Votre question

POPUP sous Mozilla

Tags :
  • Popup
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Janvier 2006 11:03:13

Bonjour à tous,
ça fait quelque jours, je suis envahit par des popup en plus j'utilise mozilla quiest normalement supposé bloquer les popup. dès que j'essaye d'ouvrir une page internet, j'ai au moins 3 fenêtres qui s'ouvrent, c'est en des pub.
si quelqu'un peut m'aider, ça serait vraiment sympa.
merci

Autres pages sur : popup mozilla

a b 8 Sécurité
21 Janvier 2006 11:52:25

Salut,
Fais des scans en ligne (Kaspersky...)
Scan en mode sans echec avec Ad Aware-Ewido-Spybot

Poster un rapport Hijackthis

Telecharge le programme
Dezippe le sur ton bureau ou un dossier cree pour l'occasion
Lance l'application
Choisi Do a system scan and save logfile
Colle le rapport ici ;-)
21 Janvier 2006 20:58:21

bonsoir,
j'ai scanner avec adware en mode sans echec, et voici le log.
pour le reste j'ai pas vraiment compris ce qu'il faut faire.


Ad-Aware SE Build 1.06r1
Logfile Created on:samedi 21 janvier 2006 20:50:29
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R86 11.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):28 total references
Tracking Cookie(TAC index:3):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


21-01-2006 20:50:29 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 132
ThreadCreationTime : 21-01-2006 19:48:41
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 208
ThreadCreationTime : 21-01-2006 19:48:54
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 252
ThreadCreationTime : 21-01-2006 19:48:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 264
ThreadCreationTime : 21-01-2006 19:48:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 424
ThreadCreationTime : 21-01-2006 19:49:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 21-01-2006 19:49:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 21-01-2006 19:49:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 764
ThreadCreationTime : 21-01-2006 19:49:23
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:9 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 908
ThreadCreationTime : 21-01-2006 19:49:56
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistant.findthewebsiteyouneed.com

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:souhila_2@bluestreak.com/
Expires : 19-01-2016 05:56:36
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:souhila_2@trafficmp.com/
Expires : 21-01-2007 11:29:50
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:souhila_2@mediaplex.com/
Expires : 22-06-2009 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:souhila_2@overture.com/
Expires : 19-01-2016 11:17:04
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:souhila_2@perf.overture.com/
Expires : 20-01-2010 10:51:06
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:33
Value : Cookie:souhila_2@as1.falkag.de/
Expires : 22-03-2006 10:56:46
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:souhila_2@atdmt.com/
Expires : 20-01-2011 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:souhila_2@www.smartadserver.com/
Expires : 27-11-2010
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:souhila_2@advertising.com/
Expires : 10-02-2047 21:37:36
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:souhila_2@tradedoubler.com/
Expires : 16-01-2026 11:18:18
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@www.findthewebsiteyouneed[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:souhila_2@www.findthewebsiteyouneed.com/
Expires : 20-03-2006 08:19:40
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:souhila_2@realmedia.com/
Expires : 01-01-2021 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:souhila_2@doubleclick.net/
Expires : 20-01-2009 10:56:50
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@web2.realtracker[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:souhila_2@web2.realtracker.com/
Expires : 01-01-2007
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : souhila_2@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:souhila_2@weborama.fr/
Expires : 21-01-2008 11:14:56
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 15



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Disk Scan Result for C:\DOCUME~1\SOUHIL~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
611 entries scanned.
New critical objects:0
Objects found so far: 15



MRU List Object Recognized!
Location: : C:\Documents and Settings\souhila_2\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\office\10.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1202660629-1708537768-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43

20:53:01 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:31.488
Objects scanned:55777
Objects identified:15
Objects ignored:0
New critical objects:15

Merci
Contenus similaires
21 Janvier 2006 21:51:32

Salut,

Poste un log HijackThis.

Télécharge le, puis met le dans un dossier dédié. (tu le déplace dans un nouveau dossier que tu met sur ton bureau)
Ensuite, lance le, appuie sur Do a system scan a save a logfile, et donne nous le résultat du scan (à la fin du scan tu vas avoir le bloc note qui va affiché un rapport tu le copie et tu le colle dans ton topic)

www.infos-du-net.com/telecharger/HijackThis.html
22 Janvier 2006 12:24:32

bonjour,
voici le log génré par Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 12:22:55, on 22/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\souhila_2\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SOUHIL~1\LOCALS~1\Temp\sp.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\System32\ssqpo.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\awvss.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: FOLDER.HTT
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: FOLDER.HTT
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Validate XML - C:\WINDOWS\web\msxmlval.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: View XSL Output - C:\WINDOWS\web\msxmlvw.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://195.225.176.32/e/8/jpg+chm//x.chm::/open.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C851AEA1-6E61-4A67-8254-2D621E2B23A1}: NameServer = 80.118.196.36 80.118.192.100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvss - C:\WINDOWS\SYSTEM32\awvss.dll
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\hutplug.dll
O20 - Winlogon Notify: mllij - C:\WINDOWS\System32\mllij.dll (file missing)
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\fp2003fme.dll (file missing)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\en46l1hs1.dll (file missing)
O20 - Winlogon Notify: ssqpo - C:\WINDOWS\System32\ssqpo.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\nhmssvc.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\duserver.dll (file missing)
O20 - Winlogon Notify: tustq - tustq.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\en2ul1f91.dll (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

