Infecté par log de pub : adware.look2me

Résolu
RAY CHARLES Messages postés 16 Statut Membre -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour à tous les membres de ccm,

Je sollicite votre aide pour un problème qui a envahie ma vie depuis quelques jour. En effet, lorsque je vais sur IE, ma page de démarrage s'affiche correctement (pb que j'ai réussi à résoudre malgrè mes faibles connaissances informatiques), puis au bout de quelques intants, des fenêtre windows apparaissent avec des pub du style : meetic, analyser son ordi contre les virus, achats de maisons, et etc...

Après analyse, je me suis aperçu que j'étais infecté par adware.look2me; et malgré l'aide de de Symantec sécurity réponse, je n'arrive pas a m'en débarrasser.

J'utilise : window XP familiale version 2002 SP2 ET Internet Explorer.

Attend rapidement votre aide et vos conseils avisés en langage informatique simple svp

Merc bcp

10 réponses

  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut !

    Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe

    - Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
    - Dézipper l2mfix.exe sur le bureau ;
    - Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
    - Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
    => Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.

    ++
    0
    1. RAY CHARLES Messages postés 16 Statut Membre
       
      je n'ai pas trouvé le fichier .bat mais en faisant recherche je suis tomber sur le fichier : c\windows\system32\cmd.exe
      j'ai clické, puis et apparu un tableau :

      L2Mfix tool by shadowwar 051206

      1. run find log
      2. run fix
      3. view read me
      4. remove L2Mfix account
      5. fix autoexec.nt/cmd.exe error
      E. exit

      J'ai clické sur le 1 et j'ai eu ceci :

      L2MFIX find log 051206
      These are the registry keys present
      **********************************************************************************
      Winlogon/notify:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
      "Asynchronous"=dword:00000000
      "DllName"=""
      "Impersonate"=dword:00000000
      "Logon"="WinLogon"
      "Logoff"="WinLogoff"
      "Shutdown"="WinShutdown"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
      "Asynchronous"=dword:00000000
      "DllName"="C:\\WINDOWS\\system32\\n44sleh71h4.dll"
      "Impersonate"=dword:00000000
      "Logon"="WinLogon"
      "Logoff"="WinLogoff"
      "Shutdown"="WinShutdown"

      **********************************************************************************
      useragent:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      "{6F754E9A-B479-B8FA-69D1-EC1EBCD1FE89}"=""

      **********************************************************************************
      Shell Extension key:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
      "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
      "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
      "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
      "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
      "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
      "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
      "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
      "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
      "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
      "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
      "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
      "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
      "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
      "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
      "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
      "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
      "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
      "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
      "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
      "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
      "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
      "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
      "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
      "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
      "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
      "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
      "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
      "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
      "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
      "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
      "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
      "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
      "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
      "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
      "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
      "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
      "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
      "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
      "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
      "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
      "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
      "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
      "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
      "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
      "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
      "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
      "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
      "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
      "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
      "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
      "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
      "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
      "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
      "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
      "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
      "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
      "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
      "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
      "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
      "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
      "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
      "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
      "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
      "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
      "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
      "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
      "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
      "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
      "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
      "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
      "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
      "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
      "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
      "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
      "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
      "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
      "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
      "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
      "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
      "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
      "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
      "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
      "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
      "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
      "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
      "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
      "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
      "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
      "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
      "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
      "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
      "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
      "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
      "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
      "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
      "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
      "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
      "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
      "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
      "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
      "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
      "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
      "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
      "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
      "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
      "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
      "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
      "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
      "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
      "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
      "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
      "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
      "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
      "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
      "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
      "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
      "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
      "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
      "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
      "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
      "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
      "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
      "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
      "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
      "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
      "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
      "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
      "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
      "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
      "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
      "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
      "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
      "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
      "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
      "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
      "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
      "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
      "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
      "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
      "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
      "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
      "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
      "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
      "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
      "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
      "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
      "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
      "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
      "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
      "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
      "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
      "{BB0DF478-43D0-4148-A02C-4D58866F5628}"=""
      "{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}"=""
      "{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
      "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
      "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
      "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
      "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
      "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
      "{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
      "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
      "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
      "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
      "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
      "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
      "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
      "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
      "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

      **********************************************************************************
      HKEY ROOT CLASSIDS:
      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\InprocServer32]
      @="C:\\WINDOWS\\system32\\PGDLIB32.DLL"
      "ThreadingModel"="Apartment"

      **********************************************************************************
      Files Found are not all bad files:

