Infecté par log de pub : adware.look2me

Résolu/Fermé
RAY CHARLES Messages postés 16 Date d'inscription dimanche 18 décembre 2005 Statut Membre Dernière intervention 5 novembre 2006 - 28 oct. 2006 à 22:28
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 5 nov. 2006 à 17:13
Bonjour à tous les membres de ccm,

Je sollicite votre aide pour un problème qui a envahie ma vie depuis quelques jour. En effet, lorsque je vais sur IE, ma page de démarrage s'affiche correctement (pb que j'ai réussi à résoudre malgrè mes faibles connaissances informatiques), puis au bout de quelques intants, des fenêtre windows apparaissent avec des pub du style : meetic, analyser son ordi contre les virus, achats de maisons, et etc...

Après analyse, je me suis aperçu que j'étais infecté par adware.look2me; et malgré l'aide de de Symantec sécurity réponse, je n'arrive pas a m'en débarrasser.

J'utilise : window XP familiale version 2002 SP2 ET Internet Explorer.


Attend rapidement votre aide et vos conseils avisés en langage informatique simple svp

Merc bcp

10 réponses

green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 163
28 oct. 2006 à 22:31
Salut !

Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe


- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.


++
0
RAY CHARLES Messages postés 16 Date d'inscription dimanche 18 décembre 2005 Statut Membre Dernière intervention 5 novembre 2006
28 oct. 2006 à 23:17
je n'ai pas trouvé le fichier .bat mais en faisant recherche je suis tomber sur le fichier : c\windows\system32\cmd.exe
j'ai clické, puis et apparu un tableau :

L2Mfix tool by shadowwar 051206

1. run find log
2. run fix
3. view read me
4. remove L2Mfix account
5. fix autoexec.nt/cmd.exe error
E. exit

J'ai clické sur le 1 et j'ai eu ceci :

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n44sleh71h4.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6F754E9A-B479-B8FA-69D1-EC1EBCD1FE89}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BB0DF478-43D0-4148-A02C-4D58866F5628}"=""
"{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}"=""
"{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\InprocServer32]
@="C:\\WINDOWS\\system32\\PGDLIB32.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
pgdlib32.dll Sat 28 Oct 2006 22:58:34 ..S.R 235 437 229,92 K
comctl32.dll Fri 25 Aug 2006 17:51:14 A.... 617 472 603,00 K
fltlib.dll Mon 21 Aug 2006 14:26:16 A.... 16 896 16,50 K
xpsp3res.dll Mon 9 Oct 2006 23:12:26 A.... 230 400 225,00 K
pmkjj.dll Thu 26 Oct 2006 11:22:40 ..SH. 688 180 672,05 K
6to4svc.dll Wed 16 Aug 2006 13:59:28 A.... 100 352 98,00 K
shdocvw.dll Mon 4 Sep 2006 8:12:54 A.... 1 494 528 1,42 M
dn4u01~1.dll Sat 28 Oct 2006 21:46:32 ..S.R 235 703 230,18 K
dnr601~1.dll Sat 28 Oct 2006 22:38:26 ..S.R 236 128 230,59 K
ktlsl7~1.dll Sat 28 Oct 2006 22:58:34 ..S.R 237 174 231,61 K
legitc~1.dll Mon 7 Aug 2006 9:50:22 A.... 1 484 592 1,41 M
n44sle~1.dll Sat 28 Oct 2006 21:09:50 ..S.R 235 437 229,92 K
msxml3.dll Wed 13 Sep 2006 7:03:06 A.... 1 084 416 1,03 M
nticdm~1.dll Thu 26 Oct 2006 1:58:18 ...HR 1 024 1,00 K
w95inf16.dll Thu 26 Oct 2006 2:49:54 A.... 2 272 2,22 K
w95inf32.dll Thu 26 Oct 2006 2:49:54 A.... 4 608 4,50 K
s32evnt1.dll Fri 15 Sep 2006 22:52:12 A.... 91 904 89,75 K

17 items found: 17 files (7 H/S), 0 directories.
Total of file sizes: 6 996 523 bytes 6,67 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
setc0.tmp Thu 31 Aug 2006 7:56:36 A.... 463 872 453,00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 463 872 bytes 453,00 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2B1B-1302

