pop ups et pubs Fermé

Question

Bonjour
J'ai attrapé un virus / spyware et depuis mon ordi est très lent et ouvre souventdes fenêtres de pub.
Pouvez-vos me dire comment m'en débarraser ?
Merci beaucoup!!! voici un hijack.

Coralie

Logfile of HijackThis v1.99.1
Scan saved at 08:02:30, on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Nero\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus
avapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programmes - Install\Sécurité\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1	ools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Play 01 Mfcd Burn] C:\Documents and Settings\All Users\Application Data\shim setup play 01\HtmLogo.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [scr regs] C:\DOCUME~1\Coralie\APPLIC~1\AMENTH~1\Comp Draw.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://coralieneves.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader35.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC10F2D-8D90-4E10-86E1-02AF22743809}: NameServer = 212.216.212.212,212.216.172.62
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Utilisateur anonyme · Answer

Salut

¤ Télécharge lopxp:
http://pageperso.aol.fr/balltrap34/lopxp.zip

dézippe-le sur ton bureau puis double-clic sur le fichier "lopxp.bat"
quand il à terminé, un rapport s'ouvre : fais un copier-coller puis mets le ici

coralien · Answer

Merci pour le conseil. Voici le rapport Rapport fait à 19:11:35,68 le 14/12/2006 Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\All Users\Application Data 14/12/2006 18:43 shim setup play 01 11/12/2006 00:11 DVD Shrink 11/11/2006 17:57 Ahead 10/11/2006 18:18 Google 01/11/2006 09:08 ArcSoft 24/04/2006 21:24 Skype 20/02/2006 00:40 QuickTime 02/01/2006 20:35 Yahoo! Companion 31/12/2005 16:30 DataViz 31/12/2005 16:29 HotSync 30/12/2005 23:11 Kazaa 30/12/2005 16:12 Adobe 30/12/2005 16:08 Macrovision 30/12/2005 13:19 Windows Genuine Advantage 30/12/2005 11:58 Symantec 30/12/2005 11:18 62 desktop.ini 30/12/2005 11:18 Microsoft 30/12/2005 11:18 . 30/12/2005 11:18 .. 1 fichier(s) 62 octets 18 R‚p(s) 1166188544 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Coralie\Application Data 14/12/2006 18:43 NetPumper 14/12/2006 18:43 amenthunkbat 14/12/2006 18:02 uTorrent 11/11/2006 18:30 Ahead 11/11/2006 09:37 DivX 01/11/2006 09:08 Help 09/05/2006 20:28 Lavasoft 07/05/2006 23:34 EndNote 24/04/2006 21:24 Skype 26/03/2006 13:09 Sun 26/03/2006 13:08 Google 16/03/2006 21:41 Real 05/01/2006 15:56 AdobeUM 01/01/2006 22:39 Arcsoft 31/12/2005 16:36 Leadertech 31/12/2005 16:27 HotSync 30/12/2005 22:58 Kazaa Lite 30/12/2005 16:11 Adobe 30/12/2005 15:07 Talkback 30/12/2005 15:07 Mozilla 30/12/2005 12:43 Macromedia 30/12/2005 11:59 Symantec 30/12/2005 11:31 Identities 30/12/2005 11:31 62 desktop.ini 30/12/2005 11:31 .. 30/12/2005 11:31 . 30/12/2005 11:31 Microsoft 1 fichier(s) 62 octets 26 R‚p(s) 1166188544 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Default User\Application Data 30/12/2005 11:18 62 desktop.ini 30/12/2005 11:18 .. 30/12/2005 11:18 Microsoft 30/12/2005 11:18 . 1 fichier(s) 62 octets 3 R‚p(s) 1166188544 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Invit‚\Application Data 12/10/2006 07:23 Macromedia 12/10/2006 07:23 HotSync 12/10/2006 07:22 Real 12/10/2006 07:22 Identities 12/10/2006 07:22 62 desktop.ini 12/10/2006 07:22 Microsoft 12/10/2006 07:22 .. 12/10/2006 07:22 . 1 fichier(s) 62 octets 7 R‚p(s) 1166188544 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS asks Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\WINDOWS\Tasks 14/12/2006 18:44 268 A38F906090900D44.job 31/12/2005 13:20 534 Norton AntiVirus - Scan my computer - Coralie.job 30/12/2005 11:27 6 SA.DAT 30/12/2005 11:25 65 desktop.ini 30/12/2005 11:25 .. 30/12/2005 11:25 . 4 fichier(s) 873 octets 2 R‚p(s) 1ÿ166ÿ184ÿ448 octets libres ****************************************** Recherche dans Program files Le dossier C:\Program Files\C2Media n'existe pas *************** Fin du rapport **************** Rapport fait à 19:56:36,89 le 15/12/2006 Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\All Users\Application Data 14/12/2006 18:43 shim setup play 01 11/12/2006 00:11 DVD Shrink 11/11/2006 17:57 Ahead 10/11/2006 18:18 Google 01/11/2006 09:08 ArcSoft 24/04/2006 21:24 Skype 20/02/2006 00:40 QuickTime 02/01/2006 20:35 Yahoo! Companion 31/12/2005 16:30 DataViz 31/12/2005 16:29 HotSync 30/12/2005 23:11 Kazaa 30/12/2005 16:12 Adobe 30/12/2005 16:08 Macrovision 30/12/2005 13:19 Windows Genuine Advantage 30/12/2005 11:58 Symantec 30/12/2005 11:18 62 desktop.ini 30/12/2005 11:18 Microsoft 30/12/2005 11:18 . 