      C:\WINDOWS\SYSTEM32\
      pgdlib32.dll Sat 28 Oct 2006 22:58:34 ..S.R 235 437 229,92 K
      comctl32.dll Fri 25 Aug 2006 17:51:14 A.... 617 472 603,00 K
      fltlib.dll Mon 21 Aug 2006 14:26:16 A.... 16 896 16,50 K
      xpsp3res.dll Mon 9 Oct 2006 23:12:26 A.... 230 400 225,00 K
      pmkjj.dll Thu 26 Oct 2006 11:22:40 ..SH. 688 180 672,05 K
      6to4svc.dll Wed 16 Aug 2006 13:59:28 A.... 100 352 98,00 K
      shdocvw.dll Mon 4 Sep 2006 8:12:54 A.... 1 494 528 1,42 M
      dn4u01~1.dll Sat 28 Oct 2006 21:46:32 ..S.R 235 703 230,18 K
      dnr601~1.dll Sat 28 Oct 2006 22:38:26 ..S.R 236 128 230,59 K
      ktlsl7~1.dll Sat 28 Oct 2006 22:58:34 ..S.R 237 174 231,61 K
      legitc~1.dll Mon 7 Aug 2006 9:50:22 A.... 1 484 592 1,41 M
      n44sle~1.dll Sat 28 Oct 2006 21:09:50 ..S.R 235 437 229,92 K
      msxml3.dll Wed 13 Sep 2006 7:03:06 A.... 1 084 416 1,03 M
      nticdm~1.dll Thu 26 Oct 2006 1:58:18 ...HR 1 024 1,00 K
      w95inf16.dll Thu 26 Oct 2006 2:49:54 A.... 2 272 2,22 K
      w95inf32.dll Thu 26 Oct 2006 2:49:54 A.... 4 608 4,50 K
      s32evnt1.dll Fri 15 Sep 2006 22:52:12 A.... 91 904 89,75 K

      17 items found: 17 files (7 H/S), 0 directories.
      Total of file sizes: 6 996 523 bytes 6,67 M
      Locate .tmp files:

      C:\WINDOWS\SYSTEM32\
      setc0.tmp Thu 31 Aug 2006 7:56:36 A.... 463 872 453,00 K

      1 item found: 1 file, 0 directories.
      Total of file sizes: 463 872 bytes 453,00 K
      **********************************************************************************
      Directory Listing of system files:
      Le volume dans le lecteur C n'a pas de nom.
      Le num‚ro de s‚rie du volume est 2B1B-1302

      R‚pertoire de C:\WINDOWS\System32

      28/10/2006 22:58 235ÿ437 PGDLIB32.DLL
      28/10/2006 22:58 237ÿ174 ktlsl7371.dll
      28/10/2006 22:38 236ÿ128 dnr6019se.dll
      28/10/2006 21:46 235ÿ703 dn4u01h9e.dll
      28/10/2006 21:09 235ÿ437 n44sleh71h4.dll
      26/10/2006 11:22 378 jjkmp.ini
      26/10/2006 11:22 688ÿ180 pmkjj.dll
      26/10/2006 03:43 16ÿ384 wu.exe
      26/10/2006 01:39 <REP> Microsoft
      26/10/2006 01:25 <REP> dllcache
      26/10/2006 01:25 6ÿ144 access.ctl
      30/09/1999 19:21 166ÿ672 mstext35.dll
      28/09/1999 21:42 1ÿ050ÿ896 msjet35.dll
      09/09/1999 22:06 252ÿ688 msexcl35.dll
      09/09/1999 22:06 168ÿ720 msltus35.dll
      25/08/1999 14:57 415ÿ504 msrepl35.dll
      10/06/1999 09:34 123ÿ664 msjint35.dll
      10/06/1999 09:34 24ÿ848 msjter35.dll
      07/06/1999 18:59 250ÿ128 mspdox35.dll
      25/04/1999 17:00 252ÿ176 Msrd2x35.dll
      25/04/1999 17:00 368ÿ912 Vbar332.dll
      25/04/1999 17:00 287ÿ504 Msxbse35.dll
      20 fichier(s) 5ÿ252ÿ677 octets
      2 R‚p(s) 92ÿ922ÿ707ÿ968 octets libres

      Dois-je clické sur 2.Run fix


      Merci de ton aide
      0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ok,

    - Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
    - Double-cliquer sur l2mfix.bat ;
    - Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
    - A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
    => Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.

    ensuite reposte un nouveau hijackthis stp

    ++
    0
    1. RAY CHARLES Messages postés 16 Statut Membre
       
      Green day, j'ai réussi à faire ce que tu m'as demandé et le pc a redémarré. Puis j'ai eu un message d'erreur : il ne trouvé pas cleanup.bat.

      J'ai donc ouvert L2Mfix et clické sur cleanup (ms-dos) et le bloc-notes s'est ouvert, il dit ceci :


      Creating Account.
      La commande s'est termin‚e correctement.

      Adding Administrative privleges.
      Checking for L2MFix account(0=no 1=yes):
      1
      Granting SeDebugPrivilege to L2MFIX ... successful

      Running From:
      C:\WINDOWS\system32

      Killing Processes!
      Killing 'smss.exe'
      \SystemRoot\System32\smss.exe (408)
      Killing 'winlogon.exe'
      winlogon.exe (496)
      Killing 'explorer.exe'
      C:\WINDOWS\Explorer.EXE (1804)
      Killing 'rundll32.exe'
      rundll32.exe "C:\WINDOWS\system32\WADFCoinstaller.dll",DllGetVersion (1608)
      "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (236)
      Restoring Sedebugprivilege:
      Granting SeDebugPrivilege to Administrateurs ... successful

      Scanning First Pass. Please Wait!