R‚pertoire de C:\WINDOWS\System32

28/10/2006 22:58 235ÿ437 PGDLIB32.DLL
28/10/2006 22:58 237ÿ174 ktlsl7371.dll
28/10/2006 22:38 236ÿ128 dnr6019se.dll
28/10/2006 21:46 235ÿ703 dn4u01h9e.dll
28/10/2006 21:09 235ÿ437 n44sleh71h4.dll
26/10/2006 11:22 378 jjkmp.ini
26/10/2006 11:22 688ÿ180 pmkjj.dll
26/10/2006 03:43 16ÿ384 wu.exe
26/10/2006 01:39 <REP> Microsoft
26/10/2006 01:25 <REP> dllcache
26/10/2006 01:25 6ÿ144 access.ctl
30/09/1999 19:21 166ÿ672 mstext35.dll
28/09/1999 21:42 1ÿ050ÿ896 msjet35.dll
09/09/1999 22:06 252ÿ688 msexcl35.dll
09/09/1999 22:06 168ÿ720 msltus35.dll
25/08/1999 14:57 415ÿ504 msrepl35.dll
10/06/1999 09:34 123ÿ664 msjint35.dll
10/06/1999 09:34 24ÿ848 msjter35.dll
07/06/1999 18:59 250ÿ128 mspdox35.dll
25/04/1999 17:00 252ÿ176 Msrd2x35.dll
25/04/1999 17:00 368ÿ912 Vbar332.dll
25/04/1999 17:00 287ÿ504 Msxbse35.dll
20 fichier(s) 5ÿ252ÿ677 octets
2 R‚p(s) 92ÿ922ÿ707ÿ968 octets libres

Dois-je clické sur 2.Run fix


Merci de ton aide
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 163
28 oct. 2006 à 23:26
re

ok,

- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.


ensuite reposte un nouveau hijackthis stp

++
0
RAY CHARLES Messages postés 16 Date d'inscription dimanche 18 décembre 2005 Statut Membre Dernière intervention 5 novembre 2006
29 oct. 2006 à 00:09
Green day, j'ai réussi à faire ce que tu m'as demandé et le pc a redémarré. Puis j'ai eu un message d'erreur : il ne trouvé pas cleanup.bat.

J'ai donc ouvert L2Mfix et clické sur cleanup (ms-dos) et le bloc-notes s'est ouvert, il dit ceci :


Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (408)
Killing 'winlogon.exe'
winlogon.exe (496)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1804)
Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\WADFCoinstaller.dll",DllGetVersion (1608)
"C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (236)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\dn4u01h9e.dll
Successfully Deleted: C:\WINDOWS\system32\dn4u01h9e.dll
Deleting: C:\WINDOWS\system32\dnr6019se.dll
Successfully Deleted: C:\WINDOWS\system32\dnr6019se.dll
Deleting: C:\WINDOWS\system32\g222lcfo1f2c.dll
Successfully Deleted: C:\WINDOWS\system32\g222lcfo1f2c.dll
Deleting: C:\WINDOWS\system32\ktlsl7371.dll
Successfully Deleted: C:\WINDOWS\system32\ktlsl7371.dll
Deleting: C:\WINDOWS\system32\n44sleh71h4.dll
Successfully Deleted: C:\WINDOWS\system32\n44sleh71h4.dll
Deleting: C:\WINDOWS\system32\WADFCoinstaller.dll
Successfully Deleted: C:\WINDOWS\system32\WADFCoinstaller.dll

msg11?.dll
0 fichier(s) copi‚(s).
Desktop.ini sucessfully removed




Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n44sleh71h4.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\dn4u01h9e.dll
C:\WINDOWS\system32\dnr6019se.dll
C:\WINDOWS\system32\g222lcfo1f2c.dll
C:\WINDOWS\system32\ktlsl7371.dll
C:\WINDOWS\system32\n44sleh71h4.dll
C:\WINDOWS\system32\WADFCoinstaller.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\InprocServer32]
@="C:\\WINDOWS\\system32\\WADFCoinstaller.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BB0DF478-43D0-4148-A02C-4D58866F5628}"=-
"{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}"=-
[-HKEY_CLASSES_ROOT\CLSID\{BB0DF478-43D0-4148-A02C-4D58866F5628}]
[-HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/dn4u01h9e.dll (deflated 5%)
adding: dlls/dnr6019se.dll (deflated 5%)
adding: dlls/g222lcfo1f2c.dll (deflated 5%)
adding: dlls/ktlsl7371.dll (deflated 6%)
adding: dlls/n44sleh71h4.dll (deflated 5%)
adding: dlls/WADFCoinstaller.dll (deflated 5%)
adding: backregs/notibac.reg (deflated 87%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/92C8F96F-EE39-4A8F-9DB3-69701E5ECF33.reg (deflated 70%)



