[winfixer] voici mon log hijackthis... merci

loco -  
 loco -
Bonjour,

je sais que je dois être le 853214 ème a envoyer mon log Hijackthis sur le forum, mais si une âme charitable pouvait m'aider... Merci d'avance...

Logfile of HijackThis v1.99.1
Scan saved at 14:05:34, on 15/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\rundll32.exe
F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
F:\Program Files\WINSOS\WINSOS.EXE
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\Program Files\SmartDisk\FlashPath\sdstat.exe
F:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\WINDOWS\System32\drivers\CDAC11BA.EXE
F:\WINDOWS\System32\cisvc.exe
F:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
F:\WINDOWS\System32\inetsrv\inetinfo.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
F:\WINDOWS\System32\tcpsvcs.exe
F:\WINDOWS\System32\snmp.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\mqsvc.exe
F:\WINDOWS\System32\mqtgsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\Program Files\Adobe\Photoshop CS\Photoshop.exe
F:\WINDOWS\System32\cidaemon.exe
F:\WINDOWS\System32\cidaemon.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Loco\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [WINSOS VERIFY] "F:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = F:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: FlashPath Monitor.lnk = F:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = F:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - F:\Program Files\mrbookmakerfrMPP\MPPoker.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120114164859
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8E91F03-86D8-4E00-9477-D4D357A19765}: NameServer = 192.168.0.1
O20 - Winlogon Notify: RunOnce - F:\WINDOWS\system32\omcache.dll
O20 - Winlogon Notify: ThemeManager - F:\WINDOWS\system32\m6ls0g37e6.dll (file missing)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - F:\WINDOWS\System32\ikgbbdnk.dll (file missing)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - F:\WINDOWS\System32\qdeamiie.dll (file missing)
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - F:\WINDOWS\System32\cefcjemp.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - F:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - F:\WINDOWS\TG9jbw\command.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

23 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    salut

    Télécharge l2mfix ici:

    http://www.downloads.subratam.org/l2mfix.exe

    Double clic sur l2mfix.exe pour lancer l'extraction
    Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche entrée.
    Le bloc note va s'ouvrir avec le résultat du scan.
    Fais un copier coller du résultat ici.
    *****
    Maintenant relances l2mfix.bat
    et choisis l'option 2
    Il va te demander d'appuyer sur une touche pour redémarrer
    appuie sur n'importe quelle touche et laisse le pc redémarrer
    le bloc note va s'ouvrir, copie et colle le contenu ici

    +un hijack this

    a+
    0
  2. loco
     
    Merci pour votre aide.

    Voici le reslutat du scan avec l2mfix :

    L2MFIX find log 1.04a
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce]
    "Asynchronous"=dword:00000000
    "DllName"="F:\\WINDOWS\\system32\\omcache.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager]
    "Asynchronous"=dword:00000000
    "DllName"="F:\\WINDOWS\\system32\\m6ls0g37e6.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access AUTORITE NT\SYSTEM
    (IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-NI) ALLOW Full access BUILTIN\Administrateurs
    (ID-IO) ALLOW Full access BUILTIN\Administrateurs
    (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{4A223B94-8AF0-3F50-7FA7-D4D1F0BC81E8}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
    "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
    "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{604C5810-D0CC-11D2-955F-00C04F79ED8A}"="CIEL SA In-File System"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{BD54D083-FCF4-411A-90B7-60B190E6124F}"=""
    "{12A42C61-C2B9-4AA6-8508-737DB17ECEB4}"=""
    "{1F3DCC1E-1594-4A62-A05E-67AB1125FFA5}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{BD54D083-FCF4-411A-90B7-60B190E6124F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BD54D083-FCF4-411A-90B7-60B190E6124F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BD54D083-FCF4-411A-90B7-60B190E6124F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BD54D083-FCF4-411A-90B7-60B190E6124F}\InprocServer32]
    @="F:\\WINDOWS\\system32\\puspl.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{12A42C61-C2B9-4AA6-8508-737DB17ECEB4}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{12A42C61-C2B9-4AA6-8508-737DB17ECEB4}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{12A42C61-C2B9-4AA6-8508-737DB17ECEB4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{12A42C61-C2B9-4AA6-8508-737DB17ECEB4}\InprocServer32]
    @="F:\\WINDOWS\\system32\\pecDcd.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1F3DCC1E-1594-4A62-A05E-67AB1125FFA5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1F3DCC1E-1594-4A62-A05E-67AB1125FFA5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1F3DCC1E-1594-4A62-A05E-67AB1125FFA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1F3DCC1E-1594-4A62-A05E-67AB1125FFA5}\InprocServer32]
    @="F:\\WINDOWS\\system32\\omcache.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:
    Locate .tmp files:
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur F s'appelle System
    Le num‚ro de s‚rie du volume est E005-00F6