30/12/2005 11:18 .. 1 fichier(s) 62 octets 18 R‚p(s) 2141085696 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Coralie\Application Data 14/12/2006 18:43 NetPumper 14/12/2006 18:43 amenthunkbat 14/12/2006 18:02 uTorrent 11/11/2006 18:30 Ahead 11/11/2006 09:37 DivX 01/11/2006 09:08 Help 09/05/2006 20:28 Lavasoft 07/05/2006 23:34 EndNote 24/04/2006 21:24 Skype 26/03/2006 13:09 Sun 26/03/2006 13:08 Google 16/03/2006 21:41 Real 05/01/2006 15:56 AdobeUM 01/01/2006 22:39 Arcsoft 31/12/2005 16:36 Leadertech 31/12/2005 16:27 HotSync 30/12/2005 22:58 Kazaa Lite 30/12/2005 16:11 Adobe 30/12/2005 15:07 Talkback 30/12/2005 15:07 Mozilla 30/12/2005 12:43 Macromedia 30/12/2005 11:59 Symantec 30/12/2005 11:31 Identities 30/12/2005 11:31 62 desktop.ini 30/12/2005 11:31 .. 30/12/2005 11:31 . 30/12/2005 11:31 Microsoft 1 fichier(s) 62 octets 26 R‚p(s) 2141085696 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Default User\Application Data 30/12/2005 11:18 62 desktop.ini 30/12/2005 11:18 .. 30/12/2005 11:18 Microsoft 30/12/2005 11:18 . 1 fichier(s) 62 octets 3 R‚p(s) 2141085696 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Invit‚\Application Data 12/10/2006 07:23 Macromedia 12/10/2006 07:23 HotSync 12/10/2006 07:22 Real 12/10/2006 07:22 Identities 12/10/2006 07:22 62 desktop.ini 12/10/2006 07:22 Microsoft 12/10/2006 07:22 .. 12/10/2006 07:22 . 1 fichier(s) 62 octets 7 R‚p(s) 2141081600 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS asks Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\WINDOWS\Tasks 14/12/2006 18:44 268 A38F906090900D44.job 31/12/2005 13:20 534 Norton AntiVirus - Scan my computer - Coralie.job 30/12/2005 11:27 6 SA.DAT 30/12/2005 11:25 65 desktop.ini 30/12/2005 11:25 .. 30/12/2005 11:25 . 4 fichier(s) 873 octets 2 R‚p(s) 2ÿ141ÿ081ÿ600 octets libres ****************************************** Recherche dans Program files Le dossier C:\Program Files\C2Media n'existe pas *************** Fin du rapport **************** Rapport fait à 8:13:42,85 le 22/12/2006 Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\All Users\Application Data 17/12/2006 14:46 TEMP 14/12/2006 18:43 shim setup play 01 11/12/2006 00:11 DVD Shrink 11/11/2006 17:57 Ahead 10/11/2006 18:18 Google 01/11/2006 09:08 ArcSoft 24/04/2006 21:24 Skype 20/02/2006 00:40 QuickTime 02/01/2006 20:35 Yahoo! Companion 31/12/2005 16:30 DataViz 31/12/2005 16:29 HotSync 30/12/2005 23:11 Kazaa 30/12/2005 16:12 Adobe 30/12/2005 16:08 Macrovision 30/12/2005 13:19 Windows Genuine Advantage 30/12/2005 11:58 Symantec 30/12/2005 11:18 62 desktop.ini 30/12/2005 11:18 Microsoft 30/12/2005 11:18 . 30/12/2005 11:18 .. 1 fichier(s) 62 octets 19 R‚p(s) 1998516224 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Coralie\Application Data 17/12/2006 14:45 PC Tools 14/12/2006 18:43 amenthunkbat 14/12/2006 18:02 uTorrent 11/11/2006 18:30 Ahead 11/11/2006 09:37 DivX 01/11/2006 09:08 Help 09/05/2006 20:28 Lavasoft 07/05/2006 23:34 EndNote 24/04/2006 21:24 Skype 26/03/2006 13:09 Sun 26/03/2006 13:08 Google 16/03/2006 21:41 Real 05/01/2006 15:56 AdobeUM 01/01/2006 22:39 Arcsoft 31/12/2005 16:36 Leadertech 31/12/2005 16:27 HotSync 30/12/2005 22:58 Kazaa Lite 30/12/2005 16:11 Adobe 30/12/2005 15:07 Talkback 30/12/2005 15:07 Mozilla 30/12/2005 12:43 Macromedia 30/12/2005 11:59 Symantec 30/12/2005 11:31 Identities 30/12/2005 11:31 62 desktop.ini 30/12/2005 11:31 .. 30/12/2005 11:31 . 30/12/2005 11:31 Microsoft 1 fichier(s) 62 octets 26 R‚p(s) 1998516224 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Default User\Application Data 30/12/2005 11:18 62 desktop.ini 30/12/2005 11:18 .. 30/12/2005 11:18 Microsoft 30/12/2005 11:18 . 1 fichier(s) 62 octets 3 R‚p(s) 1998512128 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Invit‚\Application Data 12/10/2006 07:23 Macromedia 12/10/2006 07:23 HotSync 12/10/2006 07:22 Real 12/10/2006 07:22 Identities 12/10/2006 07:22 62 desktop.ini 12/10/2006 07:22 Microsoft 12/10/2006 07:22 .. 12/10/2006 07:22 . 1 fichier(s) 62 octets 7 R‚p(s) 1998512128 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS asks Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\WINDOWS\Tasks 31/12/2005 13:20 534 Norton AntiVirus - Scan my computer - Coralie.job 30/12/2005 11:27 6 SA.DAT 30/12/2005 11:25 65 desktop.ini 30/12/2005 11:25 .. 30/12/2005 11:25 . 3 fichier(s) 605 octets 2 R‚p(s) 1ÿ998ÿ512ÿ128 octets libres ****************************************** Recherche dans Program files Le dossier C:\Program Files\C2Media n'existe pas *************** Fin du rapport ****************

