Infecté par log de pub : adware.look2me

je n'ai pas trouvé le fichier .bat mais en faisant recherche je suis tomber sur le fichier : c\windows\system32\cmd.exe
j'ai clické, puis et apparu un tableau :

L2Mfix tool by shadowwar 051206

1. run find log
2. run fix
3. view read me
4. remove L2Mfix account
5. fix autoexec.nt/cmd.exe error
E. exit

J'ai clické sur le 1 et j'ai eu ceci :

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n44sleh71h4.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6F754E9A-B479-B8FA-69D1-EC1EBCD1FE89}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BB0DF478-43D0-4148-A02C-4D58866F5628}"=""
"{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}"=""
"{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\InprocServer32]
@="C:\\WINDOWS\\system32\\PGDLIB32.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
pgdlib32.dll Sat 28 Oct 2006 22:58:34 ..S.R 235 437 229,92 K
comctl32.dll Fri 25 Aug 2006 17:51:14 A.... 617 472 603,00 K
fltlib.dll Mon 21 Aug 2006 14:26:16 A.... 16 896 16,50 K
xpsp3res.dll Mon 9 Oct 2006 23:12:26 A.... 230 400 225,00 K
pmkjj.dll Thu 26 Oct 2006 11:22:40 ..SH. 688 180 672,05 K
6to4svc.dll Wed 16 Aug 2006 13:59:28 A.... 100 352 98,00 K
shdocvw.dll Mon 4 Sep 2006 8:12:54 A.... 1 494 528 1,42 M
dn4u01~1.dll Sat 28 Oct 2006 21:46:32 ..S.R 235 703 230,18 K
dnr601~1.dll Sat 28 Oct 2006 22:38:26 ..S.R 236 128 230,59 K
ktlsl7~1.dll Sat 28 Oct 2006 22:58:34 ..S.R 237 174 231,61 K
legitc~1.dll Mon 7 Aug 2006 9:50:22 A.... 1 484 592 1,41 M
n44sle~1.dll Sat 28 Oct 2006 21:09:50 ..S.R 235 437 229,92 K
msxml3.dll Wed 13 Sep 2006 7:03:06 A.... 1 084 416 1,03 M
nticdm~1.dll Thu 26 Oct 2006 1:58:18 ...HR 1 024 1,00 K
w95inf16.dll Thu 26 Oct 2006 2:49:54 A.... 2 272 2,22 K
w95inf32.dll Thu 26 Oct 2006 2:49:54 A.... 4 608 4,50 K
s32evnt1.dll Fri 15 Sep 2006 22:52:12 A.... 91 904 89,75 K

17 items found: 17 files (7 H/S), 0 directories.
Total of file sizes: 6 996 523 bytes 6,67 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
setc0.tmp Thu 31 Aug 2006 7:56:36 A.... 463 872 453,00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 463 872 bytes 453,00 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2B1B-1302

R‚pertoire de C:\WINDOWS\System32

28/10/2006 22:58 235ÿ437 PGDLIB32.DLL
28/10/2006 22:58 237ÿ174 ktlsl7371.dll
28/10/2006 22:38 236ÿ128 dnr6019se.dll
28/10/2006 21:46 235ÿ703 dn4u01h9e.dll
28/10/2006 21:09 235ÿ437 n44sleh71h4.dll
26/10/2006 11:22 378 jjkmp.ini
26/10/2006 11:22 688ÿ180 pmkjj.dll
26/10/2006 03:43 16ÿ384 wu.exe
26/10/2006 01:39 <REP> Microsoft
26/10/2006 01:25 <REP> dllcache
26/10/2006 01:25 6ÿ144 access.ctl
30/09/1999 19:21 166ÿ672 mstext35.dll
28/09/1999 21:42 1ÿ050ÿ896 msjet35.dll
09/09/1999 22:06 252ÿ688 msexcl35.dll
09/09/1999 22:06 168ÿ720 msltus35.dll
25/08/1999 14:57 415ÿ504 msrepl35.dll
10/06/1999 09:34 123ÿ664 msjint35.dll
10/06/1999 09:34 24ÿ848 msjter35.dll
07/06/1999 18:59 250ÿ128 mspdox35.dll
25/04/1999 17:00 252ÿ176 Msrd2x35.dll
25/04/1999 17:00 368ÿ912 Vbar332.dll
25/04/1999 17:00 287ÿ504 Msxbse35.dll
20 fichier(s) 5ÿ252ÿ677 octets
2 R‚p(s) 92ÿ922ÿ707ÿ968 octets libres