      First Pass Completed

      Second Pass Scanning

      Second pass Completed!
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      Deleting: C:\WINDOWS\system32\dn4u01h9e.dll
      Successfully Deleted: C:\WINDOWS\system32\dn4u01h9e.dll
      Deleting: C:\WINDOWS\system32\dnr6019se.dll
      Successfully Deleted: C:\WINDOWS\system32\dnr6019se.dll
      Deleting: C:\WINDOWS\system32\g222lcfo1f2c.dll
      Successfully Deleted: C:\WINDOWS\system32\g222lcfo1f2c.dll
      Deleting: C:\WINDOWS\system32\ktlsl7371.dll
      Successfully Deleted: C:\WINDOWS\system32\ktlsl7371.dll
      Deleting: C:\WINDOWS\system32\n44sleh71h4.dll
      Successfully Deleted: C:\WINDOWS\system32\n44sleh71h4.dll
      Deleting: C:\WINDOWS\system32\WADFCoinstaller.dll
      Successfully Deleted: C:\WINDOWS\system32\WADFCoinstaller.dll

      msg11?.dll
      0 fichier(s) copi‚(s).
      Desktop.ini sucessfully removed




      Restoring Windows Update Certificates.:

      The following Is the Current Export of the Winlogon notify key:
      ****************************************************************************
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
      6c,00,00,00
      "Logoff"="ChainWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Logoff"="CryptnetWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
      "DLLName"="cscdll.dll"
      "Logon"="WinlogonLogonEvent"
      "Logoff"="WinlogonLogoffEvent"
      "ScreenSaver"="WinlogonScreenSaverEvent"
      "Startup"="WinlogonStartupEvent"
      "Shutdown"="WinlogonShutdownEvent"
      "StartShell"="WinlogonStartShellEvent"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx]
      "Asynchronous"=dword:00000000
      "DllName"="C:\\WINDOWS\\system32\\n44sleh71h4.dll"
      "Impersonate"=dword:00000000
      "Logon"="WinLogon"
      "Logoff"="WinLogoff"
      "Shutdown"="WinShutdown"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
      "DLLName"="wlnotify.dll"
      "Logon"="SCardStartCertProp"
      "Logoff"="SCardStopCertProp"
      "Lock"="SCardSuspendCertProp"
      "Unlock"="SCardResumeCertProp"
      "Enabled"=dword:00000001
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "StartShell"="SchedStartShell"
      "Logoff"="SchedEventLogOff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
      "Logoff"="WLEventLogoff"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001
      "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
      "DLLName"="WlNotify.dll"
      "Lock"="SensLockEvent"
      "Logon"="SensLogonEvent"
      "Logoff"="SensLogoffEvent"
      "Safe"=dword:00000001
      "MaxWait"=dword:00000258
      "StartScreenSaver"="SensStartScreenSaverEvent"
      "StopScreenSaver"="SensStopScreenSaverEvent"
      "Startup"="SensStartupEvent"
      "Shutdown"="SensShutdownEvent"
      "StartShell"="SensStartShellEvent"
      "PostShell"="SensPostShellEvent"
      "Disconnect"="SensDisconnectEvent"
      "Reconnect"="SensReconnectEvent"
      "Unlock"="SensUnlockEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "Logoff"="TSEventLogoff"
      "Logon"="TSEventLogon"
      "PostShell"="TSEventPostShell"
      "Shutdown"="TSEventShutdown"
      "StartShell"="TSEventStartShell"
      "Startup"="TSEventStartup"
      "MaxWait"=dword:00000258
      "Reconnect"="TSEventReconnect"
      "Disconnect"="TSEventDisconnect"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
      "DLLName"="wlnotify.dll"
      "Logon"="RegisterTicketExpiredNotificationEvent"
      "Logoff"="UnregisterTicketExpiredNotificationEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001


      The following are the files found:
      ****************************************************************************
      C:\WINDOWS\system32\dn4u01h9e.dll
      C:\WINDOWS\system32\dnr6019se.dll
      C:\WINDOWS\system32\g222lcfo1f2c.dll
      C:\WINDOWS\system32\ktlsl7371.dll
      C:\WINDOWS\system32\n44sleh71h4.dll
      C:\WINDOWS\system32\WADFCoinstaller.dll

      Registry Entries that were Deleted:
      Please verify that the listing looks ok.
      If there was something deleted wrongly there are backups in the backreg folder.
      ****************************************************************************
      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\InprocServer32]
      @="C:\\WINDOWS\\system32\\WADFCoinstaller.dll"
      "ThreadingModel"="Apartment"

      REGEDIT4

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
      "{BB0DF478-43D0-4148-A02C-4D58866F5628}"=-
      "{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}"=-
      [-HKEY_CLASSES_ROOT\CLSID\{BB0DF478-43D0-4148-A02C-4D58866F5628}]
      [-HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
      REGEDIT4