Merci
22 Janvier 2006 20:40:39

salut,
merci de me repondre ;-)
22 Janvier 2006 20:53:34

Bonsoir

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
22 Janvier 2006 21:55:05

Ok, je vais faire tout de suite tout ça, et je vous repond.
@+
22 Janvier 2006 22:03:36

salut,
voici le fichier : vundofix.txt

VundoFix V4.0

Listing files found while scanning....

C:\WINDOWS\System32\tustq.dll
C:\WINDOWS\System32\awvss.dll
C:\WINDOWS\System32\ssqpo.dll
C:\WINDOWS\System32\opqss.ini
C:\WINDOWS\System32\opqss.bak1
C:\WINDOWS\System32\opqss.bak2
C:\WINDOWS\System32\opqss.ini2

C:\WINDOWS\SYSTEM32\opqss.bak1
C:\WINDOWS\SYSTEM32\opqss.bak2
C:\WINDOWS\SYSTEM32\opqss.ini
C:\WINDOWS\SYSTEM32\opqss.ini2
C:\WINDOWS\SYSTEM32\ssqpo.dll
C:\WINDOWS\SYSTEM32\jillm.bak1
C:\WINDOWS\SYSTEM32\jillm.bak2
C:\WINDOWS\SYSTEM32\jillm.tmp
C:\WINDOWS\SYSTEM32\jillm.ini
C:\WINDOWS\SYSTEM32\jillm.ini2
Attempting to delete C:\WINDOWS\System32\awvss.dll
C:\WINDOWS\System32\awvss.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\ssqpo.dll
C:\WINDOWS\System32\ssqpo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\opqss.ini
C:\WINDOWS\System32\opqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\opqss.bak1
C:\WINDOWS\System32\opqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\opqss.bak2
C:\WINDOWS\System32\opqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\opqss.ini2
C:\WINDOWS\System32\opqss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssqpo.dll
C:\WINDOWS\SYSTEM32\ssqpo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\jillm.bak1
C:\WINDOWS\SYSTEM32\jillm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jillm.bak2
C:\WINDOWS\SYSTEM32\jillm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jillm.tmp
C:\WINDOWS\SYSTEM32\jillm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jillm.ini
C:\WINDOWS\SYSTEM32\jillm.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jillm.ini2
C:\WINDOWS\SYSTEM32\jillm.ini2 Has been deleted!

Performing Repairs to the registry.
Done!



et voici le fichier : hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 22:00:44, on 22/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\souhila_2\Bureau\HijackThis.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\DOCUME~1\SOUHIL~1\LOCALS~1\Temp\sp.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

= Liens
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} -

C:\WINDOWS\System32\ssqpo.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} -

C:\WINDOWS\system32\awvss.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} -

blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE

/partner BO1
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE"

/min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - Startup: FOLDER.HTT
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: FOLDER.HTT
O8 - Extra context menu item: &Traduire à partir de l'anglais -

res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Validate XML -

C:\WINDOWS\web\msxmlval.htm
O8 - Extra context menu item: Version de la page actuelle disponible

dans le cache Google - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: View XSL Output -

C:\WINDOWS\web\msxmlvw.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {11111111-1111-1111-1111-222222222222} -

ms-its:mhtml:file://d:\foo.mht!http://195.225.176.32/e/8/jpg+chm//x.chm

::/open.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...

InitialSetup1.0.0.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.microsoft.com/windowsupdate/v6/V5Controls...

uweb_site.cab?1131492122528
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2005111401/housecall...

housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClie...
O17 -

HKLM\System\CCS\Services\Tcpip\..\{C851AEA1-6E61-4A67-8254-2D621E2B23A1

}: NameServer = 80.118.192.111 80.118.196.41
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvss - C:\WINDOWS\SYSTEM32\awvss.dll
O20 - Winlogon Notify: mllij - C:\WINDOWS\System32\mllij.dll (file

missing)
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\fp2003fme.dll

(file missing)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\en46l1hs1.dll

(file missing)
O20 - Winlogon Notify: ssqpo - C:\WINDOWS\System32\ssqpo.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\nhmssvc.dll (file

missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\d40m0ed1eh0.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\duserver.dll (file

missing)
O20 - Winlogon Notify: tustq - tustq.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\en2ul1f91.dll

(file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH,

Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Fichiers

communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program

Files\Network Monitor\netmon.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner -

C:\WINDOWS\system32\pnpsp2fix.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Tomcat

5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

22 Janvier 2006 22:19:13

Re

Il y a deux fichiers qui ont résistés.