Utilisateur anonyme · Answer

Fait ceci :

Pour afficher tous les dossiers et fichiers cachés

Clique sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
"
Coche: 
¤ afficher les fichiers et dossiers cachés
- Clique sur "appliquer" puis "ok"
_____________________________
Clic sur démarrer, poste de travail, C:, documents and settings, All users et supprime ces dossiers :

- shim setup play 01 
- Kazaa < contient des spywares désinstalle le si tu l'as encore


Clic sur démarrer, poste de travail, C:, documents and settings, Coralie et supprime ces dossiers :

-amenthunkbat
- kazaa Lite

**Si un fichier persiste lors de la suppression fait ceci:
-Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisit "mode sans echec" attends un peu.. puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement


Dès que c'est fait dis le moi ;-)

___________________

coralien · Answer

Bonjour
(désolée pour le retard)
Merci beaucouppour ces conseils. J'ai tout fait mais malheureusement j'ai encore quelques pop-ups en particulier meetic ou d'autres sites de rencontre, des casinos et des téléchargements de sonnerie qui s'ouvrent...
Avez-vous une autre idée ? merci beaucoup !!!
Coralie

nouveau rapport hijack : 
Logfile of HijackThis v1.99.1
Scan saved at 17:00:52, on 28/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus
avapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Nero\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programmes - Install\Sécurité\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1	ools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Play 01 Mfcd Burn] C:\Documents and Settings\All Users\Application Data\shim setup play 01\HtmLogo.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [scr regs] C:\DOCUME~1\Coralie\APPLIC~1\AMENTH~1\Comp Draw.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://coralieneves.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader35.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC10F2D-8D90-4E10-86E1-02AF22743809}: NameServer = 212.216.212.212,212.216.172.62
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

^^Marie^^ · Answer

Salut

Pour avancer Boulepate, il doit être à la pêche

Télécharge Blacklight(de F-Secure) a l’une des 2 adresses : 
https://www.f-secure.com/en 
https://www.f-secure.com/en 

et sauvegarde le sur ton Bureau. 

Double-clique blbeta.exeet accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie/colle le rapport

coralien · Answer

bonjour 
merci pour ton aide.
malheureusement le programme ne marche pas. il me dit
"F-Secure Blacklight could not acquire necessary privileges (SeDebugPrivilege)
- Your computer setteings mau prevent acquiring these privileges
-A malicious program might have disabled these privileges"

dans les proprietes, le programme etait initialement bloque et je l'ai debloque mais il ne fonctionne pas non plus....

^^Marie^^ · Answer

Slt

Essaie celui-là

# Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe 

- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ; 
- Dézipper l2mfix.exe sur le bureau ; 
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ; 
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ; 
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum. 

ensuite : 

- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ; 
- Double-cliquer sur l2mfix.bat ; 
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ; 
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ; 
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.