Dois-je clické sur 2.Run fix


Merci de ton aide

Green day, j'ai réussi à faire ce que tu m'as demandé et le pc a redémarré. Puis j'ai eu un message d'erreur : il ne trouvé pas cleanup.bat.

J'ai donc ouvert L2Mfix et clické sur cleanup (ms-dos) et le bloc-notes s'est ouvert, il dit ceci :


Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (408)
Killing 'winlogon.exe'
winlogon.exe (496)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1804)
Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\WADFCoinstaller.dll",DllGetVersion (1608)
"C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (236)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\dn4u01h9e.dll
Successfully Deleted: C:\WINDOWS\system32\dn4u01h9e.dll
Deleting: C:\WINDOWS\system32\dnr6019se.dll
Successfully Deleted: C:\WINDOWS\system32\dnr6019se.dll
Deleting: C:\WINDOWS\system32\g222lcfo1f2c.dll
Successfully Deleted: C:\WINDOWS\system32\g222lcfo1f2c.dll
Deleting: C:\WINDOWS\system32\ktlsl7371.dll
Successfully Deleted: C:\WINDOWS\system32\ktlsl7371.dll
Deleting: C:\WINDOWS\system32\n44sleh71h4.dll
Successfully Deleted: C:\WINDOWS\system32\n44sleh71h4.dll
Deleting: C:\WINDOWS\system32\WADFCoinstaller.dll
Successfully Deleted: C:\WINDOWS\system32\WADFCoinstaller.dll

msg11?.dll
0 fichier(s) copi‚(s).
Desktop.ini sucessfully removed




Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n44sleh71h4.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\dn4u01h9e.dll
C:\WINDOWS\system32\dnr6019se.dll
C:\WINDOWS\system32\g222lcfo1f2c.dll
C:\WINDOWS\system32\ktlsl7371.dll
C:\WINDOWS\system32\n44sleh71h4.dll
C:\WINDOWS\system32\WADFCoinstaller.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\InprocServer32]
@="C:\\WINDOWS\\system32\\WADFCoinstaller.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BB0DF478-43D0-4148-A02C-4D58866F5628}"=-
"{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}"=-
[-HKEY_CLASSES_ROOT\CLSID\{BB0DF478-43D0-4148-A02C-4D58866F5628}]
[-HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/dn4u01h9e.dll (deflated 5%)
adding: dlls/dnr6019se.dll (deflated 5%)
adding: dlls/g222lcfo1f2c.dll (deflated 5%)
adding: dlls/ktlsl7371.dll (deflated 6%)
adding: dlls/n44sleh71h4.dll (deflated 5%)
adding: dlls/WADFCoinstaller.dll (deflated 5%)
adding: backregs/notibac.reg (deflated 87%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/92C8F96F-EE39-4A8F-9DB3-69701E5ECF33.reg (deflated 70%)



Ensuite, j'ai clické sur IE, le PC m'a demandé si c'était mon navigateur par défaut, j'ai répondu oui , et je t'écris actuellement sans avoir de fenetres IE qui s'ouvrent.
C'est génial, on dirait que çamarche !

C'est quoi hisjackthis déjà??

Merci bcp Green Day!!