      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      "SV1"=""
      ****************************************************************************
      Desktop.ini Contents:
      ****************************************************************************
      [.ShellClassInfo]
      CLSID={645FF040-5081-101B-9F08-00AA002F954E}
      ****************************************************************************
      Checking for L2MFix account(0=no 1=yes):
      0
      Zipping up files for submission:
      adding: dlls/dn4u01h9e.dll (deflated 5%)
      adding: dlls/dnr6019se.dll (deflated 5%)
      adding: dlls/g222lcfo1f2c.dll (deflated 5%)
      adding: dlls/ktlsl7371.dll (deflated 6%)
      adding: dlls/n44sleh71h4.dll (deflated 5%)
      adding: dlls/WADFCoinstaller.dll (deflated 5%)
      adding: backregs/notibac.reg (deflated 87%)
      adding: backregs/shell.reg (deflated 73%)
      adding: backregs/92C8F96F-EE39-4A8F-9DB3-69701E5ECF33.reg (deflated 70%)



      Ensuite, j'ai clické sur IE, le PC m'a demandé si c'était mon navigateur par défaut, j'ai répondu oui , et je t'écris actuellement sans avoir de fenetres IE qui s'ouvrent.
      C'est génial, on dirait que çamarche !

      C'est quoi hisjackthis déjà??

      Merci bcp Green Day!!
      0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ok !

    oups ! tout est indiqué ici : merci de coller les 3 rapports, cela dis, tu n'es pas obligé de tout faire pour ce soir !

    virus methode preliminaire de desinfection version fr

    ++

    0
  4. RAY CHARLES Messages postés 16 Statut Membre
     
    1er rapport:

    L2MFIX find log 051206
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    "Asynchronous"=dword:00000000
    "DllName"=""
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\n44sleh71h4.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{6F754E9A-B479-B8FA-69D1-EC1EBCD1FE89}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{BB0DF478-43D0-4148-A02C-4D58866F5628}"=""
    "{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}"=""
    "{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
    "{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
    "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\InprocServer32]
    @="C:\\WINDOWS\\system32\\PGDLIB32.DLL"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    pgdlib32.dll Sat 28 Oct 2006 22:58:34 ..S.R 235 437 229,92 K
    comctl32.dll Fri 25 Aug 2006 17:51:14 A.... 617 472 603,00 K
    fltlib.dll Mon 21 Aug 2006 14:26:16 A.... 16 896 16,50 K
    xpsp3res.dll Mon 9 Oct 2006 23:12:26 A.... 230 400 225,00 K
    pmkjj.dll Thu 26 Oct 2006 11:22:40 ..SH. 688 180 672,05 K
    6to4svc.dll Wed 16 Aug 2006 13:59:28 A.... 100 352 98,00 K
    shdocvw.dll Mon 4 Sep 2006 8:12:54 A.... 1 494 528 1,42 M
    dn4u01~1.dll Sat 28 Oct 2006 21:46:32 ..S.R 235 703 230,18 K
    dnr601~1.dll Sat 28 Oct 2006 22:38:26 ..S.R 236 128 230,59 K
    ktlsl7~1.dll Sat 28 Oct 2006 22:58:34 ..S.R 237 174 231,61 K
    legitc~1.dll Mon 7 Aug 2006 9:50:22 A.... 1 484 592 1,41 M
    n44sle~1.dll Sat 28 Oct 2006 21:09:50 ..S.R 235 437 229,92 K
    msxml3.dll Wed 13 Sep 2006 7:03:06 A.... 1 084 416 1,03 M
    nticdm~1.dll Thu 26 Oct 2006 1:58:18 ...HR 1 024 1,00 K
    w95inf16.dll Thu 26 Oct 2006 2:49:54 A.... 2 272 2,22 K
    w95inf32.dll Thu 26 Oct 2006 2:49:54 A.... 4 608 4,50 K
    s32evnt1.dll Fri 15 Sep 2006 22:52:12 A.... 91 904 89,75 K

    17 items found: 17 files (7 H/S), 0 directories.
    Total of file sizes: 6 996 523 bytes 6,67 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    setc0.tmp Thu 31 Aug 2006 7:56:36 A.... 463 872 453,00 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 463 872 bytes 453,00 K
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 2B1B-1302