A++

coralien · Answer

voici le 1er rapport L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] "Logon"="WLEventLogon" "Logoff"="WLEventLogoff" "Startup"="WLEventStartup" "Shutdown"="WLEventShutdown" "StartScreenSaver"="WLEventStartScreenSaver" "StopScreenSaver"="WLEventStopScreenSaver" "Lock"="WLEventLock" "Unlock"="WLEventUnlock" "StartShell"="WLEventStartShell" "PostShell"="WLEventPostShell" "Disconnect"="WLEventDisconnect" "Reconnect"="WLEventReconnect" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000000 "SafeMode"=dword:00000001 "MaxWait"=dword:ffffffff "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Event"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,89,81,37,e4,61,48,dd,43,b0,b1,99,fe,e9,ca,3a,8b,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,8a,b5,4c,c3,39,3b,c0,30,\ 26,f6,f0,94,aa,03,f6,c2,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,63,\ 10,66,5c,0f,74,ab,14,00,49,85,b6,bd,2b,67,dc,b0,01,00,00,e6,e0,23,fc,d9,39,\ 6a,8b,6f,73,8a,d5,fd,6b,1e,d7,17,a1,7e,b2,ea,04,bb,62,88,c2,23,0a,d4,c7,af,\ 5f,d7,b8,87,a0,07,9b,68,b8,95,f4,df,53,df,f7,18,24,94,3c,a9,b9,74,01,35,04,\ 2f,45,a3,e9,07,1b,d7,60,88,27,11,ad,8d,61,65,55,6a,d8,68,f9,f2,fe,d1,0e,0c,\ 1b,fc,fc,40,94,96,5a,e9,78,78,0a,28,7d,1f,a3,64,14,d5,7f,18,3d,a7,dc,65,32,\ 08,b7,1b,bc,f1,e2,83,9e,85,fc,f7,b4,0b,9d,66,d5,1c,59,6f,5d,b6,bb,a0,dd,38,\ a8,56,a3,c4,f0,93,9f,26,b6,f9,07,08,69,c0,6c,0a,cb,45,8f,22,58,ea,4a,87,5a,\ 62,48,5a,40,4d,90,5d,94,77,19,d1,9c,11,db,3c,a7,e8,6a,c0,7c,02,26,d7,a3,79,\ 6e,02,57,7b,5b,a1,9b,69,55,2c,65,f1,32,85,78,9f,af,fe,b9,4b,35,30,17,2b,68,\ 86,1b,0a,13,3d,60,22,48,14,16,e2,fa,d0,c2,b7,01,ba,3a,33,12,1c,3c,22,2a,72,\ ef,b8,8d,8d,5a,d2,02,6e,5a,e1,f6,76,eb,b1,5c,cc,c0,e0,e0,f7,34,8c,3d,5d,65,\ f2,ef,49,28,c6,47,39,44,3b,f3,0e,7d,3e,fc,e0,60,04,0b,39,b2,b5,21,13,f0,d4,\ 68,e6,c9,24,11,20,72,31,7b,e4,7e,b9,d1,e3,ac,3d,85,a6,56,ff,dc,cb,23,f9,cd,\ 23,14,94,06,e5,af,5e,3a,c4,33,33,98,8e,13,57,38,1a,4c,81,53,c4,15,92,a1,2b,\ 16,6e,5e,9b,08,46,1d,a8,76,5d,f7,63,87,9c,a1,e2,c5,c5,60,17,d7,ff,d9,47,c1,\ 51,ac,df,4f,bc,e8,e4,8b,af,f6,6e,50,af,64,16,fc,0a,07,ba,1b,6a,58,94,9e,fd,\ 54,ec,3c,e6,a4,70,4a,6d,f8,bc,82,d3,ba,ff,87,a8,08,34,34,5c,2d,e8,bd,33,ef,\ f2,be,27,f2,4b,f8,62,14,c3,dd,7b,ca,1e,9b,17,49,39,dc,f1,27,d6,7f,e0,d4,c4,\ e3,14,00,00,00,57,03,a4,56,07,e4,75,c5,b9,e7,30,f4,53,ea,a2,2a,1d,1c,f4,07 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{588D1036-544D-D37F-C20D-E51C9EC042B7}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels" "{200C0652-E7EE-4542-B841-F5FD375DEF14}"="" "{089AAAA2-AE10-4BA6-ACC9-7F54B72A7F5B}"="" "{1A0E0EF4-86C3-4414-8EF9-F6FF509821A1}"="" "{2C568809-466C-43F9-8AAC-472592490C11}"="" "{51550900-DCAC-11d4-AA0F-0080C87C465B}"="WayTech MultiMouse" "{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW" "{E4000AC4-5E5F-4956-807A-C5854405D64F}"="VirtualExpanderFile.1" "{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand" "{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task" "{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar" "{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete" "{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar" "{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site" "{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band" "{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List" "{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu" "{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand" "{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy" "{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List" "{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder" "{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List" "{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container" "{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture" "{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite" "{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu" "{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links" "{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility" "{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist" "{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ admparse.dll Fri 27 Oct 2006 2:44:26 A.... 71 680 70,00 K advpack.dll Fri 27 Oct 2006 2:44:06 A.... 123 904 121,00 K corpol.dll Tue 17 Oct 2006 13:03:56 A.... 17 408 17,00 K divx.dll Mon 2 Oct 2006 20:04:40 A.... 635 486 620,59 K divx_x~1.dll Mon 2 Oct 2006 20:04:42 A.... 806 912 788,00 K divx_x~2.dll Mon 2 Oct 2006 20:04:42 A.... 806 912 788,00 K divx_x~3.dll Mon 2 Oct 2006 20:04:42 A.... 790 528 772,00 K dxtmsft.dll Tue 17 Oct 2006 12:58:06 A.... 346 624 338,50 K dxtrans.dll Tue 17 Oct 2006 12:57:50 A.... 214 528 209,50 K extmgr.dll Fri 27 Oct 2006 15:09:58 A.... 131 584 128,50 K icardie.dll Tue 17 Oct 2006 12:58:20 ..... 61 952 60,50 K ieakeng.dll Fri 27 Oct 2006 2:44:36 A.... 152 064 148,50 K ieaksie.dll Fri 27 Oct 2006 2:44:42 A.... 229 376 224,00 K ieakui.dll Fri 27 Oct 2006 2:42:54 A.... 161 792 158,00 K ieapfltr.dll Tue 17 Oct 2006 12:27:56 ..... 380 928 372,00 K iedkcs32.dll Fri 27 Oct 2006 2:44:46 A.... 382 976 374,00 K ieencode.dll Tue 17 Oct 2006 13:06:00 A.... 78 336 76,50 K ieframe.dll Fri 27 Oct 2006 15:09:58 ..... 6 049 280 5,77 M iepeers.dll Fri 27 Oct 2006 15:09:58 A.... 191 488 187,00 K iernonce.dll Fri 27 Oct 2006 2:44:08 A.... 43 008 42,00 K iertutil.dll Tue 17 Oct 2006 12:57:20 ..... 266 752 260,50 K iesetup.dll Fri 27 Oct 2006 2:44:26 A.... 55 296 54,00 K ieui.dll Fri 27 Oct 2006 15:09:58 ..... 180 736 176,50 K imgutil.dll Tue 17 Oct 2006 12:57:58 A.... 36 352 35,50 K inetcomm.dll Wed 8 Nov 2006 6:07:30 A.... 679 424 663,50 K inseng.dll Fri 27 Oct 2006 2:44:08 A.... 92 672 90,50 K jscript.dll Tue 17 Oct 2006 13:00:00 A.... 491 520 480,00 K jsproxy.dll Fri 27 Oct 2006 15:09:58 A.... 27 136 26,50 K licmgr10.dll Tue 17 Oct 2006 13:05:10 A.... 40 960 40,00 K msfeeds.dll Fri 27 Oct 2006 15:09:58 ..... 458 752 448,00 K msfeed~1.dll Fri 27 Oct 2006 15:09:58 ..... 50 688 49,50 K mshtml.dll Fri 27 Oct 2006 15:09:58 A.... 3 577 856 3,41 M mshtmled.dll Fri 27 Oct 2006 15:09:58 A.... 475 648 464,50 K mshtmler.dll Tue 17 Oct 2006 12:28:56 A.... 48 128 47,00 K msls31.dll Fri 27 Oct 2006 15:09:58 A.... 156 160 152,50 K msrating.dll Tue 17 Oct 2006 13:05:10 A.... 192 000 187,50 K mstime.dll Fri 27 Oct 2006 15:09:58 A.... 670 720 655,00 K nwprovau.dll Fri 13 Oct 2006 13:36:56 A.... 145 920 142,50 K occache.dll Tue 17 Oct 2006 13:04:46 A.... 101 376 99,00 K pngfilt.dll Tue 17 Oct 2006 12:58:08 A.... 44 544 43,50 K sxs.dll Fri 20 Oct 2006 2:38:44 A.... 716 800 700,00 K url.dll Tue 17 Oct 2006 13:05:22 A.... 105 984 103,50 K urlmon.dll Fri 27 Oct 2006 15:09:58 A.... 1 162 240 1,11 M vbscript.dll Fri 27 Oct 2006 15:09:58 A.... 413 696 404,00 K w95inf16.dll Thu 5 Oct 2006 14:19:02 A.... 2 272 2,22 K w95inf32.dll Thu 5 Oct 2006 14:19:02 A.... 4 608 4,50 K webcheck.dll Fri 27 Oct 2006 15:09:58 A.... 231 424 226,00 K wininet.dll Fri 27 Oct 2006 15:09:58 A.... 818 688 799,50 K wmvcore.dll Thu 7 Dec 2006 6:29:34 A.... 2 374 472 2,26 M xpsp3res.dll Mon 16 Oct 2006 12:19:10 A.... 265 216 259,00 K 50 items found: 50 files, 0 directories. Total of file sizes: 25 564 806 bytes 24,38 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\WINDOWS\System32 14/12/2006 22:02 dllcache 30/12/2005 12:03 Microsoft 0 fichier(s) 0 octets 2 R‚p(s) 3ÿ868ÿ082ÿ176 octets libres

coralien · Answer

voici le 2eme rapport après redémarrage (mais j'ai toujours les pop ups...)

