 Trj/Downloader.FOD Sophos 3.99.0 11.08.2005 no virus found Symantec 8.0 11.07.2005 no virus found TheHacker 5.9.1.030 11.07.2005 no virus found VBA32 3.10.4 11.08.2005 Trojan-Downloader.Win32.VB.nh

Tibo · Answer

Par contre je n'arrive pas trouver le fichier C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLsur mon ordi meme en fesant une recherche ...

regis59 · Answer

salutoui je ne t avais pas dis que c etait finis !!le prog permet de virer une 020, responsable de tes pubs !Pour ce que tu trouves pas , c est un programme, c est toi qui a installer qqchose de google?

Tibo · Answer

Merci d'avoir resolu mon probleme, ca soulage de plus voir ces pubs s'afficher. Pour google j'avais installé le toolbar et un autre logiciel google desktop.Dois je supprimer le fichier sp2update00.exe ?Encore merci de votre aide !!!! Pour le verre ca tient toujours ;-)

regis59 · Answer

Bonjour, Méthode à suivre dans l'ordre... ---------------------------------------------------------------------------- ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite: 1/ Spybot S&D 1.4 <exécuter->tape: services.msc Double-clique: Service: Command Service Règle-le sur "Arrêté" et "Désactivé". ---------------------------------------------------------------------------- ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines… ---------------------------------------------------------------------------- ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines… ---------------------------------------------------------------------------- ¤ Vide ta Corbeille. ---------------------------------------------------------------------------- ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum. Précise tes soucis s’il en reste.... Tiens-moi au courant A+

Tibo · Answer

Une fois ces denrieres manipes effectuées voici le log de hjthis obtenu :Logfile of HijackThis v1.99.1Scan saved at 02:57:32, on 09/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\DRIVERS\dcfssvc.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\LTSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Apoint2K\Apntex.exeC:\WINDOWS\System32\hphmon03.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\WINDOWS\System32
vsvc32.exeC:\Program Files\a-squared\a2guard.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\HPHipm09.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\lachkar\Mes documents\Spy\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exeO4 - HKLM\..\Run: [POINTER] point32.exeO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXEO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quietO4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bff3af7d050da5/housecall.antivirus.com/housecall/xscan53.cabO16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exeO23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeJ'ai utilsé le net durant quelques heures, plus aucunes pubs ne s'affichent. Mon probleme semble réglé. En mode sans echec j'ai pu effacer le fichier sp2update00.exe et j'ai pu bloquer command.exe. Spybot a trouvé un dernier spy que j'ai fixer. J'espere que mon log te semblera propre ...

regis59 · Answer

salut il me parait propreas tu des soucis a declarés?a+

Tibo · Answer

Salut RegisDepuis le précédent message, j'ai effectué un scan de mon disck avec AntiVir. Il a trouvé 4 trojans que j'ai effacé. En allumant mon ordi une pub s'est affichée. Et depuis rien d'autres d'anormal n'est intervenu. Je joins le dernier log de hjthis. Logfile of HijackThis v1.99.1Scan saved at 13:38:32, on 09/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\LTSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\WINDOWS\System32\hphmon03.exeC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\Program Files\a-squared\a2guard.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32\DRIVERS\dcfssvc.exeC:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\HPHipm09.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\lachkar\Mes documents\Spy\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exeO4 - HKLM\..\Run: [POINTER] point32.exeO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /minO4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quietO4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bff3af7d050da5/housecall.antivirus.com/housecall/xscan53.cabO16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cabO23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exeO23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\WINDOWS\System32\spool\drivers\w32x86\hpzstatn.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

regis59 · Answer

salutPeux tu faire ceci stpLance ce scan en ligne: http://www.bitdefender.fr/scan8/ie.html  Copie/colle le rapportA++