    R‚pertoire de F:\WINDOWS\System32

    15/11/2005 13:17 234ÿ085 icssuba.dll
    15/11/2005 13:13 234ÿ085 omcache.dll
    15/11/2005 13:11 234ÿ357 l2p20c7oef.dll
    15/11/2005 12:30 237ÿ091 drcdll.dll
    15/11/2005 12:19 237ÿ091 nhwrshe.dll
    14/11/2005 20:58 237ÿ091 puspl.dll
    14/11/2005 20:00 235ÿ650 dWd8thk.dll
    14/11/2005 19:57 234ÿ125 pecDcd.dll
    14/11/2005 13:58 234ÿ272 ilmp.dll
    08/11/2005 17:03 <REP> dllcache
    26/01/2005 14:03 <REP> Microsoft
    9 fichier(s) 2ÿ117ÿ847 octets
    2 R‚p(s) 24ÿ344ÿ055ÿ808 octets libres
    0
  3. loco
     
    voici le rapport avec l'option 2

    L2Mfix 1.04a

    Running From:
    F:\Documents and Settings\Loco\Bureau\l2mfix

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access AUTORITE NT\SYSTEM
    (IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-CI) DENY --C------- BUILTIN\Administrateurs
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-NI) ALLOW Full access BUILTIN\Administrateurs
    (ID-IO) ALLOW Full access BUILTIN\Administrateurs
    (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

    Setting registry permissions:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Denying C(IO) access for predefined group "Administrators"
    - adding new ACCESS DENY entry
    - removing existing ACCESS DENY entry
    - changing existing entry

    Registry Permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access AUTORITE NT\SYSTEM
    (IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-CI) DENY --C------- BUILTIN\Administrateurs
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-NI) ALLOW Full access BUILTIN\Administrateurs
    (ID-IO) ALLOW Full access BUILTIN\Administrateurs
    (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

    Setting up for Reboot

    Starting Reboot!
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. loco
     
    et voici le rapport hijackthis ;-)

    Logfile of HijackThis v1.99.1
    Scan saved at 15:39:36, on 15/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\System32\rundll32.exe
    F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    F:\Program Files\WINSOS\WINSOS.EXE
    F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    F:\Program Files\SmartDisk\FlashPath\sdstat.exe
    F:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    F:\WINDOWS\System32\drivers\CDAC11BA.EXE
    F:\WINDOWS\System32\cisvc.exe
    F:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    F:\WINDOWS\System32\inetsrv\inetinfo.exe
    F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\WINDOWS\System32\nvsvc32.exe
    F:\WINDOWS\System32\tcpsvcs.exe
    F:\WINDOWS\System32\snmp.exe
    F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\mqsvc.exe
    F:\WINDOWS\System32\mqtgsvc.exe
    F:\Program Files\Norton AntiVirus\SAVScan.exe
    F:\WINDOWS\System32\cidaemon.exe
    F:\WINDOWS\System32\cidaemon.exe
    F:\WINDOWS\system32\NOTEPAD.EXE
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\Documents and Settings\Loco\Mes documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [WINSOS VERIFY] "F:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = F:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: FlashPath Monitor.lnk = F:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: InterVideo Scheduler server.lnk = F:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - F:\Program Files\mrbookmakerfrMPP\MPPoker.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120114164859
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A8E91F03-86D8-4E00-9477-D4D357A19765}: NameServer = 192.168.0.1
    O20 - Winlogon Notify: ThemeManager - F:\WINDOWS\system32\m6ls0g37e6.dll (file missing)
    O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - F:\WINDOWS\System32\ikgbbdnk.dll (file missing)
    O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - F:\WINDOWS\System32\qdeamiie.dll (file missing)
    O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - F:\WINDOWS\System32\cefcjemp.dll (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - F:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - F:\WINDOWS\TG9jbw\command.exe (file missing)
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  6. Utilisateur anonyme
     