L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges. 
Checking for L2MFix account(0=no 1=yes): 
1
 Granting SeDebugPrivilege to L2MFIX   ... successful
 
Running From:
C:\WINDOWS\system32
 
Killing Processes! 
  Killing 'smss.exe'
\SystemRoot\System32\smss.exe (692)
  Killing 'winlogon.exe'
winlogon.exe    (780)
  Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1596)
  Killing 'rundll32.exe'
Restoring Sedebugprivilege:
 Granting SeDebugPrivilege to Administrateurs   ... successful
 
Scanning First Pass. Please Wait!
 
First Pass Completed 
 
Second Pass Scanning 
 
Second pass Completed!
 
 
 
Restoring Windows Update Certificates.:
 
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Event"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
  00,00,89,81,37,e4,61,48,dd,43,b0,b1,99,fe,e9,ca,3a,8b,04,00,00,00,04,00,00,\
  00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,8a,b5,4c,c3,39,3b,c0,30,\
  26,f6,f0,94,aa,03,f6,c2,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,63,\
  10,66,5c,0f,74,ab,14,00,49,85,b6,bd,2b,67,dc,b0,01,00,00,e6,e0,23,fc,d9,39,\
  6a,8b,6f,73,8a,d5,fd,6b,1e,d7,17,a1,7e,b2,ea,04,bb,62,88,c2,23,0a,d4,c7,af,\
  5f,d7,b8,87,a0,07,9b,68,b8,95,f4,df,53,df,f7,18,24,94,3c,a9,b9,74,01,35,04,\
  2f,45,a3,e9,07,1b,d7,60,88,27,11,ad,8d,61,65,55,6a,d8,68,f9,f2,fe,d1,0e,0c,\
  1b,fc,fc,40,94,96,5a,e9,78,78,0a,28,7d,1f,a3,64,14,d5,7f,18,3d,a7,dc,65,32,\
  08,b7,1b,bc,f1,e2,83,9e,85,fc,f7,b4,0b,9d,66,d5,1c,59,6f,5d,b6,bb,a0,dd,38,\
  a8,56,a3,c4,f0,93,9f,26,b6,f9,07,08,69,c0,6c,0a,cb,45,8f,22,58,ea,4a,87,5a,\
  62,48,5a,40,4d,90,5d,94,77,19,d1,9c,11,db,3c,a7,e8,6a,c0,7c,02,26,d7,a3,79,\
  6e,02,57,7b,5b,a1,9b,69,55,2c,65,f1,32,85,78,9f,af,fe,b9,4b,35,30,17,2b,68,\
  86,1b,0a,13,3d,60,22,48,14,16,e2,fa,d0,c2,b7,01,ba,3a,33,12,1c,3c,22,2a,72,\
  ef,b8,8d,8d,5a,d2,02,6e,5a,e1,f6,76,eb,b1,5c,cc,c0,e0,e0,f7,34,8c,3d,5d,65,\
  f2,ef,49,28,c6,47,39,44,3b,f3,0e,7d,3e,fc,e0,60,04,0b,39,b2,b5,21,13,f0,d4,\
  68,e6,c9,24,11,20,72,31,7b,e4,7e,b9,d1,e3,ac,3d,85,a6,56,ff,dc,cb,23,f9,cd,\
  23,14,94,06,e5,af,5e,3a,c4,33,33,98,8e,13,57,38,1a,4c,81,53,c4,15,92,a1,2b,\
  16,6e,5e,9b,08,46,1d,a8,76,5d,f7,63,87,9c,a1,e2,c5,c5,60,17,d7,ff,d9,47,c1,\
  51,ac,df,4f,bc,e8,e4,8b,af,f6,6e,50,af,64,16,fc,0a,07,ba,1b,6a,58,94,9e,fd,\
  54,ec,3c,e6,a4,70,4a,6d,f8,bc,82,d3,ba,ff,87,a8,08,34,34,5c,2d,e8,bd,33,ef,\
  f2,be,27,f2,4b,f8,62,14,c3,dd,7b,ca,1e,9b,17,49,39,dc,f1,27,d6,7f,e0,d4,c4,\
  e3,14,00,00,00,57,03,a4,56,07,e4,75,c5,b9,e7,30,f4,53,ea,a2,2a,1d,1c,f4,07

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

 
The following are the files found: 
****************************************************************************
 