Ensuite, j'ai clické sur IE, le PC m'a demandé si c'était mon navigateur par défaut, j'ai répondu oui , et je t'écris actuellement sans avoir de fenetres IE qui s'ouvrent.
C'est génial, on dirait que çamarche !

C'est quoi hisjackthis déjà??

Merci bcp Green Day!!
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 163
29 oct. 2006 à 00:13
re

ok !

oups ! tout est indiqué ici : merci de coller les 3 rapports, cela dis, tu n'es pas obligé de tout faire pour ce soir !

virus methode preliminaire de desinfection version fr

++

0
RAY CHARLES Messages postés 16 Date d'inscription dimanche 18 décembre 2005 Statut Membre Dernière intervention 5 novembre 2006
29 oct. 2006 à 00:20
1er rapport:

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n44sleh71h4.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6F754E9A-B479-B8FA-69D1-EC1EBCD1FE89}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BB0DF478-43D0-4148-A02C-4D58866F5628}"=""
"{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}"=""
"{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\InprocServer32]
@="C:\\WINDOWS\\system32\\PGDLIB32.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
pgdlib32.dll Sat 28 Oct 2006 22:58:34 ..S.R 235 437 229,92 K
comctl32.dll Fri 25 Aug 2006 17:51:14 A.... 617 472 603,00 K
fltlib.dll Mon 21 Aug 2006 14:26:16 A.... 16 896 16,50 K
xpsp3res.dll Mon 9 Oct 2006 23:12:26 A.... 230 400 225,00 K
pmkjj.dll Thu 26 Oct 2006 11:22:40 ..SH. 688 180 672,05 K
6to4svc.dll Wed 16 Aug 2006 13:59:28 A.... 100 352 98,00 K
shdocvw.dll Mon 4 Sep 2006 8:12:54 A.... 1 494 528 1,42 M
dn4u01~1.dll Sat 28 Oct 2006 21:46:32 ..S.R 235 703 230,18 K
dnr601~1.dll Sat 28 Oct 2006 22:38:26 ..S.R 236 128 230,59 K
ktlsl7~1.dll Sat 28 Oct 2006 22:58:34 ..S.R 237 174 231,61 K
legitc~1.dll Mon 7 Aug 2006 9:50:22 A.... 1 484 592 1,41 M
n44sle~1.dll Sat 28 Oct 2006 21:09:50 ..S.R 235 437 229,92 K
msxml3.dll Wed 13 Sep 2006 7:03:06 A.... 1 084 416 1,03 M
nticdm~1.dll Thu 26 Oct 2006 1:58:18 ...HR 1 024 1,00 K
w95inf16.dll Thu 26 Oct 2006 2:49:54 A.... 2 272 2,22 K
w95inf32.dll Thu 26 Oct 2006 2:49:54 A.... 4 608 4,50 K
s32evnt1.dll Fri 15 Sep 2006 22:52:12 A.... 91 904 89,75 K

17 items found: 17 files (7 H/S), 0 directories.
Total of file sizes: 6 996 523 bytes 6,67 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
setc0.tmp Thu 31 Aug 2006 7:56:36 A.... 463 872 453,00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 463 872 bytes 453,00 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2B1B-1302