    Bonjour,

    Méthode à suivre dans l'ordre...
    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4 <<nouvelle version.
    http://www.safer-networking.org/fr/index.html

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06 <<nouvelle version.
    http://www.lavasoftusa.com/software/adaware/
    -Une aide:
    http://www.tutopat.com/viewtopic.php?t=1191
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    Si inconnu pour toi, fixe la aussi
    O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - F:\Program Files\mrbookmakerfrMPP\MPPoker.exe

    O20 - Winlogon Notify: ThemeManager - F:\WINDOWS\system32\m6ls0g37e6.dll (file missing)

    O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - F:\WINDOWS\System32\ikgbbdnk.dll (file missing)

    O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - F:\WINDOWS\System32\qdeamiie.dll (file missing)

    O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - F:\WINDOWS\System32\cefcjemp.dll (file missing)

    O23 - Service: Command Service (cmdService) - Unknown owner - F:\WINDOWS\TG9jbw\command.exe (file missing)

    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et temporary internet file:

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Windows\Temp

    :: Le contenu du dossier prefetch ::

    * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

    * Ne pas oublier de vider la corbeille !
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    F:\Program Files\mrbookmakerfrMPP <---si inconnu pour toi
    F:\WINDOWS\TG9jbw\

    ----------------------------------------------------------------------------
    ¤Arrête ces services :

    Clique sur Démarrer->exécuter->tape: services.msc

    Double-clique: Service: Command Service

    Règle-le sur "Arrêté" et "Désactivé".

    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+
    0
  7. loco
     
    Donc voici mon rapport hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 16:39:28, on 15/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\System32\rundll32.exe
    F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    F:\Program Files\WINSOS\WINSOS.EXE
    F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    F:\WINDOWS\System32\drivers\CDAC11BA.EXE
    F:\WINDOWS\System32\cisvc.exe
    F:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    F:\WINDOWS\System32\inetsrv\inetinfo.exe
    F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\Program Files\SmartDisk\FlashPath\sdstat.exe
    F:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    F:\WINDOWS\System32\nvsvc32.exe
    F:\WINDOWS\System32\tcpsvcs.exe
    F:\WINDOWS\System32\snmp.exe
    F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\mqsvc.exe
    F:\WINDOWS\System32\mqtgsvc.exe
    F:\Program Files\Norton AntiVirus\SAVScan.exe
    F:\WINDOWS\System32\wuauclt.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\Documents and Settings\Loco\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [WINSOS VERIFY] "F:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = F:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: FlashPath Monitor.lnk = F:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: InterVideo Scheduler server.lnk = F:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - F:\Program Files\mrbookmakerfrMPP\MPPoker.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120114164859
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A8E91F03-86D8-4E00-9477-D4D357A19765}: NameServer = 192.168.0.1
    O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - F:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    J'ai toujours des fenetres intempestives qui s'ouvrent sur firefox et IE... De la pub, un ecran noir qui m'indique que j'ai des spywares ... Apparemment plus de fenetre winfixer, mais toujours des pubs... (MrBpoker est utilisé sur ce PC et les problemes sont arrivés bien après son installation (6 mois))
    0
  8. bernie61
     
    salut Régis
    en complément il faut désinstaller WINSOS qui est listé Rogue
    a+
    0
  9. loco
     
    bonjour !

    J'ai désinstallé winsos avant tout comme le conseille bernie61

    Et voici le rapport smitfraud :

    SmitFraudFix v1.95

    Rapport fait à 11:02:47,37 le 16/11/2005
    Executé à partir de F:\Documents and Settings\Loco\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\WINDOWS

    F:\WINDOWS\desktop.html PRESENT !
    F:\WINDOWS\kl.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\Documents and Settings\Loco\Application Data

    F:\Documents and Settings\Loco\Application Data\Install.dat PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\Documents and Settings\Loco\Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
    0
  10. Utilisateur anonyme
     
    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
    ----------------------------------------------------------------------------
    Vérifie ceci:

    Démarrer > panneau de configuration > affichage
    clique sur l'onglet bureau
    clique sur personnalisation du bureau
    clique sur l'onglet Web
    supprime tout ce qui se trouve ici, sauf "Ma page d'accueil" qui doit rester DECOCHE

    Maintenant tu peux remettre un fond d'écran si tu l avais perdu!