Salut Green day

Je te remercie encore pour ton aide.
J'ai effectué les opérations demandées et t'envoie les 3 rapports
Dois-je cocher des lignes sur hijackthis?
Attends tes conseils et recommandations

Merci
Raph




1) Ewido

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 01:00:40 29/10/2006

+ Scan result:



C:\Documents and Settings\Raphaël\Local Settings\Temporary Internet Files\Content.IE5\Y7O1WTG3\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP125\A0011225.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP78\A0008372.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000210.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000251.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000252.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000253.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000254.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000255.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000256.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001048.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001052.dLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001061.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001093.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP123\A0010448.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP124\A0011173.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP125\A0011227.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP126\A0011303.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011390.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011404.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011415.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011418.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011419.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011420.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011421.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011425.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011426.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011427.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011428.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011429.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011430.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011432.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011433.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011436.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011437.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011438.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011440.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011443.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011448.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011622.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011633.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011635.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011641.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011647.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP12\A0001117.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP12\A0001121.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP134\A0011981.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012134.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012249.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012250.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012251.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012252.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012253.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012254.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012255.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012258.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012259.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013328.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013329.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013343.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014275.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014324.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014334.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014338.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014342.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014346.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014348.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014351.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014352.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014353.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014355.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014359.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014365.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014383.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001154.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001161.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001184.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001188.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0002302.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP73\A0003105.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP73\A0003110.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP74\A0003306.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP74\A0003313.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0003410.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0003471.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0003472.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0004375.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0004378.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP9\A0000877.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013337.exe -> Adware.Systemdoctor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP123\A0010488.exe -> Backdoor.IRCBot.xn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001060.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\mc44a37.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001062.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011431.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000205.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000693.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP12\A0001116.EXE -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000336.exe -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000476.exe -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000676.EXE -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011422.exe -> Downloader.PurityScan.db : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001055.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001097.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000202.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000341.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000484.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP74\A0003330.exe -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000691.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000831.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000863.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP9\A0000881.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011410.dll -> Hijacker.Small.mb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011411.dll -> Hijacker.Small.mb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011412.dll -> Hijacker.Small.mb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP78\A0009173.DLL -> Hijacker.Small.mb : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Local Settings\Temporary Internet Files\Content.IE5\2ZGZI9AT\SystemDoctor2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IIGH82EH\installdrivecleanerstart_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Ignored.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\raphaël@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\Temp\Cookies\raphaël@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Raphaël\Cookies\raphaël@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\WINDOWS\Temp\Cookies\raphaël@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\WINDOWS\Temp\Cookies\raphaël@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Raphaël\Cookies\raphaël@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\WINDOWS\Temp\Cookies\raphaël@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


2) Bitdefender

BitDefender Online Scanner



Scan report generated at: Sun, Oct 29, 2006 - 19:48:14





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
00:46:31

Files
237893

Folders
3615

Boot Sectors
3

Archives
7418

Packed Files
17399




Results

Identified Viruses
5

Infected Files
8

Suspect Files
7

Warnings
0

Disinfected
0

Deleted Files
22




Engines Info

Virus Definitions
479358

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\system32\wu.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\wu.exe
Disinfection failed

C:\WINDOWS\system32\wu.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000203.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000203.exe
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000203.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000343.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000343.exe
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000343.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000692.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000692.exe
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000692.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000835.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000835.exe
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000835.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000865.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000865.exe
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000865.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012147.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.dld!!.F67304D8

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012147.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012147.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012148.DLL=>(Quarantine-2)
Infected with: MemScan:Trojan.Virtumod.BL

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012148.DLL=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012148.DLL=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012149.dll=>(Quarantine-2)
Infected with: MemScan:Trojan.Virtumod.BL

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012149.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012149.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012150.exe=>(Quarantine-2)
Infected with: Generic.Sdbot.F001AFB6

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012150.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012151.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012151.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012151.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012152.dll=>(Quarantine-2)
Infected with: MemScan:Trojan.Virtumod.BL

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012152.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012152.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012153.dll=>(Quarantine-2)
Infected with: MemScan:Trojan.Virtumod.BL

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012153.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012153.dll=>(Quarantine-2)
Deleted