Registry Entries that were Deleted: 
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder. 
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{200C0652-E7EE-4542-B841-F5FD375DEF14}"=-
"{089AAAA2-AE10-4BA6-ACC9-7F54B72A7F5B}"=-
"{1A0E0EF4-86C3-4414-8EF9-F6FF509821A1}"=-
"{2C568809-466C-43F9-8AAC-472592490C11}"=-
[-HKEY_CLASSES_ROOT\CLSID\{200C0652-E7EE-4542-B841-F5FD375DEF14}]
[-HKEY_CLASSES_ROOT\CLSID\{089AAAA2-AE10-4BA6-ACC9-7F54B72A7F5B}]
[-HKEY_CLASSES_ROOT\CLSID\{1A0E0EF4-86C3-4414-8EF9-F6FF509821A1}]
[-HKEY_CLASSES_ROOT\CLSID\{2C568809-466C-43F9-8AAC-472592490C11}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents: 
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes): 
0
Zipping up files for submission:
	zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
  adding: backregs/notibac.reg (164 bytes security) (deflated 82%)
  adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Utilisateur anonyme · Answer

La raison est la Marie : 
O4 - HKLM\..\Run: [Play 01 Mfcd Burn] C:\Documents and Settings\All Users\Application Data\shim setup play 01\HtmLogo.exe

Attention avec L2Mfix, c'ets pas un truc à balancer comme ça :-/


Télécharge lopxp :
http://perso.numericable.fr/~altshift/Info/Fichiers/lopxpMH2.zip 

dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il à terminé, un rapport s'ouvre : fait un copier-coller puis mets le ici

coralien · Answer

Rapport fait à 19:05:07,98 le 29/12/2006 Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\All Users\Application Data 17/12/2006 14:46 TEMP 14/12/2006 18:43 shim setup play 01 11/12/2006 00:11 DVD Shrink 11/11/2006 17:57 Ahead 10/11/2006 18:18 Google 01/11/2006 09:08 ArcSoft 24/04/2006 21:24 Skype 20/02/2006 00:40 QuickTime 02/01/2006 20:35 Yahoo! Companion 31/12/2005 16:30 DataViz 31/12/2005 16:29 HotSync 30/12/2005 23:11 Kazaa 30/12/2005 16:12 Adobe 30/12/2005 16:08 Macrovision 30/12/2005 13:19 Windows Genuine Advantage 30/12/2005 11:58 Symantec 30/12/2005 11:18 62 desktop.ini 30/12/2005 11:18 Microsoft 30/12/2005 11:18 . 30/12/2005 11:18 .. 1 fichier(s) 62 octets 19 R‚p(s) 3856084992 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Coralie\Application Data 17/12/2006 14:45 PC Tools 14/12/2006 18:43 amenthunkbat 14/12/2006 18:02 uTorrent 11/11/2006 18:30 Ahead 11/11/2006 09:37 DivX 01/11/2006 09:08 Help 09/05/2006 20:28 Lavasoft 07/05/2006 23:34 EndNote 24/04/2006 21:24 Skype 26/03/2006 13:09 Sun 26/03/2006 13:08 Google 16/03/2006 21:41 Real 05/01/2006 15:56 AdobeUM 01/01/2006 22:39 Arcsoft 31/12/2005 16:36 Leadertech 31/12/2005 16:27 HotSync 30/12/2005 22:58 Kazaa Lite 30/12/2005 16:11 Adobe 30/12/2005 15:07 Talkback 30/12/2005 15:07 Mozilla 30/12/2005 12:43 Macromedia 30/12/2005 11:59 Symantec 30/12/2005 11:31 Identities 30/12/2005 11:31 62 desktop.ini 30/12/2005 11:31 .. 30/12/2005 11:31 . 30/12/2005 11:31 Microsoft 1 fichier(s) 62 octets 26 R‚p(s) 3856084992 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Default User\Application Data 30/12/2005 11:18 62 desktop.ini 30/12/2005 11:18 .. 30/12/2005 11:18 Microsoft 30/12/2005 11:18 . 1 fichier(s) 62 octets 3 R‚p(s) 3856109568 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Invit‚\Application Data 12/10/2006 07:23 Macromedia 12/10/2006 07:23 HotSync 12/10/2006 07:22 Real 12/10/2006 07:22 Identities 12/10/2006 07:22 62 desktop.ini 12/10/2006 07:22 Microsoft 12/10/2006 07:22 .. 12/10/2006 07:22 . 1 fichier(s) 62 octets 7 R‚p(s) 3856084992 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS asks Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\WINDOWS\Tasks bonjour. est-il possible d'enlever cette ligne (O4 - HKLM\..\Run: [Play 01 Mfcd Burn] C:\Documents and Settings\All Users\Application Data\shim setup play 01\HtmLogo.exe) avec hijack ? sinon voici le rapport demandé. encore merci !!! 31/12/2005 13:20 534 Norton AntiVirus - Scan my computer - Coralie.job 30/12/2005 11:27 6 SA.DAT 30/12/2005 11:25 65 desktop.ini 30/12/2005 11:25 .. 30/12/2005 11:25 . 3 fichier(s) 605 octets 2 R‚p(s) 3ÿ856ÿ080ÿ896 octets libres ****************************************** Recherche dans Program files Le dossier C:\Program Files\C2Media n'existe pas *************** Fin du rapport ****************