    Ajoute un rapport hijackthis sur le forum…

    A bientôt.
    0
  11. loco
     
    merci...

    Le probleme de bureau figé est supprimé mais j'ai toujours les fenetres intempestives ...

    Voici le rapport smitfraud :

    SmitFraudFix v1.95

    Rapport fait à 15:29:41,90 le 16/11/2005
    Executé à partir de F:\Documents and Settings\Loco\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    F:\WINDOWS\desktop.html supprimé
    F:\WINDOWS\kl.exe supprimé
    F:\Documents and Settings\Loco\Application Data\Install.dat supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

    et le rapport Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 15:38:30, on 16/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\System32\rundll32.exe
    F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    F:\Program Files\SmartDisk\FlashPath\sdstat.exe
    F:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    F:\WINDOWS\System32\drivers\CDAC11BA.EXE
    F:\WINDOWS\System32\cisvc.exe
    F:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    F:\WINDOWS\System32\inetsrv\inetinfo.exe
    F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\WINDOWS\System32\nvsvc32.exe
    F:\WINDOWS\System32\tcpsvcs.exe
    F:\WINDOWS\System32\snmp.exe
    F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\mqsvc.exe
    F:\WINDOWS\System32\mqtgsvc.exe
    F:\Program Files\Norton AntiVirus\SAVScan.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\Adobe\Illustrator CS\Support Files\Contents\Windows\Illustrator.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\Documents and Settings\Loco\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [WINSOS VERIFY] "F:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = F:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: FlashPath Monitor.lnk = F:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: InterVideo Scheduler server.lnk = F:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - F:\Program Files\mrbookmakerfrMPP\MPPoker.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120114164859
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A8E91F03-86D8-4E00-9477-D4D357A19765}: NameServer = 192.168.0.1
    O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - F:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    encore merci pour l'aide ...
    0
  12. Utilisateur anonyme
     
    re,
    fixe ceci
    O4 - HKCU\..\Run: [WINSOS VERIFY] "F:\Program Files\WINSOS\WINSOS.EXE" MIN

    supprime ceci
    F:\Program Files\WINSOS\

    et remet un log

    a+
    0
  13. loco
     
    Voici mon rapport Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 17:02:39, on 16/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\System32\rundll32.exe
    F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    F:\Program Files\SmartDisk\FlashPath\sdstat.exe
    F:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    F:\WINDOWS\System32\drivers\CDAC11BA.EXE
    F:\WINDOWS\System32\cisvc.exe
    F:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    F:\WINDOWS\System32\inetsrv\inetinfo.exe
    F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\WINDOWS\System32\nvsvc32.exe
    F:\WINDOWS\System32\tcpsvcs.exe
    F:\WINDOWS\System32\snmp.exe
    F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\mqsvc.exe
    F:\WINDOWS\System32\mqtgsvc.exe
    F:\Program Files\Norton AntiVirus\SAVScan.exe
    F:\WINDOWS\System32\cidaemon.exe
    F:\WINDOWS\System32\cidaemon.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\Documents and Settings\Loco\Mes documents\HijackThis.exe
    F:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = F:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: FlashPath Monitor.lnk = F:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: InterVideo Scheduler server.lnk = F:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - F:\Program Files\mrbookmakerfrMPP\MPPoker.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120114164859
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A8E91F03-86D8-4E00-9477-D4D357A19765}: NameServer = 192.168.0.1
    O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - F:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  14. Utilisateur anonyme
     
    salut
    met moi le rapport option 1 de lm2fix
    et option 1 de smitfraudfix

    a+
    0
  15. loco
     
    L2MFIX find log 1.04a
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    "DLLName"="wzcdlg.dll"
    "Logon"="WZCEventLogon"
    "Logoff"="WZCEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000000

    Rapport Smitfraudfix :