R‚pertoire de C:\WINDOWS\System32

28/10/2006 22:58 235ÿ437 PGDLIB32.DLL
28/10/2006 22:58 237ÿ174 ktlsl7371.dll
28/10/2006 22:38 236ÿ128 dnr6019se.dll
28/10/2006 21:46 235ÿ703 dn4u01h9e.dll
28/10/2006 21:09 235ÿ437 n44sleh71h4.dll
26/10/2006 11:22 378 jjkmp.ini
26/10/2006 11:22 688ÿ180 pmkjj.dll
26/10/2006 03:43 16ÿ384 wu.exe
26/10/2006 01:39 <REP> Microsoft
26/10/2006 01:25 <REP> dllcache
26/10/2006 01:25 6ÿ144 access.ctl
30/09/1999 19:21 166ÿ672 mstext35.dll
28/09/1999 21:42 1ÿ050ÿ896 msjet35.dll
09/09/1999 22:06 252ÿ688 msexcl35.dll
09/09/1999 22:06 168ÿ720 msltus35.dll
25/08/1999 14:57 415ÿ504 msrepl35.dll
10/06/1999 09:34 123ÿ664 msjint35.dll
10/06/1999 09:34 24ÿ848 msjter35.dll
07/06/1999 18:59 250ÿ128 mspdox35.dll
25/04/1999 17:00 252ÿ176 Msrd2x35.dll
25/04/1999 17:00 368ÿ912 Vbar332.dll
25/04/1999 17:00 287ÿ504 Msxbse35.dll
20 fichier(s) 5ÿ252ÿ677 octets
2 R‚p(s) 92ÿ922ÿ707ÿ968 octets libres






2ème rapport
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n44sleh71h4.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6F754E9A-B479-B8FA-69D1-EC1EBCD1FE89}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BB0DF478-43D0-4148-A02C-4D58866F5628}"=""
"{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}"=""
"{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{92C8F96F-EE39-4A8F-9DB3-69701E5ECF33}\InprocServer32]
@="C:\\WINDOWS\\system32\\PGDLIB32.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
pgdlib32.dll Sat 28 Oct 2006 22:58:34 ..S.R 235 437 229,92 K
comctl32.dll Fri 25 Aug 2006 17:51:14 A.... 617 472 603,00 K
fltlib.dll Mon 21 Aug 2006 14:26:16 A.... 16 896 16,50 K
xpsp3res.dll Mon 9 Oct 2006 23:12:26 A.... 230 400 225,00 K
pmkjj.dll Thu 26 Oct 2006 11:22:40 ..SH. 688 180 672,05 K
6to4svc.dll Wed 16 Aug 2006 13:59:28 A.... 100 352 98,00 K
shdocvw.dll Mon 4 Sep 2006 8:12:54 A.... 1 494 528 1,42 M
dn4u01~1.dll Sat 28 Oct 2006 21:46:32 ..S.R 235 703 230,18 K
dnr601~1.dll Sat 28 Oct 2006 22:38:26 ..S.R 236 128 230,59 K
ktlsl7~1.dll Sat 28 Oct 2006 22:58:34 ..S.R 237 174 231,61 K
legitc~1.dll Mon 7 Aug 2006 9:50:22 A.... 1 484 592 1,41 M
n44sle~1.dll Sat 28 Oct 2006 21:09:50 ..S.R 235 437 229,92 K
msxml3.dll Wed 13 Sep 2006 7:03:06 A.... 1 084 416 1,03 M
nticdm~1.dll Thu 26 Oct 2006 1:58:18 ...HR 1 024 1,00 K
w95inf16.dll Thu 26 Oct 2006 2:49:54 A.... 2 272 2,22 K
w95inf32.dll Thu 26 Oct 2006 2:49:54 A.... 4 608 4,50 K
s32evnt1.dll Fri 15 Sep 2006 22:52:12 A.... 91 904 89,75 K

17 items found: 17 files (7 H/S), 0 directories.
Total of file sizes: 6 996 523 bytes 6,67 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
setc0.tmp Thu 31 Aug 2006 7:56:36 A.... 463 872 453,00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 463 872 bytes 453,00 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2B1B-1302