    R‚pertoire de C:\WINDOWS\System32

    28/10/2006 22:58 235ÿ437 PGDLIB32.DLL
    28/10/2006 22:58 237ÿ174 ktlsl7371.dll
    28/10/2006 22:38 236ÿ128 dnr6019se.dll
    28/10/2006 21:46 235ÿ703 dn4u01h9e.dll
    28/10/2006 21:09 235ÿ437 n44sleh71h4.dll
    26/10/2006 11:22 378 jjkmp.ini
    26/10/2006 11:22 688ÿ180 pmkjj.dll
    26/10/2006 03:43 16ÿ384 wu.exe
    26/10/2006 01:39 <REP> Microsoft
    26/10/2006 01:25 <REP> dllcache
    26/10/2006 01:25 6ÿ144 access.ctl
    30/09/1999 19:21 166ÿ672 mstext35.dll
    28/09/1999 21:42 1ÿ050ÿ896 msjet35.dll
    09/09/1999 22:06 252ÿ688 msexcl35.dll
    09/09/1999 22:06 168ÿ720 msltus35.dll
    25/08/1999 14:57 415ÿ504 msrepl35.dll
    10/06/1999 09:34 123ÿ664 msjint35.dll
    10/06/1999 09:34 24ÿ848 msjter35.dll
    07/06/1999 18:59 250ÿ128 mspdox35.dll
    25/04/1999 17:00 252ÿ176 Msrd2x35.dll
    25/04/1999 17:00 368ÿ912 Vbar332.dll
    25/04/1999 17:00 287ÿ504 Msxbse35.dll
    20 fichier(s) 5ÿ252ÿ677 octets
    2 R‚p(s) 92ÿ922ÿ707ÿ968 octets libres

    2ème rapport
    L2MFIX find log 051206
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    "Asynchronous"=dword:00000000
    "DllName"=""
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\n44sleh71h4.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{6F754E9A-B479-B8FA-69D1-EC1EBCD1FE89}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{BB0DF478-43D0-4148-A02C-4D58866F5628}"=""
    "{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}"=""
    "{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
    "{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
    "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\InprocServer32]
    @="C:\\WINDOWS\\system32\\PGDLIB32.DLL"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    pgdlib32.dll Sat 28 Oct 2006 22:58:34 ..S.R 235 437 229,92 K
    comctl32.dll Fri 25 Aug 2006 17:51:14 A.... 617 472 603,00 K
    fltlib.dll Mon 21 Aug 2006 14:26:16 A.... 16 896 16,50 K
    xpsp3res.dll Mon 9 Oct 2006 23:12:26 A.... 230 400 225,00 K
    pmkjj.dll Thu 26 Oct 2006 11:22:40 ..SH. 688 180 672,05 K
    6to4svc.dll Wed 16 Aug 2006 13:59:28 A.... 100 352 98,00 K
    shdocvw.dll Mon 4 Sep 2006 8:12:54 A.... 1 494 528 1,42 M
    dn4u01~1.dll Sat 28 Oct 2006 21:46:32 ..S.R 235 703 230,18 K
    dnr601~1.dll Sat 28 Oct 2006 22:38:26 ..S.R 236 128 230,59 K
    ktlsl7~1.dll Sat 28 Oct 2006 22:58:34 ..S.R 237 174 231,61 K
    legitc~1.dll Mon 7 Aug 2006 9:50:22 A.... 1 484 592 1,41 M
    n44sle~1.dll Sat 28 Oct 2006 21:09:50 ..S.R 235 437 229,92 K
    msxml3.dll Wed 13 Sep 2006 7:03:06 A.... 1 084 416 1,03 M
    nticdm~1.dll Thu 26 Oct 2006 1:58:18 ...HR 1 024 1,00 K
    w95inf16.dll Thu 26 Oct 2006 2:49:54 A.... 2 272 2,22 K
    w95inf32.dll Thu 26 Oct 2006 2:49:54 A.... 4 608 4,50 K
    s32evnt1.dll Fri 15 Sep 2006 22:52:12 A.... 91 904 89,75 K

    17 items found: 17 files (7 H/S), 0 directories.
    Total of file sizes: 6 996 523 bytes 6,67 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    setc0.tmp Thu 31 Aug 2006 7:56:36 A.... 463 872 453,00 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 463 872 bytes 453,00 K
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 2B1B-1302

    R‚pertoire de C:\WINDOWS\System32

    28/10/2006 22:58 235ÿ437 PGDLIB32.DLL
    28/10/2006 22:58 237ÿ174 ktlsl7371.dll
    28/10/2006 22:38 236ÿ128 dnr6019se.dll
    28/10/2006 21:46 235ÿ703 dn4u01h9e.dll
    28/10/2006 21:09 235ÿ437 n44sleh71h4.dll
    26/10/2006 11:22 378 jjkmp.ini
    26/10/2006 11:22 688ÿ180 pmkjj.dll
    26/10/2006 03:43 16ÿ384 wu.exe
    26/10/2006 01:39 <REP> Microsoft
    26/10/2006 01:25 <REP> dllcache
    26/10/2006 01:25 6ÿ144 access.ctl
    30/09/1999 19:21 166ÿ672 mstext35.dll
    28/09/1999 21:42 1ÿ050ÿ896 msjet35.dll
    09/09/1999 22:06 252ÿ688 msexcl35.dll
    09/09/1999 22:06 168ÿ720 msltus35.dll
    25/08/1999 14:57 415ÿ504 msrepl35.dll
    10/06/1999 09:34 123ÿ664 msjint35.dll
    10/06/1999 09:34 24ÿ848 msjter35.dll
    07/06/1999 18:59 250ÿ128 mspdox35.dll
    25/04/1999 17:00 252ÿ176 Msrd2x35.dll
    25/04/1999 17:00 368ÿ912 Vbar332.dll
    25/04/1999 17:00 287ÿ504 Msxbse35.dll
    20 fichier(s) 5ÿ252ÿ677 octets
    2 R‚p(s) 92ÿ922ÿ707ÿ968 octets libres
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    euh ! c'est pas les bons rapports :)

    suis les indications du lien ;-)