Je pense que l'infection Look2Me bloque la désinfection.

Télécharge L2mfix (de Shadowwar) de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt") dans ta prochaine réponse.

IMPORTANT : NE PAS lancer l'option #2 OU autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller !

Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.


22 Janvier 2006 22:59:50

RE
voici le rapport:
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvss]
"Asynchronous"=dword:00000001
"DllName"="awvss.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mllij]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\mllij.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fp2003fme.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDlls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en46l1hs1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpo]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\ssqpo.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\nhmssvc.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\d40m0ed1eh0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\duserver.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tustq]
"Asynchronous"=dword:00000001
"DllName"="tustq.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en2ul1f91.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{FA604D68-6C35-0ED8-5FC2-63EC3EDBEF78}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{8561E0DE-7F77-4A57-B802-D87CF65FB634}"=""
"{BA21B1BE-5D72-4232-AB32-74F693FC90EE}"=""
"{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}"=""
"{46084B2C-8143-4AF9-A130-97563BBBF34D}"=""
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8561E0DE-7F77-4A57-B802-D87CF65FB634}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8561E0DE-7F77-4A57-B802-D87CF65FB634}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8561E0DE-7F77-4A57-B802-D87CF65FB634}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8561E0DE-7F77-4A57-B802-D87CF65FB634}\InprocServer32]
@="C:\\WINDOWS\\system32\\kT440ihqe84e0.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}\InprocServer32]
@="C:\\WINDOWS\\system32\\sccur32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{46084B2C-8143-4AF9-A130-97563BBBF34D}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{46084B2C-8143-4AF9-A130-97563BBBF34D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46084B2C-8143-4AF9-A130-97563BBBF34D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46084B2C-8143-4AF9-A130-97563BBBF34D}\InprocServer32]
@="C:\\WINDOWS\\system32\\nhmssvc.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
sccur32.dll Sun 22 Jan 2006 21:59:34 ..S.R 236 427 230,88 K
dbnet.dll Thu 19 Jan 2006 10:10:12 ..S.R 234 676 229,18 K
iiihi.dll Sat 14 Jan 2006 18:58:08 ..SH. 35 853 35,01 K
fcywx.dll Sun 8 Jan 2006 18:21:20 ..SH. 35 853 35,01 K
ljhfg.dll Sat 14 Jan 2006 20:56:12 ..SH. 35 853 35,01 K
enj6l1~1.dll Sun 22 Jan 2006 21:59:34 ..S.R 234 053 228,57 K
byxyw.dll Sun 8 Jan 2006 14:55:14 ..SH. 35 853 35,01 K