C:\RECYCLED\NPROTECT\00000640.exe
Infected with: Trojan.Downloader.Adload.FG

C:\RECYCLED\NPROTECT\00000640.exe
Disinfection failed

C:\RECYCLED\NPROTECT\00000640.exe
Deleted

C:\RECYCLED\NPROTECT\00000981.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\RECYCLED\NPROTECT\00000981.exe
Disinfection failed

C:\RECYCLED\NPROTECT\00000981.exe
Deleted


+ BitDefender Online Scanner - Real Time Virus Report



Generated at: Sun, Oct 29, 2006 - 19:51:04


--------------------------------------------------------------------------------





Scan Info



Scanned Files
240518

Infected Files
15








Virus Detected



MemScan:Trojan.Virtumod.BL
4

Trojan.Downloader.Adload.FG
1

DeepScan:Generic.Mitglied.687CAF98
1

DeepScan:Generic.Malware.dld!!.F67304D8
1

BehavesLike:Trojan.Downloader
7

Generic.Sdbot.F001AFB6
1

3) Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 20:00:47, on 29/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec\Web Tools\CKA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\RAPHAËL\LOCALS~1\Temp\Rar$EX03.000\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Norton Disk Doctor.LNK = I:\NSW2004\NU\NDD32.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n44sleh71h4.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

re,
N'obtenant pas la page demandée, j'ai réussi à faire un scan on line sur f-sécure. En voici le rapport en attendant de tes nouvelles:

Scanning Report
Sunday, October 29, 2006 23:26:31 - 00:59:59
Computer name: ZEBRA3
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 21 malware found
Tracking Cookie (spyware)
System (Disinfected)
System (Disinfected)
System
System
System
System
System
System
System
Trojan-Downloader.Win32.Adload.fu (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014557.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014558.EXE (Renamed & Submitted)
W32/NetworkWorm (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001054.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001098.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP9\A0000882.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000690.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000832.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000862.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000201.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000342.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000485.EXE (Submitted)
C:\WINDOWS\YAZZLEBUNDLE-1125.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 44251
System: 5012
Not scanned: 2
Actions:
Disinfected: 2
Renamed: 2
Deleted: 0
None: 17
Submitted: 12
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-27
F-Secure Libra: 2.4.1, 2006-10-26
F-Secure Orion: 1.2.37, 2006-10-27
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 0259-24-212
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

Merci!

Salut Green Day

J'ai fait ce que tu m'as indiquée et voici le rapport :

10/30/06 22:00:12 [Info]: BlackLight Engine 1.0.47 initialized
10/30/06 22:00:12 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/30/06 22:00:13 [Note]: 7019 4
10/30/06 22:00:13 [Note]: 7005 0
10/30/06 22:00:19 [Note]: 7006 0
10/30/06 22:00:19 [Note]: 7011 2588
10/30/06 22:00:19 [Note]: 7026 0
10/30/06 22:00:19 [Note]: 7026 0
10/30/06 22:00:27 [Note]: FSRAW library version 1.7.1020
10/30/06 22:00:47 [Note]: 2000 1012
10/30/06 22:02:27 [Note]: 7007 0

ça veut dire quoi tout ça????

Et maintenant, que faire???

Merci


PS : Au fait Green day, t'es un homme ou une femme ?
Et pourquoi Green Day?

Réponds si pas c'est indiscret, sinon laisse tomber!!

@+

Salut Green Day

Merci beaucoup pour ton aide. Pour le moment plus de probleme.
J'espère que la prochaine fois que j'ai un probleme, je pourrais compter sur toi car tu es éfficace!

Bise, bye bye

** S'il n'y pas de solutions, c'est qu'il n'y a pas de problème.**
Device SHADOK

Salut :-)

ravie d'avoir pu t'aider !

le forum virus/sécurité est très dynamique : il y aura toujours une personne pour depanner ;-)

un peu de lecture au passage :

https://sebsauvage.net/safehex.html

securite proteger un ordinateur contre les malwares d internet

bon surf !

@+

PS : sympa la devise lol

**En vérité, le chemin importe peu, la volonté d'arriver suffit à tout ( A.Camus ) **