    ++
    0
    1. RAY CHARLES Messages postés 16 Statut Membre
       
      Salut Green day

      Je te remercie encore pour ton aide.
      J'ai effectué les opérations demandées et t'envoie les 3 rapports
      Dois-je cocher des lignes sur hijackthis?
      Attends tes conseils et recommandations

      Merci
      Raph




      1) Ewido

      ewido anti-spyware - Scan Report
      ---------------------------------------------------------

      + Created at: 01:00:40 29/10/2006

      + Scan result:



      C:\Documents and Settings\Raphaël\Local Settings\Temporary Internet Files\Content.IE5\Y7O1WTG3\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP125\A0011225.exe -> Adware.AdURL : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP78\A0008372.exe -> Adware.AdURL : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000210.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000251.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000252.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000253.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000254.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000255.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000256.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000567.zip/dlls/WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000567.zip/dlls/dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000567.zip/dlls/dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000567.zip/dlls/g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000567.zip/dlls/ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000567.zip/dlls/n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000568.zip/dlls/WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000568.zip/dlls/dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000568.zip/dlls/dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000568.zip/dlls/g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000568.zip/dlls/ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\RECYCLED\NPROTECT\00000568.zip/dlls/n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001048.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001052.dLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001061.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001093.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP123\A0010448.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP124\A0011173.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP125\A0011227.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP126\A0011303.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011390.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011404.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011415.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011418.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011419.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011420.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011421.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011425.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011426.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011427.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011428.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011429.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011430.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011432.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011433.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011436.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011437.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011438.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011440.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011443.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011448.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011622.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011633.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011635.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011641.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011647.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP12\A0001117.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP12\A0001121.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP134\A0011981.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012134.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012249.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012250.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012251.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012252.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012253.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012254.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012255.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012258.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012259.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013328.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013329.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013343.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014275.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014324.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014334.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014338.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014342.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014346.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014348.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014351.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014352.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014353.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014355.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014359.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014365.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014383.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001154.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001161.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001184.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001188.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0002302.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP73\A0003105.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP73\A0003110.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP74\A0003306.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP74\A0003313.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0003410.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0003471.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0003472.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0004375.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0004378.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP9\A0000877.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013337.exe -> Adware.Systemdoctor : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP123\A0010488.exe -> Backdoor.IRCBot.xn : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001060.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
      C:\mc44a37.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001062.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011431.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000205.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000693.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP12\A0001116.EXE -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000336.exe -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000476.exe -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000676.EXE -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011422.exe -> Downloader.PurityScan.db : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001055.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001097.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000202.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000341.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000484.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP74\A0003330.exe -> Downloader.Small.duf : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000691.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000831.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000863.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP9\A0000881.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011410.dll -> Hijacker.Small.mb : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011411.dll -> Hijacker.Small.mb : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011412.dll -> Hijacker.Small.mb : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP78\A0009173.DLL -> Hijacker.Small.mb : Cleaned with backup (quarantined).
      C:\Documents and Settings\Raphaël\Local Settings\Temporary Internet Files\Content.IE5\2ZGZI9AT\SystemDoctor2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
      C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IIGH82EH\installdrivecleanerstart_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Ignored.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@com[1].txt -> TrackingCookie.Com : Cleaned.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
      C:\WINDOWS\Temp\Cookies\raphaël@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
      C:\WINDOWS\Temp\Cookies\raphaël@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
      C:\Documents and Settings\Raphaël\Cookies\raphaël@estat[1].txt -> TrackingCookie.Estat : Cleaned.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@estat[1].txt -> TrackingCookie.Estat : Cleaned.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
      C:\WINDOWS\Temp\Cookies\raphaël@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
      C:\WINDOWS\Temp\Cookies\raphaël@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
      C:\Documents and Settings\Raphaël\Cookies\raphaël@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
      C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
      C:\WINDOWS\Temp\Cookies\raphaël@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


      ::Report end


      2) Bitdefender

      BitDefender Online Scanner



      Scan report generated at: Sun, Oct 29, 2006 - 19:48:14





      Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







      Statistics

      Time
      00:46:31

      Files
      237893

      Folders
      3615

      Boot Sectors
      3

      Archives
      7418

      Packed Files
      17399




      Results

      Identified Viruses
      5

      Infected Files
      8

      Suspect Files
      7

      Warnings
      0

      Disinfected
      0

      Deleted Files
      22




      Engines Info

      Virus Definitions
      479358

      Engine build
      AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

      Scan plugins
      13

      Archive plugins
      38

      Unpack plugins
      6

      E-mail plugins
      6

      System plugins
      1




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes




      Scanned File
      Status

      C:\WINDOWS\system32\wu.exe
      Suspected of: BehavesLike:Trojan.Downloader

      C:\WINDOWS\system32\wu.exe
      Disinfection failed

      C:\WINDOWS\system32\wu.exe
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000203.exe
      Suspected of: BehavesLike:Trojan.Downloader