enpql1~1.dll Sat 21 Jan 2006 20:33:36 ..S.R 236 427 230,88 K
efedd.dll Sun 15 Jan 2006 11:22:38 ..SH. 35 853 35,01 K
khfdc.dll Mon 9 Jan 2006 17:15:16 ..SH. 35 853 35,01 K
efccc.dll Mon 9 Jan 2006 19:33:48 ..SH. 35 853 35,01 K
pmkjk.dll Sat 14 Jan 2006 11:45:26 ..SH. 35 853 35,01 K
l6l6lg~1.dll Thu 19 Jan 2006 13:23:58 ..S.R 234 676 229,18 K
ursqp.dll Mon 16 Jan 2006 8:47:16 ..SH. 35 853 35,01 K
o6rolg~1.dll Sun 22 Jan 2006 21:42:50 ..S.R 236 427 230,88 K
oppqp.dll Sat 14 Jan 2006 15:42:38 ..SH. 35 853 35,01 K
qopqo.dll Sat 14 Jan 2006 14:20:30 ..SH. 35 853 35,01 K
d40m0e~1.dll Sun 22 Jan 2006 14:15:04 ..S.R 236 427 230,88 K
iiijh.dll Sat 14 Jan 2006 12:54:14 ..SH. 35 853 35,01 K
awvss.dll Sun 15 Jan 2006 12:31:22 ..... 35 853 35,01 K
jlehklj.dll Fri 23 Dec 2005 14:14:10 A.... 139 264 136,00 K
ddaby.dll Thu 12 Jan 2006 12:27:32 ..SH. 35 853 35,01 K
pmkji.dll Thu 12 Jan 2006 16:54:24 ..SH. 35 853 35,01 K
xxyyy.dll Sat 14 Jan 2006 17:44:08 ..SH. 35 853 35,01 K
ssqpo.dll Sun 15 Jan 2006 11:26:30 ..... 565 300 552,05 K
yayvw.dll Tue 17 Jan 2006 13:19:38 ..SH. 35 853 35,01 K
en2ql1~1.dll Sun 15 Jan 2006 13:47:32 ..S.R 235 793 230,27 K
jkkhh.dll Sun 8 Jan 2006 22:02:20 ..SH. 35 853 35,01 K
m0rmla~1.dll Sun 15 Jan 2006 13:47:28 ..S.R 235 462 229,94 K
k6lqlg~1.dll Sat 14 Jan 2006 15:39:54 ..S.R 235 808 230,28 K
fccca.dll Mon 9 Jan 2006 11:24:08 ..SH. 35 853 35,01 K
jkhfc.dll Mon 9 Jan 2006 13:35:08 ..SH. 35 853 35,01 K
cbxuv.dll Thu 12 Jan 2006 10:02:02 ..SH. 35 853 35,01 K
byxvu.dll Thu 12 Jan 2006 17:45:52 ..SH. 35 853 35,01 K
xxyvs.dll Sun 8 Jan 2006 23:39:32 ..SH. 35 853 35,01 K
yabxx.dll Mon 9 Jan 2006 20:03:40 ..SH. 35 853 35,01 K
vtsts.dll Thu 12 Jan 2006 18:58:06 ..SH. 35 853 35,01 K
ljjhf.dll Thu 12 Jan 2006 20:56:16 ..SH. 35 853 35,01 K
urqon.dll Mon 9 Jan 2006 22:38:40 ..SH. 35 853 35,01 K
iifdb.dll Fri 13 Jan 2006 9:23:40 ..SH. 35 853 35,01 K
yayvt.dll Fri 13 Jan 2006 18:41:00 ..SH. 35 853 35,01 K
byxww.dll Fri 13 Jan 2006 17:06:34 ..SH. 35 853 35,01 K
k8440i~1.dll Fri 13 Jan 2006 9:22:00 ..S.R 234 720 229,22 K
i4lo0e~1.dll Sun 15 Jan 2006 15:21:02 ..S.R 234 606 229,11 K
rqrpn.dll Sun 15 Jan 2006 19:21:58 ..SH. 35 853 35,01 K
tusrr.dll Fri 13 Jan 2006 13:49:02 ..SH. 35 853 35,01 K
urqnk.dll Fri 13 Jan 2006 22:19:26 ..SH. 35 853 35,01 K
azao0e~1.dll Sun 15 Jan 2006 15:21:06 ..S.R 234 922 229,41 K
i4nmle~1.dll Sun 15 Jan 2006 17:40:38 ..S.R 235 426 229,91 K
ir0sl5~1.dll Sun 15 Jan 2006 17:40:44 ..S.R 235 977 230,45 K
rqopn.dll Sun 15 Jan 2006 18:22:42 ..SH. 35 853 35,01 K
ljjkj.dll Mon 16 Jan 2006 10:43:44 ..SH. 35 853 35,01 K
byxuu.dll Mon 16 Jan 2006 17:29:42 ..SH. 35 853 35,01 K
en4ul1~1.dll Mon 16 Jan 2006 0:56:10 ..S.R 234 218 228,73 K
xxwtt.dll Mon 16 Jan 2006 18:00:56 ..SH. 35 853 35,01 K
urqrq.dll Mon 16 Jan 2006 20:35:38 ..SH. 35 853 35,01 K
gebaa.dll Tue 17 Jan 2006 17:38:12 ..SH. 35 853 35,01 K
opnol.dll Tue 17 Jan 2006 10:32:44 ..SH. 35 853 35,01 K
h60qlg~1.dll Tue 17 Jan 2006 13:16:10 ..S.R 236 254 230,71 K