R‚pertoire de C:\WINDOWS\System32

28/10/2006 22:58 235ÿ437 PGDLIB32.DLL
28/10/2006 22:58 237ÿ174 ktlsl7371.dll
28/10/2006 22:38 236ÿ128 dnr6019se.dll
28/10/2006 21:46 235ÿ703 dn4u01h9e.dll
28/10/2006 21:09 235ÿ437 n44sleh71h4.dll
26/10/2006 11:22 378 jjkmp.ini
26/10/2006 11:22 688ÿ180 pmkjj.dll
26/10/2006 03:43 16ÿ384 wu.exe
26/10/2006 01:39 <REP> Microsoft
26/10/2006 01:25 <REP> dllcache
26/10/2006 01:25 6ÿ144 access.ctl
30/09/1999 19:21 166ÿ672 mstext35.dll
28/09/1999 21:42 1ÿ050ÿ896 msjet35.dll
09/09/1999 22:06 252ÿ688 msexcl35.dll
09/09/1999 22:06 168ÿ720 msltus35.dll
25/08/1999 14:57 415ÿ504 msrepl35.dll
10/06/1999 09:34 123ÿ664 msjint35.dll
10/06/1999 09:34 24ÿ848 msjter35.dll
07/06/1999 18:59 250ÿ128 mspdox35.dll
25/04/1999 17:00 252ÿ176 Msrd2x35.dll
25/04/1999 17:00 368ÿ912 Vbar332.dll
25/04/1999 17:00 287ÿ504 Msxbse35.dll
20 fichier(s) 5ÿ252ÿ677 octets
2 R‚p(s) 92ÿ922ÿ707ÿ968 octets libres
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 163
29 oct. 2006 à 00:25
euh ! c'est pas les bons rapports :)

suis les indications du lien ;-)

++
0
RAY CHARLES Messages postés 16 Date d'inscription dimanche 18 décembre 2005 Statut Membre Dernière intervention 5 novembre 2006
29 oct. 2006 à 20:19
Salut Green day

Je te remercie encore pour ton aide.
J'ai effectué les opérations demandées et t'envoie les 3 rapports
Dois-je cocher des lignes sur hijackthis?
Attends tes conseils et recommandations

Merci
Raph




1) Ewido

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 01:00:40 29/10/2006

+ Scan result:



C:\Documents and Settings\Raphaël\Local Settings\Temporary Internet Files\Content.IE5\Y7O1WTG3\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP125\A0011225.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP78\A0008372.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\backup.zip/dlls/n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Bureau\l2mfix\dlls\n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000210.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000251.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000252.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000253.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000254.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000255.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000256.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000567.zip/dlls/n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/WADFCoinstaller.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/dnr6019se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/g222lcfo1f2c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/ktlsl7371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\RECYCLED\NPROTECT\00000568.zip/dlls/n44sleh71h4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001048.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001052.dLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001061.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001093.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP123\A0010448.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP124\A0011173.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP125\A0011227.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP126\A0011303.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011390.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011404.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011415.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011418.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011419.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011420.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011421.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011425.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011426.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011427.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011428.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011429.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011430.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011432.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011433.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011436.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011437.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011438.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011440.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011443.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011448.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011622.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011633.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011635.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011641.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP129\A0011647.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP12\A0001117.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP12\A0001121.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP134\A0011981.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012134.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012249.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012250.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012251.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012252.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012253.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012254.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012255.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012258.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP139\A0012259.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013328.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013329.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013343.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014275.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014324.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014334.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014338.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0014342.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014346.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014348.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014351.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014352.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014353.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014355.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014359.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014365.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014383.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001154.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001161.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001184.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0001188.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP16\A0002302.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP73\A0003105.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP73\A0003110.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP74\A0003306.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP74\A0003313.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0003410.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0003471.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0003472.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0004375.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP76\A0004378.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP9\A0000877.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP140\A0013337.exe -> Adware.Systemdoctor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP123\A0010488.exe -> Backdoor.IRCBot.xn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001060.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\mc44a37.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001062.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011431.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000205.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000693.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP12\A0001116.EXE -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000336.exe -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000476.exe -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000676.EXE -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011422.exe -> Downloader.PurityScan.db : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001055.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001097.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000202.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000341.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000484.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP74\A0003330.exe -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000691.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000831.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000863.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP9\A0000881.EXE -> Downloader.Small.duf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011410.dll -> Hijacker.Small.mb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011411.dll -> Hijacker.Small.mb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP127\A0011412.dll -> Hijacker.Small.mb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP78\A0009173.DLL -> Hijacker.Small.mb : Cleaned with backup (quarantined).
C:\Documents and Settings\Raphaël\Local Settings\Temporary Internet Files\Content.IE5\2ZGZI9AT\SystemDoctor2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IIGH82EH\installdrivecleanerstart_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Ignored.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\raphaël@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\Temp\Cookies\raphaël@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Raphaël\Cookies\raphaël@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\WINDOWS\Temp\Cookies\raphaël@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\WINDOWS\Temp\Cookies\raphaël@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Raphaël\Cookies\raphaël@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Raphaël\Local Settings\Temp\Cookies\raphaël@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\WINDOWS\Temp\Cookies\raphaël@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