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000203.exe
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000203.exe
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000343.exe
      Suspected of: BehavesLike:Trojan.Downloader

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000343.exe
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000343.exe
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000692.exe
      Suspected of: BehavesLike:Trojan.Downloader

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000692.exe
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000692.exe
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000835.exe
      Suspected of: BehavesLike:Trojan.Downloader

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000835.exe
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000835.exe
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000865.exe
      Suspected of: BehavesLike:Trojan.Downloader

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000865.exe
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000865.exe
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012147.exe=>(Quarantine-2)
      Infected with: DeepScan:Generic.Malware.dld!!.F67304D8

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012147.exe=>(Quarantine-2)
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012147.exe=>(Quarantine-2)
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012148.DLL=>(Quarantine-2)
      Infected with: MemScan:Trojan.Virtumod.BL

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012148.DLL=>(Quarantine-2)
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012148.DLL=>(Quarantine-2)
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012149.dll=>(Quarantine-2)
      Infected with: MemScan:Trojan.Virtumod.BL

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012149.dll=>(Quarantine-2)
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012149.dll=>(Quarantine-2)
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012150.exe=>(Quarantine-2)
      Infected with: Generic.Sdbot.F001AFB6

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012150.exe=>(Quarantine-2)
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012151.exe=>(Quarantine-2)
      Infected with: DeepScan:Generic.Mitglied.687CAF98

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012151.exe=>(Quarantine-2)
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012151.exe=>(Quarantine-2)
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012152.dll=>(Quarantine-2)
      Infected with: MemScan:Trojan.Virtumod.BL

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012152.dll=>(Quarantine-2)
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012152.dll=>(Quarantine-2)
      Deleted

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012153.dll=>(Quarantine-2)
      Infected with: MemScan:Trojan.Virtumod.BL

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012153.dll=>(Quarantine-2)
      Disinfection failed

      C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012153.dll=>(Quarantine-2)
      Deleted

      C:\RECYCLED\NPROTECT\00000640.exe
      Infected with: Trojan.Downloader.Adload.FG

      C:\RECYCLED\NPROTECT\00000640.exe
      Disinfection failed

      C:\RECYCLED\NPROTECT\00000640.exe
      Deleted

      C:\RECYCLED\NPROTECT\00000981.exe
      Suspected of: BehavesLike:Trojan.Downloader

      C:\RECYCLED\NPROTECT\00000981.exe
      Disinfection failed

      C:\RECYCLED\NPROTECT\00000981.exe
      Deleted


      + BitDefender Online Scanner - Real Time Virus Report



      Generated at: Sun, Oct 29, 2006 - 19:51:04


      --------------------------------------------------------------------------------





      Scan Info



      Scanned Files
      240518

      Infected Files
      15








      Virus Detected



      MemScan:Trojan.Virtumod.BL
      4

      Trojan.Downloader.Adload.FG
      1

      DeepScan:Generic.Mitglied.687CAF98
      1

      DeepScan:Generic.Malware.dld!!.F67304D8
      1

      BehavesLike:Trojan.Downloader
      7

      Generic.Sdbot.F001AFB6
      1

      3) Hijackthis

      Logfile of HijackThis v1.99.1
      Scan saved at 20:00:47, on 29/10/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
      C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
      C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
      C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
      C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\WINDOWS\vsnpstd.exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Symantec\Web Tools\CKA.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\DOCUME~1\RAPHAËL\LOCALS~1\Temp\Rar$EX03.000\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
      O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
      O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
      O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - Startup: Norton Disk Doctor.LNK = I:\NSW2004\NU\NDD32.EXE
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n44sleh71h4.dll (file missing)
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    très bien !

    petite verification :

    Télécharge Blacklight (de F-Secure) :

    https://www.f-secure.com/en

    et sauvegarde le sur ton Bureau.

    Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse

    @+

    **En vérité, le chemin importe peu, la volonté d'arriver suffit à tout ( A.Camus ) **
    0
    1. RAY CHARLES Messages postés 16 Statut Membre
       
      re,
      N'obtenant pas la page demandée, j'ai réussi à faire un scan on line sur f-sécure. En voici le rapport en attendant de tes nouvelles:

      Scanning Report
      Sunday, October 29, 2006 23:26:31 - 00:59:59
      Computer name: ZEBRA3
      Scanning type: Scan system for viruses, rootkits, spyware
      Target: C:\ D:\