59 items found: 59 files (56 H/S), 0 directories.
Total of file sizes: 6 140 983 bytes 5,86 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
mcrh.tmp Sun 22 Jan 2006 20:42:02 A.... 0 0,00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 0 bytes 0,00 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle SYSTEM
Le num‚ro de s‚rie du volume est 023F-1C03

R‚pertoire de C:\WINDOWS\System32

22/01/2006 22:59 391ÿ220 opqss.ini
22/01/2006 21:59 236ÿ427 sccur32.dll
22/01/2006 21:59 234ÿ053 enj6l11s1.dll
22/01/2006 21:42 236ÿ427 o6rolg9316.dll
22/01/2006 14:15 236ÿ427 d40m0ed1eh0.dll
21/01/2006 20:33 236ÿ427 enpql1751.dll
19/01/2006 13:23 234ÿ676 l6l6lg3s16.dll
19/01/2006 10:10 234ÿ676 dbnet.dll
17/01/2006 17:38 35ÿ853 gebaa.dll
17/01/2006 13:19 35ÿ853 yayvw.dll
17/01/2006 13:16 236ÿ254 h60qlgd5160.dll
17/01/2006 10:32 35ÿ853 opnol.dll
16/01/2006 20:35 35ÿ853 urqrq.dll
16/01/2006 18:00 35ÿ853 xxwtt.dll
16/01/2006 17:29 35ÿ853 byxuu.dll
16/01/2006 10:43 35ÿ853 ljjkj.dll
16/01/2006 08:47 35ÿ853 ursqp.dll
16/01/2006 00:56 234ÿ218 en4ul1h91.dll
15/01/2006 19:21 35ÿ853 rqrpn.dll
15/01/2006 18:22 35ÿ853 rqopn.dll
15/01/2006 17:40 235ÿ977 ir0sl5d71.dll
15/01/2006 17:40 235ÿ426 i4nmle511h.dll
15/01/2006 15:21 234ÿ922 azao0e33eh.dll
15/01/2006 15:21 234ÿ606 i4lo0e33eh.dll
15/01/2006 13:47 235ÿ793 en2ql1f51.dll
15/01/2006 13:47 235ÿ462 m0rmla911d.dll
15/01/2006 11:22 35ÿ853 efedd.dll
14/01/2006 20:56 35ÿ853 ljhfg.dll
14/01/2006 18:58 35ÿ853 iiihi.dll
14/01/2006 17:44 35ÿ853 xxyyy.dll
14/01/2006 15:42 35ÿ853 oppqp.dll
14/01/2006 15:39 235ÿ808 k6lqlg3516.dll
14/01/2006 14:20 35ÿ853 qopqo.dll
14/01/2006 12:54 35ÿ853 iiijh.dll
14/01/2006 11:45 35ÿ853 pmkjk.dll
13/01/2006 22:19 35ÿ853 urqnk.dll
13/01/2006 18:41 35ÿ853 yayvt.dll
13/01/2006 17:06 35ÿ853 byxww.dll
13/01/2006 13:49 35ÿ853 tusrr.dll
13/01/2006 09:23 35ÿ853 iifdb.dll
13/01/2006 09:22 234ÿ720 k8440ihqe84e0.dll
12/01/2006 20:56 35ÿ853 ljjhf.dll
12/01/2006 18:58 35ÿ853 vtsts.dll
12/01/2006 17:45 35ÿ853 byxvu.dll
12/01/2006 16:54 35ÿ853 pmkji.dll
12/01/2006 12:27 35ÿ853 ddaby.dll
12/01/2006 10:02 35ÿ853 cbxuv.dll
09/01/2006 22:38 35ÿ853 urqon.dll
09/01/2006 20:03 35ÿ853 yabxx.dll
09/01/2006 19:33 35ÿ853 efccc.dll
09/01/2006 17:15 35ÿ853 khfdc.dll
09/01/2006 13:35 35ÿ853 jkhfc.dll
09/01/2006 11:24 35ÿ853 fccca.dll
08/01/2006 23:39 35ÿ853 xxyvs.dll
08/01/2006 22:02 35ÿ853 jkkhh.dll
08/01/2006 18:21 35ÿ853 fcywx.dll
08/01/2006 14:55 35ÿ853 byxyw.dll
23/12/2005 14:14 405ÿ504 ??rvices.exe
14/01/2004 13:42 <REP> Microsoft
14/01/2004 12:58 <REP> dllcache
58 fichier(s) 6ÿ197ÿ290 octets
2 R‚p(s) 401ÿ997ÿ824 octets libres
22 Janvier 2006 23:08:53

Bien.

Beaucoup de fichiers infectés dans ce rapport.

Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.

Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal).
L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.

IMPORTANT: NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller ! Ne pas lancer cet outil en mode Sans Échec !!
**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt") situé dans le dossier "l2mfix".
22 Janvier 2006 23:21:18

voici le log :