Tibo · Answer

Voici le rapport de bitdefender :BitDefender Online Scanner     Rapport d'analyse généré à: Wed, Nov 09, 2005 - 15:10:31       Voie d'analyse: C:\;D:\;E:\;F:\;           Statistiques Temps 00:52:56 Fichiers 225926 Directoires 3077 Secteurs de boot 6 Archives 7036 Paquets programmes 15023      Résultats Virus identifiés 2 Fichiers infectés 3 Fichiers suspects 1 Avertissements 0 Désinfectés 0 Fichiers effacés 4      Info sur les moteurs Définition virus 232944 Version des moteurs AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29) Analyse des plugins 13 Archive des plugins 39 Unpack des plugins 4 E-mail plugins 6 Système plugins 1      Paramètres d'analyse Première action Désinfecté Seconde Action Supprimé Heuristique Oui Acceptez les avertissements Oui Extensions analysées *; Excludez les extensions   Analyse d'emails Oui Analyse des Archives Oui Analyser paquets programmes Oui Analyse des fichiers Oui Analyse de boot Oui        Fichier analysé  Statut C:\113_dollarrevenue_4_0_3_9.exe=>wise0008 Infecté par: Trojan.Downloader.TSUpdate.J C:\113_dollarrevenue_4_0_3_9.exe=>wise0008 Supprimé C:\113_dollarrevenue_4_0_3_9.exe Echec de la mise à jour C:\Documents and Settings\lachkar\Mes documents\Ma musique\MP3\kmd171_fr.exe=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)=>cd_htm.dll Détecté avec: Adware.CyDoor C:\Documents and Settings\lachkar\Mes documents\Ma musique\MP3\kmd171_fr.exe=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)=>cd_htm.dll Echec de la désinfection C:\Documents and Settings\lachkar\Mes documents\Ma musique\MP3\kmd171_fr.exe=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)=>cd_htm.dll Supprimé C:\Documents and Settings\lachkar\Mes documents\Ma musique\MP3\kmd171_fr.exe=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s) Mis à jour C:\Documents and Settings\lachkar\Mes documents\Ma musique\MP3\kmd171_fr.exe=>(Instyler o)=>(Instyler Module 2) Echec de la mise à jour C:\Documents and Settings\lachkar\Mes documents\Ma musique\MP3\kmd202_fr.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll Détecté avec: Adware.CyDoor C:\Documents and Settings\lachkar\Mes documents\Ma musique\MP3\kmd202_fr.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll Echec de la désinfection C:\Documents and Settings\lachkar\Mes documents\Ma musique\MP3\kmd202_fr.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll Supprimé C:\Documents and Settings\lachkar\Mes documents\Ma musique\MP3\kmd202_fr.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s) Mis à jour C:\Documents and Settings\lachkar\Mes documents\Ma musique\MP3\kmd202_fr.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1) Echec de la mise à jour C:\WINDOWS\drsmartload95a.exe Suspecté de: Trojan.Downloader.Win32.Adload.J C:\WINDOWS\drsmartload95a.exe Echec de la désinfection C:\WINDOWS\drsmartload95a.exe Supprimé

regis59 · Answer

re,ou en sont tes soucisa+

Tibo · Answer

Je n'ai plus de soucis apparant. Mais bitdefender indiquait apres le scan "votre ordinateur est toujours infecté".

regis59 · Answer

re,fais un scan avec ton bitdefender alorsa+

Tibo · Answer

Voila le scan de bitdefender vient de se terminer :

Il a trouvé un fichier contenant un trojan dans C:Windows\113_dollarrevenue_4_0_3_9.exe. Je l'ai fait examiner par virustotal voila le rapport :

Antivirus Version Update Result
AntiVir 6.32.0.6 11.09.2005 no virus found
Avast 4.6.695.0 11.09.2005 no virus found
AVG 718 11.03.2005 no virus found
Avira 6.32.0.6 11.09.2005 no virus found
BitDefender 7.2 11.09.2005 Trojan.Downloader.TSUpdate.J
CAT-QuickHeal 8.00 11.08.2005 TrojanDownloader.TSUpdate.j
ClamAV devel-20050917 11.07.2005 no virus found
DrWeb 4.33 11.09.2005 no virus found
eTrust-Iris 7.1.194.0 11.08.2005 no virus found
eTrust-Vet 11.9.1.0 11.09.2005 no virus found
Fortinet 2.48.0.0 11.08.2005 W32/TSUpdate.J-dldr
F-Prot 3.16c 11.08.2005 no virus found
Ikarus 0.2.59.0 11.09.2005 no virus found
Kaspersky 4.0.2.24 11.09.2005 Trojan-Downloader.Win32.TSUpdate.j
McAfee 4623 11.08.2005 no virus found
NOD32v2 1.1280 11.08.2005 Win32/TrojanDownloader.TSUpdate.J
Norman 5.70.10 11.09.2005 no virus found
Panda 8.02.00 11.08.2005 Adware/Sqwire
Sophos 3.99.0 11.09.2005 no virus found
Symantec 8.0 11.09.2005 no virus found
TheHacker 5.9.1.031 11.09.2005 no virus found
VBA32 3.10.4 11.09.2005 Trojan-Downloader.Win32.TSUpdate.j

J'ai acces a ce fichier meme en mode normal et son apparition date du soir ou les ennuis ont commencés. Je le supprime tout betement ?

regis59 · Answer

Oui,clik droit sur celaC:Windows\113_dollarrevenue_4_0_3_9.exeet supprime ! puis vide la corbeillesi cela ne marche pas, fais le en mode sans echec !A+

Tibo · Answer

C'est fait !J'espere ne plus t'embeter avec ce probleme. Encore merci pour ton aide précise et efficace, me voila equipé contre le spy aujourd'hui.Merci Regis59 et merci ccm !!!:-D

regis59 · Answer

de riencree un point de restaurationa++

Besoin d'aide pour hjthis apres évalution - Page 2

Discussions similaires

Newsletters