      --------------------------------------------------------------------------------

      Result: 21 malware found
      Tracking Cookie (spyware)
      System (Disinfected)
      System (Disinfected)
      System
      System
      System
      System
      System
      System
      System
      Trojan-Downloader.Win32.Adload.fu (virus)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014557.EXE (Renamed & Submitted)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014558.EXE (Renamed & Submitted)
      W32/NetworkWorm (virus)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001054.EXE (Submitted)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001098.EXE (Submitted)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP9\A0000882.EXE (Submitted)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000690.EXE (Submitted)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000832.EXE (Submitted)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000862.EXE (Submitted)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000201.EXE (Submitted)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000342.EXE (Submitted)
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000485.EXE (Submitted)
      C:\WINDOWS\YAZZLEBUNDLE-1125.EXE (Submitted)

      --------------------------------------------------------------------------------

      Statistics
      Scanned:
      Files: 44251
      System: 5012
      Not scanned: 2
      Actions:
      Disinfected: 2
      Renamed: 2
      Deleted: 0
      None: 17
      Submitted: 12
      Files not scanned:
      C:\PAGEFILE.SYS
      C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

      --------------------------------------------------------------------------------

      Options
      Scanning engines:
      F-Secure AVP: 6.0.171, 2006-10-27
      F-Secure Libra: 2.4.1, 2006-10-26
      F-Secure Orion: 1.2.37, 2006-10-27
      F-Secure Blacklight: 1.0.31, 0000-00-00
      F-Secure Draco: 1.0.35, 0259-24-212
      F-Secure Pegasus: 1.19.0, 2006-08-29
      Scanning options:
      Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
      Use Advanced heuristics

      Merci!
      0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut
    ok, désolée si c'était pas claire !

    voici la page :

    https://europe.f-secure.com/exclude/blacklight/index.shtml

    @+
    0
    1. RAY CHARLES Messages postés 16 Statut Membre
       
      Salut Green Day

      J'ai fait ce que tu m'as indiquée et voici le rapport :

      10/30/06 22:00:12 [Info]: BlackLight Engine 1.0.47 initialized
      10/30/06 22:00:12 [Info]: OS: 5.1 build 2600 (Service Pack 2)
      10/30/06 22:00:13 [Note]: 7019 4
      10/30/06 22:00:13 [Note]: 7005 0
      10/30/06 22:00:19 [Note]: 7006 0
      10/30/06 22:00:19 [Note]: 7011 2588
      10/30/06 22:00:19 [Note]: 7026 0
      10/30/06 22:00:19 [Note]: 7026 0
      10/30/06 22:00:27 [Note]: FSRAW library version 1.7.1020
      10/30/06 22:00:47 [Note]: 2000 1012
      10/30/06 22:02:27 [Note]: 7007 0

      ça veut dire quoi tout ça????

      Et maintenant, que faire???

      Merci


      PS : Au fait Green day, t'es un homme ou une femme ?
      Et pourquoi Green Day?

      Réponds si pas c'est indiscret, sinon laisse tomber!!

      @+
      0
  9. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re !

    ok, poste un nouveau hijackthis stp

    pour les questions indiscretes :

    profil green%20day

    :)))

    @+
    0
  10. RAY CHARLES Messages postés 16 Statut Membre
     
    RE,

    Voici le raport

    Logfile of HijackThis v1.99.1
    Scan saved at 01:41:20, on 01/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Symantec\Web Tools\CKA.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\RAPHAËL\LOCALS~1\Temp\Rar$EX01.281\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Norton Disk Doctor.LNK = I:\NSW2004\NU\NDD32.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n44sleh71h4.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    Attends de tes nouvelles!!
    0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    # Désactiver la Restauration du système

    * Cliquez sur le bouton Démarrer.
    * Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
    * Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

    # Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support

    O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n44sleh71h4.dll (file missing)

    # ensuite, télécharge et execute ceci :

    * CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
    http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

    tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm

    * Ccleaner : Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

    *Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
    est cochée) puis clique sur "lancer le nettoyage"

    ccleaner

    tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    ==> cliques sur demarrer < executer et tapes : Prefetch
    et supprime tout le contenu de ce dossier !

    precise tes soucis s'il en reste

    ++
    **En vérité, le chemin importe peu, la volonté d'arriver suffit à tout ( A.Camus ) **
    0
    1. RAY CHARLES Messages postés 16 Statut Membre
       
      Salut Green Day

      Merci beaucoup pour ton aide. Pour le moment plus de probleme.
      J'espère que la prochaine fois que j'ai un probleme, je pourrais compter sur toi car tu es éfficace!

      Bise, bye bye

      ** S'il n'y pas de solutions, c'est qu'il n'y a pas de problème.**
      Device SHADOK
      0
    2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
       
      Salut :-)

      ravie d'avoir pu t'aider !

      le forum virus/sécurité est très dynamique : il y aura toujours une personne pour depanner ;-)

      un peu de lecture au passage :

      https://sebsauvage.net/safehex.html

      securite proteger un ordinateur contre les malwares d internet

      bon surf !

      @+

      PS : sympa la devise lol

      **En vérité, le chemin importe peu, la volonté d'arriver suffit à tout ( A.Camus ) **
      0