L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 328 'smss.exe'
Killing PID 328 'smss.exe'
Killing PID 328 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 408 'winlogon.exe'
Killing PID 408 'winlogon.exe'
Killing PID 408 'winlogon.exe'
Killing PID 408 'winlogon.exe'
Killing PID 408 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1316 'explorer.exe'
Killing PID 1316 'explorer.exe'
Killing PID 1316 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1104 'rundll32.exe'
Killing PID 1924 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\azao0e33eh.dll
Successfully Deleted: C:\WINDOWS\system32\azao0e33eh.dll
Deleting: C:\WINDOWS\system32\d40m0ed1eh0.dll
Successfully Deleted: C:\WINDOWS\system32\d40m0ed1eh0.dll
Deleting: C:\WINDOWS\system32\dbnet.dll
Successfully Deleted: C:\WINDOWS\system32\dbnet.dll
Deleting: C:\WINDOWS\system32\en2ql1f51.dll
Successfully Deleted: C:\WINDOWS\system32\en2ql1f51.dll
Deleting: C:\WINDOWS\system32\en4ul1h91.dll
Successfully Deleted: C:\WINDOWS\system32\en4ul1h91.dll
Deleting: C:\WINDOWS\system32\enj6l11s1.dll
Successfully Deleted: C:\WINDOWS\system32\enj6l11s1.dll
Deleting: C:\WINDOWS\system32\enpql1751.dll
Successfully Deleted: C:\WINDOWS\system32\enpql1751.dll
Deleting: C:\WINDOWS\system32\h60qlgd5160.dll
Successfully Deleted: C:\WINDOWS\system32\h60qlgd5160.dll
Deleting: C:\WINDOWS\system32\i4lo0e33eh.dll
Successfully Deleted: C:\WINDOWS\system32\i4lo0e33eh.dll
Deleting: C:\WINDOWS\system32\i4nmle511h.dll
Successfully Deleted: C:\WINDOWS\system32\i4nmle511h.dll
Deleting: C:\WINDOWS\system32\ir0sl5d71.dll
Successfully Deleted: C:\WINDOWS\system32\ir0sl5d71.dll
Deleting: C:\WINDOWS\system32\k6lqlg3516.dll
Successfully Deleted: C:\WINDOWS\system32\k6lqlg3516.dll
Deleting: C:\WINDOWS\system32\k8440ihqe84e0.dll
Successfully Deleted: C:\WINDOWS\system32\k8440ihqe84e0.dll
Deleting: C:\WINDOWS\system32\l6l6lg3s16.dll
Successfully Deleted: C:\WINDOWS\system32\l6l6lg3s16.dll
Deleting: C:\WINDOWS\system32\m0rmla911d.dll
Successfully Deleted: C:\WINDOWS\system32\m0rmla911d.dll
Deleting: C:\WINDOWS\system32\o6rolg9316.dll
Successfully Deleted: C:\WINDOWS\system32\o6rolg9316.dll
Deleting: C:\WINDOWS\system32\sccur32.dll
Successfully Deleted: C:\WINDOWS\system32\sccur32.dll

msg11?.dll
0 fichier(s) copi‚(s).
Desktop.ini sucessfully removed




Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvss]
"Asynchronous"=dword:00000001
"DllName"="awvss.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mllij]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\mllij.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fp2003fme.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDlls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en46l1hs1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpo]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\ssqpo.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\nhmssvc.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\d40m0ed1eh0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\duserver.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tustq]
"Asynchronous"=dword:00000001
"DllName"="tustq.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en2ul1f91.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\azao0e33eh.dll
C:\WINDOWS\system32\d40m0ed1eh0.dll
C:\WINDOWS\system32\dbnet.dll
C:\WINDOWS\system32\en2ql1f51.dll
C:\WINDOWS\system32\en4ul1h91.dll
C:\WINDOWS\system32\enj6l11s1.dll
C:\WINDOWS\system32\enpql1751.dll
C:\WINDOWS\system32\h60qlgd5160.dll
C:\WINDOWS\system32\i4lo0e33eh.dll
C:\WINDOWS\system32\i4nmle511h.dll
C:\WINDOWS\system32\ir0sl5d71.dll
C:\WINDOWS\system32\k6lqlg3516.dll
C:\WINDOWS\system32\k8440ihqe84e0.dll
C:\WINDOWS\system32\l6l6lg3s16.dll
C:\WINDOWS\system32\m0rmla911d.dll
C:\WINDOWS\system32\o6rolg9316.dll
C:\WINDOWS\system32\sccur32.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8561E0DE-7F77-4A57-B802-D87CF65FB634}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8561E0DE-7F77-4A57-B802-D87CF65FB634}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8561E0DE-7F77-4A57-B802-D87CF65FB634}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8561E0DE-7F77-4A57-B802-D87CF65FB634}\InprocServer32]
@="C:\\WINDOWS\\system32\\kT440ihqe84e0.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}\InprocServer32]
@="C:\\WINDOWS\\system32\\sccur32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{46084B2C-8143-4AF9-A130-97563BBBF34D}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{46084B2C-8143-4AF9-A130-97563BBBF34D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46084B2C-8143-4AF9-A130-97563BBBF34D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46084B2C-8143-4AF9-A130-97563BBBF34D}\InprocServer32]
@="C:\\WINDOWS\\system32\\nhmssvc.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{8561E0DE-7F77-4A57-B802-D87CF65FB634}"=-
"{BA21B1BE-5D72-4232-AB32-74F693FC90EE}"=-
"{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}"=-
"{46084B2C-8143-4AF9-A130-97563BBBF34D}"=-
[-HKEY_CLASSES_ROOT\CLSID\{8561E0DE-7F77-4A57-B802-D87CF65FB634}]
[-HKEY_CLASSES_ROOT\CLSID\{BA21B1BE-5D72-4232-AB32-74F693FC90EE}]
[-HKEY_CLASSES_ROOT\CLSID\{FCECD715-B21A-4965-8D25-B24BA5F8C7CC}]
[-HKEY_CLASSES_ROOT\CLSID\{46084B2C-8143-4AF9-A130-97563BBBF34D}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/azao0e33eh.dll (deflated 5%)
adding: dlls/d40m0ed1eh0.dll (deflated 5%)
adding: dlls/dbnet.dll (deflated 4%)
adding: dlls/en2ql1f51.dll (deflated 5%)
adding: dlls/en4ul1h91.dll (deflated 4%)
adding: dlls/enj6l11s1.dll (deflated 4%)
adding: dlls/enpql1751.dll (deflated 5%)
adding: dlls/h60qlgd5160.dll (deflated 5%)
adding: dlls/i4lo0e33eh.dll (deflated 4%)
adding: dlls/i4nmle511h.dll (deflated 5%)
adding: dlls/ir0sl5d71.dll (deflated 5%)
adding: dlls/k6lqlg3516.dll (deflated 5%)
adding: dlls/k8440ihqe84e0.dll (deflated 4%)
adding: dlls/l6l6lg3s16.dll (deflated 4%)
adding: dlls/m0rmla911d.dll (deflated 5%)
adding: dlls/o6rolg9316.dll (deflated 5%)
adding: dlls/sccur32.dll (deflated 5%)
adding: backregs/notibac.reg (deflated 90%)
adding: backregs/shell.reg (deflated 54%)
adding: backregs/8561E0DE-7F77-4A57-B802-D87CF65FB634.reg (deflated 70%)
adding: backregs/FCECD715-B21A-4965-8D25-B24BA5F8C7CC.reg (deflated 71%)
adding: backregs/46084B2C-8143-4AF9-A130-97563BBBF34D.reg (deflated 69%)