coralien · Answer

oups, je crois que j'ai ecrit mon message au milieu du rapport !! donc est-il ossible d'enlver la ligne avec hijack ? et voici le rapport !! et merci beaucoup +++ !!! Rapport fait à 19:05:07,98 le 29/12/2006 Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\All Users\Application Data 17/12/2006 14:46 TEMP 14/12/2006 18:43 shim setup play 01 11/12/2006 00:11 DVD Shrink 11/11/2006 17:57 Ahead 10/11/2006 18:18 Google 01/11/2006 09:08 ArcSoft 24/04/2006 21:24 Skype 20/02/2006 00:40 QuickTime 02/01/2006 20:35 Yahoo! Companion 31/12/2005 16:30 DataViz 31/12/2005 16:29 HotSync 30/12/2005 23:11 Kazaa 30/12/2005 16:12 Adobe 30/12/2005 16:08 Macrovision 30/12/2005 13:19 Windows Genuine Advantage 30/12/2005 11:58 Symantec 30/12/2005 11:18 62 desktop.ini 30/12/2005 11:18 Microsoft 30/12/2005 11:18 . 30/12/2005 11:18 .. 1 fichier(s) 62 octets 19 R‚p(s) 3856084992 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Coralie\Application Data 17/12/2006 14:45 PC Tools 14/12/2006 18:43 amenthunkbat 14/12/2006 18:02 uTorrent 11/11/2006 18:30 Ahead 11/11/2006 09:37 DivX 01/11/2006 09:08 Help 09/05/2006 20:28 Lavasoft 07/05/2006 23:34 EndNote 24/04/2006 21:24 Skype 26/03/2006 13:09 Sun 26/03/2006 13:08 Google 16/03/2006 21:41 Real 05/01/2006 15:56 AdobeUM 01/01/2006 22:39 Arcsoft 31/12/2005 16:36 Leadertech 31/12/2005 16:27 HotSync 30/12/2005 22:58 Kazaa Lite 30/12/2005 16:11 Adobe 30/12/2005 15:07 Talkback 30/12/2005 15:07 Mozilla 30/12/2005 12:43 Macromedia 30/12/2005 11:59 Symantec 30/12/2005 11:31 Identities 30/12/2005 11:31 62 desktop.ini 30/12/2005 11:31 .. 30/12/2005 11:31 . 30/12/2005 11:31 Microsoft 1 fichier(s) 62 octets 26 R‚p(s) 3856084992 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Default User\Application Data 30/12/2005 11:18 62 desktop.ini 30/12/2005 11:18 .. 30/12/2005 11:18 Microsoft 30/12/2005 11:18 . 1 fichier(s) 62 octets 3 R‚p(s) 3856109568 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\Documents and Settings\Invit‚\Application Data 12/10/2006 07:23 Macromedia 12/10/2006 07:23 HotSync 12/10/2006 07:22 Real 12/10/2006 07:22 Identities 12/10/2006 07:22 62 desktop.ini 12/10/2006 07:22 Microsoft 12/10/2006 07:22 .. 12/10/2006 07:22 . 1 fichier(s) 62 octets 7 R‚p(s) 3856084992 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS asks Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est D429-4CEA R‚pertoire de C:\WINDOWS\Tasks 31/12/2005 13:20 534 Norton AntiVirus - Scan my computer - Coralie.job 30/12/2005 11:27 6 SA.DAT 30/12/2005 11:25 65 desktop.ini 30/12/2005 11:25 .. 30/12/2005 11:25 . 3 fichier(s) 605 octets 2 R‚p(s) 3ÿ856ÿ080ÿ896 octets libres ****************************************** Recherche dans Program files Le dossier C:\Program Files\C2Media n'existe pas *************** Fin du rapport ****************

^^Marie^^ · Answer

Slt

Refais un Hitjakthis
stp
merci

coralien · Answer

voici le nouveau rapport hijack
encore merci pour votre aide !!!

Logfile of HijackThis v1.99.1
Scan saved at 16:15:35, on 30/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus
avapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Nero\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programmes - Install\Sécurité\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1	ools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Play 01 Mfcd Burn] C:\Documents and Settings\All Users\Application Data\shim setup play 01\HtmLogo.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [scr regs] C:\DOCUME~1\Coralie\APPLIC~1\AMENTH~1\Comp Draw.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://coralieneves.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader35.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC10F2D-8D90-4E10-86E1-02AF22743809}: NameServer = 212.216.212.212,212.216.172.62
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Pop ups et pubs

14 réponses

Discussions similaires