2) Bitdefender

BitDefender Online Scanner



Scan report generated at: Sun, Oct 29, 2006 - 19:48:14





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
00:46:31

Files
237893

Folders
3615

Boot Sectors
3

Archives
7418

Packed Files
17399




Results

Identified Viruses
5

Infected Files
8

Suspect Files
7

Warnings
0

Disinfected
0

Deleted Files
22




Engines Info

Virus Definitions
479358

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\system32\wu.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\wu.exe
Disinfection failed

C:\WINDOWS\system32\wu.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000203.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000203.exe
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000203.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000343.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000343.exe
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000343.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000692.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000692.exe
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000692.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000835.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000835.exe
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000835.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000865.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000865.exe
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000865.exe
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012147.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.dld!!.F67304D8

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012147.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012147.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012148.DLL=>(Quarantine-2)
Infected with: MemScan:Trojan.Virtumod.BL

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012148.DLL=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012148.DLL=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012149.dll=>(Quarantine-2)
Infected with: MemScan:Trojan.Virtumod.BL

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012149.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012149.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012150.exe=>(Quarantine-2)
Infected with: Generic.Sdbot.F001AFB6

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012150.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012151.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012151.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012151.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012152.dll=>(Quarantine-2)
Infected with: MemScan:Trojan.Virtumod.BL

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012152.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012152.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012153.dll=>(Quarantine-2)
Infected with: MemScan:Trojan.Virtumod.BL

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012153.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP137\A0012153.dll=>(Quarantine-2)
Deleted

C:\RECYCLED\NPROTECT\00000640.exe
Infected with: Trojan.Downloader.Adload.FG

C:\RECYCLED\NPROTECT\00000640.exe
Disinfection failed

C:\RECYCLED\NPROTECT\00000640.exe
Deleted

C:\RECYCLED\NPROTECT\00000981.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\RECYCLED\NPROTECT\00000981.exe
Disinfection failed

C:\RECYCLED\NPROTECT\00000981.exe
Deleted


+ BitDefender Online Scanner - Real Time Virus Report



Generated at: Sun, Oct 29, 2006 - 19:51:04


--------------------------------------------------------------------------------





Scan Info



Scanned Files
240518

Infected Files
15








Virus Detected



MemScan:Trojan.Virtumod.BL
4

Trojan.Downloader.Adload.FG
1

DeepScan:Generic.Mitglied.687CAF98
1

DeepScan:Generic.Malware.dld!!.F67304D8
1

BehavesLike:Trojan.Downloader
7

Generic.Sdbot.F001AFB6
1

3) Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 20:00:47, on 29/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec\Web Tools\CKA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\RAPHAËL\LOCALS~1\Temp\Rar$EX03.000\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Norton Disk Doctor.LNK = I:\NSW2004\NU\NDD32.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n44sleh71h4.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 163
29 oct. 2006 à 21:07
re

très bien !

petite verification :

Télécharge Blacklight (de F-Secure) :

https://www.f-secure.com/en

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse

@+


**En vérité, le chemin importe peu, la volonté d'arriver suffit à tout ( A.Camus ) **
0
RAY CHARLES Messages postés 16 Date d'inscription dimanche 18 décembre 2005 Statut Membre Dernière intervention 5 novembre 2006
30 oct. 2006 à 01:07
re,
N'obtenant pas la page demandée, j'ai réussi à faire un scan on line sur f-sécure. En voici le rapport en attendant de tes nouvelles:

Scanning Report
Sunday, October 29, 2006 23:26:31 - 00:59:59
Computer name: ZEBRA3
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 21 malware found
Tracking Cookie (spyware)
System (Disinfected)
System (Disinfected)
System
System
System
System
System
System
System
Trojan-Downloader.Win32.Adload.fu (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014557.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP141\A0014558.EXE (Renamed & Submitted)
W32/NetworkWorm (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001054.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP11\A0001098.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP9\A0000882.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000690.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000832.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP8\A0000862.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000201.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000342.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B889DD-A205-4993-951E-3B9DC17752E2}\RP1\A0000485.EXE (Submitted)
C:\WINDOWS\YAZZLEBUNDLE-1125.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 44251
System: 5012
Not scanned: 2
Actions:
Disinfected: 2
Renamed: 2
Deleted: 0
None: 17
Submitted: 12
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-27
F-Secure Libra: 2.4.1, 2006-10-26
F-Secure Orion: 1.2.37, 2006-10-27
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 0259-24-212
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

Merci!
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 163
30 oct. 2006 à 19:16
Salut
ok, désolée si c'était pas claire !

voici la page :

https://europe.f-secure.com/exclude/blacklight/index.shtml

@+
0
RAY CHARLES Messages postés 16 Date d'inscription dimanche 18 décembre 2005 Statut Membre Dernière intervention 5 novembre 2006
30 oct. 2006 à 22:09
Salut Green Day

J'ai fait ce que tu m'as indiquée et voici le rapport :

10/30/06 22:00:12 [Info]: BlackLight Engine 1.0.47 initialized
10/30/06 22:00:12 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/30/06 22:00:13 [Note]: 7019 4
10/30/06 22:00:13 [Note]: 7005 0
10/30/06 22:00:19 [Note]: 7006 0
10/30/06 22:00:19 [Note]: 7011 2588
10/30/06 22:00:19 [Note]: 7026 0
10/30/06 22:00:19 [Note]: 7026 0
10/30/06 22:00:27 [Note]: FSRAW library version 1.7.1020
10/30/06 22:00:47 [Note]: 2000 1012
10/30/06 22:02:27 [Note]: 7007 0

ça veut dire quoi tout ça????

Et maintenant, que faire???

Merci


PS : Au fait Green day, t'es un homme ou une femme ?
Et pourquoi Green Day?

Réponds si pas c'est indiscret, sinon laisse tomber!!

@+
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 163
30 oct. 2006 à 22:29
re !

ok, poste un nouveau hijackthis stp

pour les questions indiscretes :

profil green%20day

:)))

@+
0
RAY CHARLES Messages postés 16 Date d'inscription dimanche 18 décembre 2005 Statut Membre Dernière intervention 5 novembre 2006
1 nov. 2006 à 01:43
RE,

Voici le raport

Logfile of HijackThis v1.99.1
Scan saved at 01:41:20, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Symantec\Web Tools\CKA.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\RAPHAËL\LOCALS~1\Temp\Rar$EX01.281\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Norton Disk Doctor.LNK = I:\NSW2004\NU\NDD32.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n44sleh71h4.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe



Attends de tes nouvelles!!
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 163
1 nov. 2006 à 16:06
Salut

# Désactiver la Restauration du système

* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

# Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support


O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n44sleh71h4.dll (file missing)

# ensuite, télécharge et execute ceci :

* CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm


* Ccleaner : Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"

ccleaner

tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

==> cliques sur demarrer < executer et tapes : Prefetch
et supprime tout le contenu de ce dossier !

precise tes soucis s'il en reste

++
**En vérité, le chemin importe peu, la volonté d'arriver suffit à tout ( A.Camus ) **
0
RAY CHARLES Messages postés 16 Date d'inscription dimanche 18 décembre 2005 Statut Membre Dernière intervention 5 novembre 2006
5 nov. 2006 à 17:06
Salut Green Day

Merci beaucoup pour ton aide. Pour le moment plus de probleme.
J'espère que la prochaine fois que j'ai un probleme, je pourrais compter sur toi car tu es éfficace!

Bise, bye bye

** S'il n'y pas de solutions, c'est qu'il n'y a pas de problème.**
Device SHADOK
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 163
5 nov. 2006 à 17:13
Salut :-)

ravie d'avoir pu t'aider !

le forum virus/sécurité est très dynamique : il y aura toujours une personne pour depanner ;-)

un peu de lecture au passage :

https://sebsauvage.net/safehex.html

securite proteger un ordinateur contre les malwares d internet

bon surf !

@+

PS : sympa la devise lol

**En vérité, le chemin importe peu, la volonté d'arriver suffit à tout ( A.Camus ) **
0