voici le
Logfile of HijackThis v1.99.1
Scan saved at 23:21:14, on 22/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\souhila_2\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SOUHIL~1\LOCALS~1\Temp\sp.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\System32\ssqpo.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awvss.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: FOLDER.HTT
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: FOLDER.HTT
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Validate XML - C:\WINDOWS\web\msxmlval.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: View XSL Output - C:\WINDOWS\web\msxmlvw.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://195.225.176.32/e/8/jpg+chm//x.chm::/open.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C851AEA1-6E61-4A67-8254-2D621E2B23A1}: NameServer = 80.118.196.40 80.118.192.110
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvss - C:\WINDOWS\SYSTEM32\awvss.dll
O20 - Winlogon Notify: mllij - C:\WINDOWS\System32\mllij.dll (file missing)
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\fp2003fme.dll (file missing)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\en46l1hs1.dll (file missing)
O20 - Winlogon Notify: ssqpo - C:\WINDOWS\System32\ssqpo.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\nhmssvc.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\d40m0ed1eh0.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\duserver.dll (file missing)
O20 - Winlogon Notify: tustq - tustq.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\en2ul1f91.dll (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

22 Janvier 2006 23:47:29

je ne sais pas si tout est OK! mais je croix que ça a marché.
merci beaucoup pour votre aide.
;-)
22 Janvier 2006 23:50:18

Bien, on progresse.

Maintenant, télécharge DelDomain.inf
http://www.mvps.org/winhelp2002/restricted.htm
clic droit / Enregistrer la cible sous... Mettre sur le bureau.
Fais un clic droit sur le fichier Del_Domains.inf -->Installer

Refais la manip avec VundoFix.
22 Janvier 2006 23:52:26

Re

Cela a marché pour Look2me, mais il reste une partie de Vundo et d'autres joyeusetés.
23 Janvier 2006 08:09:37

Salut chercheurPCA,
et qu'est ce que je doit faire maintenant?
23 Janvier 2006 09:26:42

Salut,

Tu doit refaire sa :

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
23 Janvier 2006 18:13:17

salut,

VundoFix V4.0

Listing files found while scanning....

C:\WINDOWS\System32\tustq.dll
C:\WINDOWS\System32\awvss.dll
C:\WINDOWS\System32\ssqpo.dll
C:\WINDOWS\System32\opqss.ini
C:\WINDOWS\System32\opqss.bak1
C:\WINDOWS\System32\opqss.bak2
C:\WINDOWS\System32\opqss.ini2