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access AUTORITE NT\SYSTEM
    (IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-CI) DENY --C------- BUILTIN\Administrateurs
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-NI) ALLOW Full access BUILTIN\Administrateurs
    (ID-IO) ALLOW Full access BUILTIN\Administrateurs
    (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{4A223B94-8AF0-3F50-7FA7-D4D1F0BC81E8}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
    "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
    "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{604C5810-D0CC-11D2-955F-00C04F79ED8A}"="CIEL SA In-File System"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{BD54D083-FCF4-411A-90B7-60B190E6124F}"=""
    "{12A42C61-C2B9-4AA6-8508-737DB17ECEB4}"=""
    "{1F3DCC1E-1594-4A62-A05E-67AB1125FFA5}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{BD54D083-FCF4-411A-90B7-60B190E6124F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BD54D083-FCF4-411A-90B7-60B190E6124F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BD54D083-FCF4-411A-90B7-60B190E6124F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BD54D083-FCF4-411A-90B7-60B190E6124F}\InprocServer32]
    @="F:\\WINDOWS\\system32\\puspl.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{12A42C61-C2B9-4AA6-8508-737DB17ECEB4}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{12A42C61-C2B9-4AA6-8508-737DB17ECEB4}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{12A42C61-C2B9-4AA6-8508-737DB17ECEB4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{12A42C61-C2B9-4AA6-8508-737DB17ECEB4}\InprocServer32]
    @="F:\\WINDOWS\\system32\\pecDcd.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1F3DCC1E-1594-4A62-A05E-67AB1125FFA5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1F3DCC1E-1594-4A62-A05E-67AB1125FFA5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1F3DCC1E-1594-4A62-A05E-67AB1125FFA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1F3DCC1E-1594-4A62-A05E-67AB1125FFA5}\InprocServer32]
    @="F:\\WINDOWS\\system32\\omcache.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:
    Locate .tmp files:
    Directory Listing of system files:
    Le volume dans le lecteur F s'appelle System
    Le num‚ro de s‚rie du volume est E005-00F6

    R‚pertoire de F:\WINDOWS\System32

    16/11/2005 15:31 234ÿ085 wlpencen.dll
    15/11/2005 15:16 234ÿ085 ujer32.dll
    15/11/2005 15:14 234ÿ085 guard.tmp
    15/11/2005 13:13 234ÿ085 omcache.dll
    15/11/2005 13:11 234ÿ357 l2p20c7oef.dll
    15/11/2005 12:30 237ÿ091 drcdll.dll
    15/11/2005 12:19 237ÿ091 nhwrshe.dll
    14/11/2005 20:58 237ÿ091 puspl.dll
    14/11/2005 20:00 235ÿ650 dWd8thk.dll
    14/11/2005 19:57 234ÿ125 pecDcd.dll
    14/11/2005 13:58 234ÿ272 ilmp.dll
    08/11/2005 17:03 <REP> dllcache
    26/01/2005 14:03 <REP> Microsoft
    11 fichier(s) 2ÿ586ÿ017 octets
    2 R‚p(s) 27ÿ478ÿ224ÿ896 octets libres

    SmitFraudFix v1.95

    Rapport fait à 17:22:27,68 le 16/11/2005
    Executé à partir de F:\Documents and Settings\Loco\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\

    SmitFraudFix v1.95

    Rapport fait à 15:29:41,90 le 16/11/2005
    Executé à partir de F:\Documents and Settings\Loco\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    F:\WINDOWS\desktop.html supprimé
    F:\WINDOWS\kl.exe supprimé
    F:\Documents and Settings\Loco\Application Data\Install.dat supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\Documents and Settings\Loco\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\Documents and Settings\Loco\Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche F:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
    0
  16. Loco
     
    Donc pour infos, j'ai toujours les fenetres intempestives (genre winfixer) en 30min d'inactivité, 10 fenêtres s'ouvrent.
    Avant votre aide je n'avais plus de bureau et une 1 fenetre toutes les 30sec.

    Merci de votre aide pour en finir avec ces pubs...
    0
  17. Utilisateur anonyme
     
    salut
    je ne sais plus, tu avais fait option 2 du programme lm2fix? sinon fais le

    et remet un hijack this

    a+
    0
  • 1
  • 2