C:\WINDOWS\SYSTEM32\opqss.bak1
C:\WINDOWS\SYSTEM32\opqss.bak2
C:\WINDOWS\SYSTEM32\opqss.ini
C:\WINDOWS\SYSTEM32\opqss.ini2
C:\WINDOWS\SYSTEM32\ssqpo.dll
C:\WINDOWS\SYSTEM32\jillm.bak1
C:\WINDOWS\SYSTEM32\jillm.bak2
C:\WINDOWS\SYSTEM32\jillm.tmp
C:\WINDOWS\SYSTEM32\jillm.ini
C:\WINDOWS\SYSTEM32\jillm.ini2
Attempting to delete C:\WINDOWS\System32\awvss.dll
C:\WINDOWS\System32\awvss.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\ssqpo.dll
C:\WINDOWS\System32\ssqpo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\opqss.ini
C:\WINDOWS\System32\opqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\opqss.bak1
C:\WINDOWS\System32\opqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\opqss.bak2
C:\WINDOWS\System32\opqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\opqss.ini2
C:\WINDOWS\System32\opqss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssqpo.dll
C:\WINDOWS\SYSTEM32\ssqpo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\jillm.bak1
C:\WINDOWS\SYSTEM32\jillm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jillm.bak2
C:\WINDOWS\SYSTEM32\jillm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jillm.tmp
C:\WINDOWS\SYSTEM32\jillm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jillm.ini
C:\WINDOWS\SYSTEM32\jillm.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jillm.ini2
C:\WINDOWS\SYSTEM32\jillm.ini2 Has been deleted!

Performing Repairs to the registry.
Done!
VundoFix V4.0

Listing files found while scanning....

C:\WINDOWS\system32\awvss.dll
C:\WINDOWS\System32\ssqpo.dll
C:\WINDOWS\System32\opqss.ini

Attempting to delete C:\WINDOWS\system32\awvss.dll
C:\WINDOWS\system32\awvss.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\ssqpo.dll
C:\WINDOWS\System32\ssqpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\opqss.ini
C:\WINDOWS\System32\opqss.ini Has been deleted!

Performing Repairs to the registry.
Done!


et voici le
Logfile of HijackThis v1.99.1
Scan saved at 18:13:44, on 23/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\souhila_2\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SOUHIL~1\LOCALS~1\Temp\sp.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: FOLDER.HTT
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: FOLDER.HTT
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Validate XML - C:\WINDOWS\web\msxmlval.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: View XSL Output - C:\WINDOWS\web\msxmlvw.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://195.225.176.32/e/8/jpg+chm//x.chm::/open.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C851AEA1-6E61-4A67-8254-2D621E2B23A1}: NameServer = 80.118.196.40 80.118.192.110
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mllij - C:\WINDOWS\System32\mllij.dll (file missing)
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\fp2003fme.dll (file missing)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\en46l1hs1.dll (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\nhmssvc.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\d40m0ed1eh0.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\duserver.dll (file missing)
O20 - Winlogon Notify: tustq - tustq.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\en2ul1f91.dll (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

23 Janvier 2006 21:12:52

On progresse.

1 Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.

3 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :

Butterfly --> C'est un écran de veille vérolé. Le nom est peut être plus long.

4 Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SOUHIL~1\LOCALS~1\Temp\sp.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - blank (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://195.225.176.32/e/8/jpg+chm//x.chm::/open.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O20 - Winlogon Notify: mllij - C:\WINDOWS\System32\mllij.dll (file missing)
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\fp2003fme.dll (file missing)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\en46l1hs1.dll (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\nhmssvc.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\d40m0ed1eh0.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\duserver.dll (file missing)
O20 - Winlogon Notify: tustq - tustq.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\en2ul1f91.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

5 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

6 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Program Files\Butterfly
C:\WINDOWS\System32\nfomon
C:\WINDOWS\System32\vidmon

7 Lance le nettoyage avec CCleaner.

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

8 Redémarre normalement et poste un nouveau log HijackThis.
23 Janvier 2006 23:16:22

ok, je vais faire ça.
à tte
23 Janvier 2006 23:51:45

voila le
Logfile of HijackThis v1.99.1
Scan saved at 23:47:16, on 23/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\souhila_2\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: FOLDER.HTT
O4 - Global Startup: FOLDER.HTT
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Validate XML - C:\WINDOWS\web\msxmlval.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: View XSL Output - C:\WINDOWS\web\msxmlvw.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

par contre j'ai pas trouvé dans Ajout-Suppression de programmes : Butterfly

merci encore, on dirait que mon Pc est bon pour y aller à la poubelle
5 Avril 2007 11:26:21

Bonjour,

j'ai un problème de pop-up sur mozilla. Des fenetres s'ouvrent sans arret depuis quelques jours...

Je vous poste mon rapport Hijack, pitié, aidez moi !!! ;) 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:17:45, on 05/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Seb\Bureau\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} (Gif89 xLite Class) - http://192.168.0.121/xplugxLiteTW.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://192.168.0.120:8080/plugin/h263ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA944D9E-E63F-4080-A625-0E2012AF83AC}: NameServer = 213.228.0.23,212.27.39.1
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 7937 bytes
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS