Se connecter / S'enregistrer
Votre question

[Résolu...enfin]Encore le dialer Italien... J'arrive pas à m'en défaire

Tags :
  • Système d'exploitation
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Juillet 2006 08:39:41

Bonjour à tous

j'ai un souci avec le fameux dialer Italien, ou une de ses variantes, et j'arrive pas à m'en défaire...

Merci de votre aide.

Voici le rapport en ligne de Kaspersky.

Je poste tout à l'heure ewido...

Au passage, je n'ai pas réussi à trouver les 2 cases d'ewido a décocher....

merci de votre aide.

Lx

Edit : suivi des rapports ewido et Hijackthis



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER - RAPPORT
mercredi 5 juillet 2006 17:23:45
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Version de Kaspersky On-line Scanner: 5.0.78.0
Dernière mise à jour de la base antivirus Kaspersky : 5/07/2006
Enregistrements dans la base antivirus Kaspersky : 204808
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie.: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\

Statistiques de l'analyse:
Total d'objets analysés :: 74429
Nombre de virus trouvés: 1
Nombre d'objets infectés: 13
Nombre d'objets suspects: 0
Durée de l'analyse: 01:25:27

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Ancea\Local Settings\Temporary Internet Files\Content.IE5\C1QFSHIJ\srvbxw[1].exe Infecté: Packed.Win32.Klone.g ignoré
C:\Documents and Settings\Ancea\Local Settings\Temporary Internet Files\Content.IE5\CD2RG56V\srvarr[1].exe Infecté: Packed.Win32.Klone.g ignoré
C:\Documents and Settings\Ancea\Local Settings\Temporary Internet Files\Content.IE5\CD2RG56V\srvwfy[1].exe Infecté: Packed.Win32.Klone.g ignoré
C:\Documents and Settings\Ancea\Local Settings\Temporary Internet Files\Content.IE5\S567W9MN\srvoeh[1].exe Infecté: Packed.Win32.Klone.g ignoré
C:\Documents and Settings\Ancea\Local Settings\Temporary Internet Files\Content.IE5\W9MZ01ER\srvkjb[1].exe Infecté: Packed.Win32.Klone.g ignoré
C:\WINDOWS\SYSTEM32\winxia32.dll Infecté: Packed.Win32.Klone.g ignoré
C:\WINDOWS\Temp\idd1BF4.tmp.exe Infecté: Packed.Win32.Klone.g ignoré
C:\WINDOWS\Temp\idd4295.tmp.exe Infecté: Packed.Win32.Klone.g ignoré
C:\WINDOWS\Temp\win1BF0.tmp.exe Infecté: Packed.Win32.Klone.g ignoré
C:\WINDOWS\Temp\win1C.tmp.exe Infecté: Packed.Win32.Klone.g ignoré
C:\WINDOWS\Temp\win30.tmp.exe Infecté: Packed.Win32.Klone.g ignoré
C:\WINDOWS\Temp\win41.tmp.exe Infecté: Packed.Win32.Klone.g ignoré
C:\WINDOWS\Temp\win427A.tmp.exe Infecté: Packed.Win32.Klone.g ignoré

Analyse terminée.


------------------------------------------------------------------------------------


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 01:52:47 06/07/2006

+ Scan result:



:mozilla.14:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.16:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.18:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.17:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.26:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.46:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.19:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.21:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.22:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Ancea\Cookies\ancea@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.66:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.15:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.8:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Ancea\Cookies\ancea@weborama[1].txt -> TrackingCookie.Weborama : No action taken.


::Report end


----------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 08:35:54, on 06/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AdBackup\ooservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\NTR Global\NTRconnect\NTRconnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WDC\SetIcon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\QKSMTP~2\QKSmtpServer3.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AdBackup\oointray.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Documents and Settings\Ancea\Bureau\progs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QKSMTPServer] C:\Program Files\QK SMTP Server\smtpserver.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [QKSMTPServer3] C:\PROGRA~1\QKSMTP~2\QKSmtpServer3.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AtomSync] "C:\Program Files\AtomSync\atomsync.exe"
O4 - Startup: AdBackup.lnk = C:\Program Files\AdBackup\oointray.exe
O4 - Startup: Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
O4 - Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O4 - Global Startup: AdBackup.lnk = C:\Program Files\AdBackup\oointray.exe
O4 - Global Startup: Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.h

Autres pages sur : resolu dialer italien arrive defaire

6 Juillet 2006 11:09:53

Bonjour

1 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

2 Relance un scan HijackThis et coche les lignes ci-dessous :

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {F11BFF96-CC7A-4482-819B-91EAE4C454EF} (NTR ActiveX 1.1.6) - http://www.inquiero.com/inquiero/mod/setup/ntractivex11...

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

3 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

4 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\WINDOWS\SYSTEM32\winxia32.dll
C:\WINDOWS\Temp\ <-- Tout son contenu
C:\Documents and Settings\Ancea\Local Settings\Temporary Internet Files\Content.IE5\C1QFSHIJ
C:\Documents and Settings\Ancea\Local Settings\Temporary Internet Files\Content.IE5\CD2RG56V
C:\Documents and Settings\Ancea\Local Settings\Temporary Internet Files\Content.IE5\S567W9MN
C:\Documents and Settings\Ancea\Local Settings\Temporary Internet Files\Content.IE5\W9MZ01ER

5 Lance le nettoyage avec CCleaner.

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

6 Lance Ewido.
Clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan.
A la fin du scan, choisis l'option " Apply All Actions " en bas. Puis, Yes pour mettre en quarantaine.
Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit facile à retrouver.

7 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'Ewido.
6 Juillet 2006 17:05:17

Merci de ton aide.

Voici le log Hijack et ewido (y'en a plusieurs suite à qq erreurs de manipulation ;) )


Pour précision, j'ai encore une merde... Quand je lance firefox, une fenetre IE s'ouvre, sans rien dedans mais comme titre : http://fr.winantivirus.com - error detected

Avant de faire tes manips, j'avais ce popup avec des liens pour DL des antivirus, antispy et autres conneries...

Merci

Lx




Logfile of HijackThis v1.99.1
Scan saved at 17:01:06, on 06/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AdBackup\ooservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\NTR Global\NTRconnect\NTRconnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\QKSMTP~2\QKSmtpServer3.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AdBackup\oointray.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ancea\Bureau\progs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [QKSMTPServer3] C:\PROGRA~1\QKSMTP~2\QKSmtpServer3.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AtomSync] "C:\Program Files\AtomSync\atomsync.exe"
O4 - Startup: AdBackup.lnk = C:\Program Files\AdBackup\oointray.exe
O4 - Startup: Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
O4 - Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O4 - Global Startup: AdBackup.lnk = C:\Program Files\AdBackup\oointray.exe
O4 - Global Startup: Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {F11BFF96-CC7A-4482-819B-91EAE4C454EF} (NTR ActiveX 1.1.6) - https://www.ntrconnect.com/main/mod/setup/ntractivex116...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AdBackup (adbackup) - Unknown owner - C:\PROGRA~1\AdBackup\ooservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NTRconnect - Net Transmit & Receive - C:\Program Files\NTR Global\NTRconnect\NTRconnect.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe




---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:51:31 06/07/2006

+ Scan result:



:mozilla.42:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.43:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.41:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.35:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.36:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.37:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.21:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.19:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.20:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.49:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.50:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.51:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Weborama : No action taken.


::Report end

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 01:52:47 06/07/2006

+ Scan result:



:mozilla.14:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.16:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.18:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.17:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.26:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.46:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.19:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.21:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.22:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Ancea\Cookies\ancea@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.66:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.15:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.8:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Ancea\Cookies\ancea@weborama[1].txt -> TrackingCookie.Weborama : No action taken.


::Report end

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:39:39 06/07/2006

+ Scan result:



:mozilla.14:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.13:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.


::Report end

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:36:47 06/07/2006

+ Scan result:



:mozilla.21:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.35:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.28:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.29:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.30:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.36:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.37:C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.


::Report end

a b 8 Sécurité
6 Juillet 2006 17:08:52

Bonjour,

Avec Internet Explorer
Fais un scan en ligne Panda
- Clique sur " Scan your PC "
- Ensuite sur " Check Now "
- /!\ Clique en bas sur " I don't Accept "
Entre ton adresse e-mail puis commence le scan
- Poste le rapport en fin d'analyse
Si tu as Avast! désactive-le lors du scan

6 Juillet 2006 18:07:42

Aie Aie AIe, il me trouve des trucs !!!!


bon, les gateaux on s'en balance, par contre w32 bagle, normal ou pas???

edit : Pff faut vraiment que je lise tout. A priori c'est du tout bon non? c'était smitfraudfix....

Merci de votre aide



Incident Status Location

Spyware:spyware/cws.olehelp Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\cookies.txt[.tradedoubler.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ancea\Bureau\progs\SmitfraudFix\Process.exe
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Ancea\Bureau\progs\SmitfraudFix.zip
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ancea\Cookies\ancea@xiti[1].txt


a b 8 Sécurité
6 Juillet 2006 18:11:48

Cookies-> pas important

Télécharge RegSearch
Dézippe-le sur ton bureau
Lance l'application
Tape olehelp puis valide
Copie/Colle le contenu du Bloc-Notes ici
6 Juillet 2006 18:26:39

A priori rien....

Ps : pas mal ce prog... et moi qui passait tt le temps par regedit...

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 06/07/2006 18:24:36 for strings:
; 'olehelp'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
a b 8 Sécurité
6 Juillet 2006 18:31:29

Rien.

Pour Bagle c'est un faux positif de Panda qui detecte Smitfraudfix comme infectieux (alors qu'il ne l'est pas)
6 Juillet 2006 18:32:22

Merci de votre aide, a priori ce serait réglé....

Par contre, je ne peux plus synchronisé mon pda??? j'ai le message suivant, je fait un nouveau post??

"la synchronisation ne peut pas démarrer car vous ne pouvez pas vous connecter au réseau et accéder aux informations...."

merci.

Lx


EDIT : Non, pas réglé, j'ai une fenetre AMANEA qui s'est ouvert !!!!
a b 8 Sécurité
6 Juillet 2006 18:40:56

Nouveau sujet mais pas dans cette section
6 Juillet 2006 18:44:30

Oki,

je sais pas si t'as vu, mais j'ai encore amanea qui se balade!!!!
a b 8 Sécurité
6 Juillet 2006 18:52:32

On va essayer autrement :

Étape 1:
Télécharge eScan Antivirus Toolkit ici. Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

Étape 2:
Voici comment mettre l'outil à jour :

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer.

Ne pas lancer le scan tout de suite !

Étape 3:
Redémarre en mode Sans Échec

Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.

3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
6 Juillet 2006 19:24:50

J'arrive pas a dézipper le fichier.... apparement y'aurait des erreurs....

Je l'ai re DL sous IE, idem.

Une autre source?
a b 8 Sécurité
6 Juillet 2006 19:30:59

On fait autrement :

Étape 1:

  • Crée un dossier que tu vas nommer Sysclean Package dans C:\Program Files par exemple.

  • Désactive, le temps de la procédure, tous les contrôleurs d'intégrité
    (si présents) comme le tea timer de Spybot, Process Guard, Hanti hook,
    Winpooch, etc..
  • Note: Les possesseurs d'Avast antivirus ne doivent pas utiliser Sysclean autrement qu'en mode sans échec car Avast considère sysclean.com comme infecté par le virus VBS:Redlof !!Pour scanner le pc en mode normal(en cas de problème pour accéder au mode sans échec) il faudra désactiver Avast le temps du scan pour éviter tout conflit.(cette remarque peut être valable pour d'autres antivirus!)

    Étape 2:

  • Télécharge Sysclean Package et enregistre le dans le dossier que tu viens de créer.

    Étape 3: Mise à jour.

  • Rends toi à la page suivante:Controlled Pattern Release,et accepte le disclaimer en cliquant sur I Accept.

  • Une nouvelle fenêtre vas s'ouvrir:télécharge le fichier nommé lptXXX.zip (ou X représente la version du fichier,c'est le premier de la liste.),et dézippe le dans le dossier que tu viens de créer.

    Étape 4:

  • Redémarre le PC, impérativement en mode sans échec,(au démarrage, tapoter immédiatement la touche F8,puis apparaitra un écran avec choix de démarrages : choisir "Mode sans échec" avec les flèches du clavier, puis valider avec "Entrée".)
    Choisir le compte usuel (et non Administrateur).
    En cas de problème , appliquer la procédure de Symantec
    "Comment démarrer l'ordinateur en mode sans échec"
  • Étape 5:

    Comment utiliser Trend Micro Sysclean Package :

  • Lance le fichier "Sysclean" par un double clic. Une fenêtre nommée "Trend Micro Sysclean Package" va s'ouvrir.
  • coche la case "Automatically clean or delete detected files"
  • Clique sur le bouton Scan
  • Patiente le scan peut prendre du temps!
  • Une fois le scan terminé, clique sur le bouton View Log .Sauvegarde le rapport au format texte qui a été généré.
  • Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
  • " target="_blank">

    Étape 5:

    Comment utiliser Trend Micro Sysclean Package :

  • Lance le fichier "Sysclean" par un double clic. Une fenêtre nommée "Trend Micro Sysclean Package" va s'ouvrir.
  • coche la case "Automatically clean or delete detected files"
  • Clique sur le bouton Scan
  • Patiente le scan peut prendre du temps!
  • Une fois le scan terminé, clique sur le bouton View Log .Sauvegarde le rapport au format texte qui a été généré.
  • Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
    6 Juillet 2006 19:36:07

    Moi aussi j'ai cette merde de dialer italien (et ce, sans même avoir été sur un site douteux, seulement avec ses p***** de pubs de m**** qui saccagent mon écran, alors que j'ai activé le bloqueur de pop-ups !!! :evil: 

    J'ai lu tout ce topic et fait des recherches, et j'ai remarqué que les fichiers incriminés se ressemblent tous (soit un fichier "win***32.dll" dans system32, à la ligne O20 du rapport. Seulement j'ai autre chose, qui selon une recherche fait parti du processus E2G que j'arrive jamais à effacer complètement. Donc j'aimerais savoir que faire pour bouziller E2G et surtout ce ####ing Dialer de mes deux !!! Merci.

    Logfile of HijackThis v1.99.1
    Scan saved at 19:34:51, on 06/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Belkin\F5D7051\WLService.exe
    C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOINTGR.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\David Pierre\Application Data\??mbols\w?auboot.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\CURITY~1\msdtc.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Sony\ACID Pro 6.0\acid60.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\David Pierre\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
    O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
    O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [kpx] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fastRX.dll DllInitApp
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sra] "C:\PROGRA~1\CURITY~1\msdtc.exe" -vt tzt
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - shdocvw.dll (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Shdocvw.dll (file missing)
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing)
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridg...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.media-motor.net/cabs/joysaver.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: inicfg32.dll,iniwin32.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\system32\MRobeService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    a b 8 Sécurité
    6 Juillet 2006 19:37:13

    Cree ton propre sujet....
    6 Juillet 2006 19:38:32

    OK. Mais ça serait mieux d'éviter de créer 40000 topics sur le même truc...
    a b 8 Sécurité
    6 Juillet 2006 19:40:04

    Oui mais :

    1/ Vos cas sont completement differents
    2/ On a pas fini d'aider cette personne !

    Sinon c'est le bronx !

    Merci :-D
    6 Juillet 2006 19:47:56

    Vous battez pas pour moi ;) 

    Bon, le scan est en cour....

    un truc marrant aussi. Depuis que j'ai choppé ce dialer, impossible de booter en mode sans échec, explorer.exe s'arrete à chaque fois, je suis donc obliger de lancer tous les progs par le gestionnaire des tache.
    Idem en mode sans echec avec connexion réseau, sauf que dans ce cas précis, je tue le processus zcfgsvc.exe et là, explorer se charge... Bizarre non??

    Mon pc par en couille, et c'est mon pc professionel.... je crois bien que mon WE va se partager entre une réinstallation et le foot... et moi qui voulait me faire une petite virée en becanne...
    6 Juillet 2006 21:26:35

    Le scan est fait, et j'ai bien l'impression que y'a rien de plus....




    /--------------------------------------------------------------\
    | Trend Micro Sysclean Package |
    | Copyright 2002, Trend Micro, Inc. |
    | http://www.trendmicro.com |
    \--------------------------------------------------------------/


    2006-07-06, 19:44:27, Auto-clean mode specified.
    2006-07-06, 19:44:27, Running scanner "C:\Documents and Settings\Ancea\Bureau\Sysclean Package\TSC.BIN"...
    2006-07-06, 19:44:38, Scanner "C:\Documents and Settings\Ancea\Bureau\Sysclean Package\TSC.BIN" has finished running.
    2006-07-06, 19:44:38, TSC Log:

    Damage Cleanup Engine (DCE) 3.98(Build 1012)
    Windows XP(Build 2600: Service Pack 2)

    Start time : jeu. juil. 06 2006 19:44:27

    Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Ancea\Bureau\Sysclean Package\tsc.ptn" (version 756) [success]

    Complete time : jeu. juil. 06 2006 19:44:38
    Execute pattern count(2883), Virus found count(0), Virus clean count(0), Clean failed count(0)

    2006-07-06, 19:45:27, An error occurred while scanning file "C:\Documents and Settings\Ancea\NTUSER.DAT": Accès refusé.
    2006-07-06, 19:45:27, An error occurred while scanning file "C:\Documents and Settings\Ancea\ntuser.dat.LOG": Accès refusé.
    2006-07-06, 19:45:48, An error occurred while scanning file "C:\Documents and Settings\Ancea\Application Data\Mozilla\Firefox\Profiles\ggxiaa7q.default\parent.lock": Accès refusé.
    2006-07-06, 19:50:12, An error occurred while scanning file "C:\Documents and Settings\Ancea\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Accès refusé.
    2006-07-06, 19:50:12, An error occurred while scanning file "C:\Documents and Settings\Ancea\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Accès refusé.
    2006-07-06, 20:24:28, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Accès refusé.
    2006-07-06, 20:24:28, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Accès refusé.
    2006-07-06, 20:24:28, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Accès refusé.
    2006-07-06, 20:24:28, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Accès refusé.
    2006-07-06, 20:24:28, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Accès refusé.
    2006-07-06, 20:24:28, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Accès refusé.
    2006-07-06, 20:24:28, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Accès refusé.
    2006-07-06, 20:24:28, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Accès refusé.
    2006-07-06, 20:37:37, An error was detected on "C:\System Volume Information\*.*": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\1XCONFIG.EXE-0CD0AEB5.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ACROBAT.EXE-1CFE1BFF.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ACROBATINFO.EXE-16C4625C.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ACROTRAY.EXE-1B1306BB.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2273CD4F.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ADOBELMSVC.EXE-1FC5ACB3.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ADOBELM_CLEANUP.0001-2C027CD1.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\APNTEX.EXE-07D7E94A.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\APOINT.EXE-03E36C22.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ASHDISP.EXE-310C231B.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ASHMAISV.EXE-072F6A23.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ASHWEBSV.EXE-3530B302.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\AT.EXE-02A43BFA.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ATI2EVXX.EXE-07A42849.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ATIPRBXX.EXE-2DA84FA2.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ATIPTAXX.EXE-19794D05.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ATOMSYNC.EXE-2E282CD2.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\AU_.EXE-03E14C1F.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\AVAST.SETUP-295443AF.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\BSPLAYER.EXE-1EDD2104.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\CALC.EXE-02A5B4B1.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\CAP3LAK.EXE-12711D8D.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\CAP3ONN.EXE-0E168249.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\CAP3SWK.EXE-335C9D57.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\CCLEANER.EXE-09CFC2BC.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-24FBF8B3.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\CSCRIPT.EXE-0A13A05C.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-10765235.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\DKICON.EXE-21478E5F.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\DLBKBMGR.EXE-15977CEF.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\DLBKBMON.EXE-01F67CAE.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\DMXLAUNCHER.EXE-268192CB.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\DVDLAUNCHER.EXE-1E7A529B.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\DW20.EXE-0A0B1C6C.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SETUP_4.0.0.172B.EXE-1859A2EC.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SETUP_4.0.0.172B.EXE-3AE4495D.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO.EXE-0A84FA31.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\EXCEL.EXE-2055DCA9.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\FILEZILLA.EXE-112D49FC.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\FIND.EXE-0EEAD1A7.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\FINDSTR.EXE-1A4FC238.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-06188868.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-2A1B96AB.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\GUARD.EXE-003FEB06.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\HIDFIND.EXE-2AB9133C.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-2321B31A.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IDD1BF4.TMP.EXE-33B5E68F.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IDD31.TMP.EXE-21CF4D25.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IDD42.TMP.EXE-28DA180A.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IDD4295.TMP.EXE-19540F7E.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IDD74.TMP.EXE-084824B4.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IDD7838.TMP.EXE-19615F3D.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IDD787E.TMP.EXE-2E4853B4.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IDD788C.TMP.EXE-0E757044.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IDDC.TMP.EXE-3410554C.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IEMAXIMIZER.EXE-3957174C.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IFRMEWRK.EXE-02DE6F7E.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\IPODSERVICE.EXE-37043579.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-0A1B0F2C.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-2A1A87DD.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\KHALMNPR.EXE-39603A2C.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\LOOK2ME-DESTROYER.EXE-0C7CB20E.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\MSGPLUS.EXE-01F242CB.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-3744B6D8.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROCHECK.EXE-30941580.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-2DAE2DE6.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\OOBCKMGR.EXE-02FFED30.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\OOINTRAY.EXE-10029633.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-29875EE0.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\QKSMTPSERVER3.EXE-16291245.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\QUICKPAR.EXE-3822D4F5.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\QUICKSET.EXE-0D149022.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\RAPIMGR.EXE-39CC982A.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-419F288A.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4AD267A7.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B9772A4.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-51D0BD97.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-52502EA1.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-526C53E1.pf": Accès refusé.
    2006-07-06, 20:40:23, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-6B0D836C.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-741EA7C2.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-765F9E2B.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\SETICON.EXE-38178CAB.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.OVR-1ABDA79A.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\SKYPE.EXE-2EAF99A0.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1702AD5F.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\SRCHSTS.EXE-02FA8F89.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINSTALL.EXE-2DEC0074.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\UNLOCKER.EXE-089987B9.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\UNLOCKERASSISTANT.EXE-30E0AA94.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WCESCOMM.EXE-0A633BD4.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WCESMGR.EXE-251E5666.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WDBTNMGR.EXE-2DAD3A0B.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WIN1BF0.TMP.EXE-0B5823FF.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WIN30.TMP.EXE-371ACE22.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WIN41.TMP.EXE-138E970D.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WIN427A.TMP.EXE-05D23C1C.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WIN73.TMP.EXE-1D93A5B1.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WIN7837.TMP.EXE-04C114FB.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WIN787D.TMP.EXE-33879879.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WIN788B.TMP.EXE-18850F81.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WINB.TMP.EXE-397CDE00.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-33AEA629.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WIZIWYGXP.EXE-1B5673A4.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIAPSRV.EXE-02740A4B.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf": Accès refusé.
    2006-07-06, 20:40:24, Could not set file for reading on "C:\WINDOWS\Prefetch\ZCFGSVC.EXE-3A532485.pf": Accès refusé.
    2006-07-06, 20:41:40, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT": Accès refusé.
    2006-07-06, 20:41:40, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG": Accès refusé.
    2006-07-06, 20:41:40, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM": Accès refusé.
    2006-07-06, 20:41:40, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG": Accès refusé.
    2006-07-06, 20:41:40, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY": Accès refusé.
    2006-07-06, 20:41:40, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG": Accès refusé.
    2006-07-06, 20:41:40, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE": Accès refusé.
    2006-07-06, 20:41:40, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG": Accès refusé.
    2006-07-06, 20:41:40, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM": Accès refusé.
    2006-07-06, 20:41:40, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG": Accès refusé.
    2006-07-06, 20:41:52, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys": Accès refusé.
    2006-07-06, 20:41:52, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\DRIVERS\sptd2509.sys": Accès refusé.
    2006-07-06, 20:42:25, Running scanner "C:\Documents and Settings\Ancea\Bureau\Sysclean Package\VSCANTM.BIN"...
    2006-07-06, 21:09:35, Files Detected:
    Copyright (c) 1990 - 2004 Trend Micro Inc.
    Report Date : 7/6/2006 20:42:26
    VSAPI Engine Version : 8.000-1001
    VSCANTM Version : 1.1-1001
    Virus Pattern Version : 554 (118855 Patterns) (2006/07/06) (355405)
    Command Line: C:\Documents and Settings\Ancea\Bureau\Sysclean Package\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Ancea\Bureau\Sysclean Package

    73782 files have been read.
    73782 files have been checked.
    66588 files have been scanned.
    125719 files have been scanned. (including files in archived)
    0 files containing viruses.
    Found 0 viruses totally.
    Maybe 0 viruses totally.
    Stop At : 7/6/2006 21:09:35
    ---------*---------*---------*---------*---------*---------*---------*---------*
    2006-07-06, 21:09:35, Files Clean:
    Copyright (c) 1990 - 2004 Trend Micro Inc.
    Report Date : 7/6/2006 20:42:26
    VSAPI Engine Version : 8.000-1001
    VSCANTM Version : 1.1-1001
    Virus Pattern Version : 554 (118855 Patterns) (2006/07/06) (355405)
    Command Line: C:\Documents and Settings\Ancea\Bureau\Sysclean Package\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Ancea\Bureau\Sysclean Package

    73782 files have been read.
    73782 files have been checked.
    66588 files have been scanned.
    125719 files have been scanned. (including files in archived)
    0 files containing viruses.
    Found 0 viruses totally.
    Maybe 0 viruses totally.
    Stop At : 7/6/2006 21:09:35 27 minutes 8 seconds (1627.84 seconds) has elapsed.

    ---------*---------*---------*---------*---------*---------*---------*---------*
    2006-07-06, 21:09:35, Clean Fail:
    Copyright (c) 1990 - 2004 Trend Micro Inc.
    Report Date : 7/6/2006 20:42:26
    VSAPI Engine Version : 8.000-1001
    VSCANTM Version : 1.1-1001
    Virus Pattern Version : 554 (118855 Patterns) (2006/07/06) (355405)
    Command Line: C:\Documents and Settings\Ancea\Bureau\Sysclean Package\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Ancea\Bureau\Sysclean Package

    73782 files have been read.
    73782 files have been checked.
    66588 files have been scanned.
    125719 files have been scanned. (including files in archived)
    0 files containing viruses.
    Found 0 viruses totally.
    Maybe 0 viruses totally.
    Stop At : 7/6/2006 21:09:35 27 minutes 8 seconds (1627.84 seconds) has elapsed.

    ---------*---------*---------*---------*---------*---------*---------*---------*
    2006-07-06, 21:09:35, Scanner "C:\Documents and Settings\Ancea\Bureau\Sysclean Package\VSCANTM.BIN" has finished running.
    a b 8 Sécurité
    6 Juillet 2006 21:27:50

    Pas de virus... (smiley qui se gratte la tete)

    T'as essaye FireFox ?
    6 Juillet 2006 22:03:33

    Je roule sous Firefox.... Mais IE s'ouvre sur cette page de M.... dès que j'ouvre l'explorateur windows... mais des fois aussi comme ca, tout seul...

    Une idée????

    Pour Activsync... résolu....

    J'ai du bidouiller un peu outlook et le .pst...
    ca remarche ;) 
    7 Juillet 2006 01:01:24

    Bonjour

    Pour trouver la faille.

    Télécharges Lopxp.zip
    http://pageperso.aol.fr/balltrap34/lopxp.zip
    Dézippes le sur le Bureau
    Lances le fichier lopxp.bat

    Postes le rapport.

    Et.

    Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.
    https://europe.f-secure.com/blacklight/try.shtml
    Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

    Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse.
    7 Juillet 2006 08:59:28

    LOL, on va peut être trouver....

    Voilà les deux rapports :

    Pour le premier, je sais pas lire....
    Pour le second, rien de trouvé...

    Merci



    Rapport fait à 8:52:08,93 le 07/07/2006

    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 78C7-3717

    R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

    05/07/2006 11:16 62 DESKTOP.INI
    05/07/2006 11:16 <REP> Identities
    05/07/2006 11:16 <REP> Intel
    05/07/2006 11:16 <REP> Jasc Software Inc
    05/07/2006 11:16 <REP> Microsoft
    05/07/2006 11:16 <REP> Sonic
    05/07/2006 11:16 <REP> .
    05/07/2006 11:16 <REP> ..
    05/07/2006 11:16 <REP> Sun
    05/07/2006 11:16 <REP> You've Got Pictures Screensaver
    1 fichier(s) 62 octets
    9 R‚p(s) 14373539840 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 78C7-3717

    R‚pertoire de C:\Documents and Settings\All Users\Application Data

    29/06/2006 23:31 <REP> Windows Genuine Advantage
    23/04/2006 18:41 <REP> ACD Systems
    25/03/2006 10:39 <REP> STOPzilla!
    22/03/2006 00:02 1350 QTSBandwidthCache
    11/03/2006 23:39 <REP> Retrospect
    27/02/2006 23:32 <REP> Messenger Plus!
    24/01/2006 01:11 <REP> DVD Shrink
    21/01/2006 01:57 <REP> Apple Computer
    07/01/2006 03:40 <REP> Skype
    30/11/2005 14:08 <REP> Adobe Systems
    14/09/2005 14:11 <REP> MSScanAppDataDir
    23/05/2005 12:22 <REP> Spybot - Search & Destroy
    23/05/2005 11:56 <REP> Symantec
    26/04/2005 13:01 <REP> InstallShield
    26/04/2005 12:58 <REP> McAfee.com
    26/04/2005 12:58 <REP> Adobe
    26/04/2005 12:57 <REP> QuickTime
    26/04/2005 12:56 <REP> AOL
    26/04/2005 12:54 4 QSLLPSVCShare
    26/04/2005 12:53 <REP> Intel
    26/04/2005 12:21 <REP> Microsoft
    26/04/2005 12:21 <REP> ..
    26/04/2005 12:21 <REP> .
    26/04/2005 12:21 <REP> SBSI
    20/08/2004 11:30 62 DESKTOP.INI
    3 fichier(s) 1416 octets
    22 R‚p(s) 14373539840 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 78C7-3717

    R‚pertoire de C:\Documents and Settings\Ancea\Application Data

    23/04/2006 18:44 <REP> ACD Systems
    15/04/2006 19:16 <REP> Nullriver
    14/04/2006 01:26 <REP> Goto Software
    03/04/2006 00:40 <REP> Genie-Soft
    02/04/2006 03:29 <REP> vlc
    31/03/2006 15:15 <REP> ntr
    04/03/2006 21:42 <REP> OpenOffice.org2
    21/02/2006 19:17 <REP> Google
    22/01/2006 00:28 <REP> Logitech
    21/01/2006 01:59 <REP> Apple Computer
    17/01/2006 18:43 2508 $_hpcst$.hpc
    09/01/2006 13:32 <REP> Druide
    07/01/2006 03:40 <REP> Skype
    07/01/2006 03:25 <REP> Talkback
    07/01/2006 03:24 <REP> Mozilla
    27/12/2005 21:38 <REP> AdobeUM
    23/05/2005 12:01 <REP> Leadertech
    23/05/2005 11:57 <REP> Symantec
    23/05/2005 11:49 <REP> Adobe
    06/05/2005 17:53 <REP> Help
    04/05/2005 12:03 <REP> GlobalSCAPE
    02/05/2005 15:09 <REP> Macromedia
    02/05/2005 11:35 <REP> McAfee.com Personal Firewall
    02/05/2005 11:34 62 DESKTOP.INI
    02/05/2005 11:34 <REP> Identities
    02/05/2005 11:34 <REP> Intel
    02/05/2005 11:34 <REP> Jasc Software Inc
    02/05/2005 11:34 <REP> Microsoft
    02/05/2005 11:34 <REP> Sonic
    02/05/2005 11:34 <REP> Sun
    02/05/2005 11:34 <REP> .
    02/05/2005 11:34 <REP> ..
    2 fichier(s) 2570 octets
    30 R‚p(s) 14373539840 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 78C7-3717

    R‚pertoire de C:\Documents and Settings\Default User\Application Data

    02/05/2005 11:34 <REP> Identities
    02/05/2005 11:34 <REP> Intel
    02/05/2005 11:34 <REP> Jasc Software Inc
    02/05/2005 11:34 <REP> Sonic
    02/05/2005 11:34 <REP> Sun
    02/05/2005 11:34 <REP> You've Got Pictures Screensaver
    26/04/2005 12:21 <REP> .
    26/04/2005 12:21 <REP> ..
    26/04/2005 12:21 <REP> Microsoft
    20/08/2004 11:30 62 DESKTOP.INI
    1 fichier(s) 62 octets
    9 R‚p(s) 14373535744 octets libres
    ******************************************
    Recherche des taches planifiées dans C:\WINDOWS\tasks

    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 78C7-3717

    R‚pertoire de C:\WINDOWS\Tasks

    19/04/2006 09:05 444 OEB_Outlook Backup.job
    02/05/2005 11:34 258 Rappel d'abonnement 1 auprŠs de l'ISP.job
    26/04/2005 12:42 6 SA.DAT
    26/04/2005 12:21 <REP> ..
    26/04/2005 12:21 <REP> .
    05/08/2004 13:00 65 DESKTOP.INI
    4 fichier(s) 773 octets
    2 R‚p(s) 14ÿ373ÿ535ÿ744 octets libres

    ******************************************
    Recherche dans Program files

    Le dossier C:\Program Files\C2Media n'existe pas

    *************** Fin du rapport ****************




    07/07/06 08:53:07 [Info]: BlackLight Engine 1.0.42 initialized
    07/07/06 08:53:07 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    07/07/06 08:53:08 [Note]: 7019 4
    07/07/06 08:53:08 [Note]: 7005 0
    07/07/06 08:53:11 [Note]: 7006 0
    07/07/06 08:53:11 [Note]: 7011 1916
    07/07/06 08:53:12 [Note]: 7026 0
    07/07/06 08:53:12 [Note]: 7026 0
    07/07/06 08:53:25 [Note]: FSRAW library version 1.7.1019
    07/07/06 08:58:47 [Note]: 7007 0
    7 Juillet 2006 11:11:35

    Oui, on va trouver.

    Mais pas avec ces deux rapports. Ils n'ont rien trouvés.
    Supprimes Lopxp et BlackLight.


    Télécharge WinPFind
    http://www.bleepingcomputer.com/files/oldtimer/WinPFind...
    dezippe le et lance winpfind.exe
    clic sur Start Scan et soit patient ca peut durer une demi heure
    Poste le rapport
    7 Juillet 2006 13:43:27

    Voila le log.... idem, je sais pas lire... on va voir si y'a quelque chose....

    Autre chose, je l'ai relancé 2 fois car je pensais qu'il avait planté (sablier pour copier coller) à priori il n'a pas planté?

    Merci

    Lx


    VundoFix V5.0.0

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 14:53:40 07/07/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.bak1
    Attempting to delete C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\ssqrr.dll Could not be deleted.

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.ini Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V5.0.0

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 16:34:07 07/07/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.bak1
    Attempting to delete C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\ssqrr.dll Could not be deleted.

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.ini Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!
    a b 8 Sécurité
    7 Juillet 2006 14:04:48

    J'ai l'impression qu'il y a Vundo

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer.
  • Coche Run VundoFix as a task.
  • Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
  • Clique sur le bouton Scan for Vundo.
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo.
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
  • Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
  • Démarre ton PC à nouveau.
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt
    7 Juillet 2006 14:30:58

    Bon, a priori y'avait ca....

    Qu'est ce qu'i t'a mis sur la voie dans le dernier log?

    Merci bcp, j'espère que tout est reglé maintenant!!!

    Lx


    VundoFix V5.0.0

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 14:22:34 07/07/2006

    Listing files found while scanning....


    VundoFix V5.0.0

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 14:23:06 07/07/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak2
    C:\windows\SYSTEM32\rrqss.ini2
    C:\windows\SYSTEM32\rrqss.tmp
    Attempting to delete C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\ssqrr.dll Could not be deleted.

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.ini Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak1 Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak2
    C:\windows\SYSTEM32\rrqss.bak2 Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini2
    C:\windows\SYSTEM32\rrqss.ini2 Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.tmp
    C:\windows\SYSTEM32\rrqss.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!
    a b 8 Sécurité
    7 Juillet 2006 14:41:55

    J'avais raison...pour une fois :-D

    Par contre il resiste :
    C:\windows\SYSTEM32\ssqrr.dll

    Sinon ca s'est ameliore ?
    7 Juillet 2006 14:47:43

    Ben, oui et non.... Bizarrement, la fenetre IE s'ouvre, mais se referme toute seule.... Bizarre bizarre... C'est pas trop génant, mais chiant quand même.....

    Une idée?

    LOL

    Lx
    a b 8 Sécurité
    7 Juillet 2006 14:49:44

    Utilise Firefox :-D
    7 Juillet 2006 15:05:07

    LOL, comme je l'ai dit tout à l'heure, je suis alergique à IE ;)  Je suis donc sous firefox, ce qui n'empèche pas IE de s'ouvrir seul....

    Pour Info, impossible de supprimer le fichier en mode sans echec, unlocker aussi...????

    Une idée pour virer ce parasite?

    Un petit Hijack + vendo fix en mode ss echec.

    Logfile of HijackThis v1.99.1
    Scan saved at 15:00:57, on 07/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AdBackup\ooservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\WDC\SetIcon.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\NTR Global\NTRconnect\NTRconnect.exe
    C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\CAP3RSK.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\PROGRA~1\QKSMTP~2\QKSmtpServer3.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\AdBackup\oointray.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ancea\Bureau\progs\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [QKSMTPServer3] C:\PROGRA~1\QKSMTP~2\QKSmtpServer3.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AtomSync] "C:\Program Files\AtomSync\atomsync.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Startup: AdBackup.lnk = C:\Program Files\AdBackup\oointray.exe
    O4 - Startup: Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
    O4 - Global Startup: AdBackup.lnk = C:\Program Files\AdBackup\oointray.exe
    O4 - Global Startup: Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {F11BFF96-CC7A-4482-819B-91EAE4C454EF} (NTR ActiveX 1.1.6) - https://www.ntrconnect.com/main/mod/setup/ntractivex116...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AdBackup (adbackup) - Unknown owner - C:\PROGRA~1\AdBackup\ooservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: NTRconnect - Net Transmit & Receive - C:\Program Files\NTR Global\NTRconnect\NTRconnect.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



    VundoFix V5.0.0

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 14:22:34 07/07/2006

    Listing files found while scanning....


    VundoFix V5.0.0

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 14:23:06 07/07/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak2
    C:\windows\SYSTEM32\rrqss.ini2
    C:\windows\SYSTEM32\rrqss.tmp
    Attempting to delete C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\ssqrr.dll Could not be deleted.

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.ini Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak1 Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak2
    C:\windows\SYSTEM32\rrqss.bak2 Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini2
    C:\windows\SYSTEM32\rrqss.ini2 Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.tmp
    C:\windows\SYSTEM32\rrqss.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V5.0.0

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 14:53:40 07/07/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.bak1
    Attempting to delete C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\ssqrr.dll Could not be deleted.

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.ini Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!





    Merci de votre aide... c'est vraiment lourd.
    a b 8 Sécurité
    7 Juillet 2006 15:08:16

    Re,

    JE NE GARANTIS RIEN !
    Cree un point de restauration donc

    Télécharge : Pocket KillBox

    Mets le dans un dossier ou sur ton bureau (Clique droit puis Extraire tout)
    Selectionne le texte dans le cadre:

    Citation :
    C:\windows\SYSTEM32\ssqrr.dll


    Clique droit puis Copier.
    ----------

    . Ouvre Killbox.exe
    . Choisis "Delete on reboot"
    . Clique sur "File" et ensuite "Paste from Clipboard"
    . Clique sur All Files
    . Ensuite sur " Unregistrer .dll before Deleting "
    . Clique sur le rond rouge avec une croix blanche.
    . Repond par "oui", ton pc va redemarrer.
    ----------

    Supprime ce dossier : C:\!KillBox
    ----------
    7 Juillet 2006 15:14:38

    Bonjour, j'arrive trop tard on dirait ...:p anolol:
    a b 8 Sécurité
    7 Juillet 2006 15:16:56

    Citation :
    Bonjour, j'arrive trop tard on dirait ...

    Pourquoi ?
    Bienvenue sur l'Espace Secu :-P
    7 Juillet 2006 15:19:24

    Merci beaucoup.

    Non j'ai modifié mon texte mais je disais a peu près la meme chose que toi:p anolol:
    7 Juillet 2006 16:00:17

    Ca marche pas.... j'ai le message suivant qui apparait :

    PendingFileRenameOperations Registry Data has been Removed by external process!

    Que faire???

    Impossible à enlever...et les autres dll reviennent... (enlevés par vundo)

    Bien evidemment, IE continu de s'ouvrir seul....

    Merci
    7 Juillet 2006 16:28:33

    Bien

    Refais un scan avec Vundo pour voir ce qu'il trouve.
    7 Juillet 2006 17:09:52

    Voici le log :


    VundoFix V5.0.0

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 14:22:34 07/07/2006

    Listing files found while scanning....


    VundoFix V5.0.0

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 14:23:06 07/07/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak2
    C:\windows\SYSTEM32\rrqss.ini2
    C:\windows\SYSTEM32\rrqss.tmp
    Attempting to delete C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\ssqrr.dll Could not be deleted.

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.ini Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak1 Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak2
    C:\windows\SYSTEM32\rrqss.bak2 Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini2
    C:\windows\SYSTEM32\rrqss.ini2 Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.tmp
    C:\windows\SYSTEM32\rrqss.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V5.0.0

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 14:53:40 07/07/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.bak1
    Attempting to delete C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\ssqrr.dll Could not be deleted.

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.ini Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V5.0.0

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 16:34:07 07/07/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.bak1
    Attempting to delete C:\windows\SYSTEM32\ssqrr.dll
    C:\windows\SYSTEM32\ssqrr.dll Could not be deleted.

    Attempting to delete C:\windows\SYSTEM32\rrqss.ini
    C:\windows\SYSTEM32\rrqss.ini Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\rrqss.bak1
    C:\windows\SYSTEM32\rrqss.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!



    Au passage : toujours la fenetre IE qui s'ouvre.
    7 Juillet 2006 17:13:52

    Bien, on continue.

    Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

    Télécharge Brute Force Uninstaller (de Merijn)
    http://www.merijn.org/files/bfu.zip
    Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

    Ouvre le Bloc-note et copie-colle les lignes en bleu ci-dessous

    DllUnregister %SYSDIR%\ssqrr.dll|1

    FileDelete %SYSDIR%\ssqrr.dll
    FileDelete %SYSDIR%\rrqss.ini
    FileDelete %SYSDIR%\rrqss.bak1
    FileDelete %SYSDIR%\rrqss.bak2
    FileDelete %SYSDIR%\rrqss.ini2
    FileDelete %SYSDIR%\rrqss.tmp

    SystemEmptyTempFolder
    SystemEmptyRecycleBin

    FileDelete C:\egd.txt
    SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0F8[/b]; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

    Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

    - Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

    Fixme.bfu

    - Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Fixme.bfu

    Clique sur Execute et laisse-le faire son travail.

    Attendre que Complete script execution apparaîsse et clique sur OK.
    Clique Exit pour fermer le programme BFU.

    Redémarre normalement.

    Winpfind n'est pas complet.
    Supprime le et fais ceci.

    Télécharge Silent Runners
    http://www.silentrunners.org/Silent%20Runners.zip

    Si tu as une alerte de ton antivirus au cours du téléchargement, ou au cours de son utilisation au sujet de ce script, n'en tiend pas compte.

    Une fois téléchargé,tu le dézippes dans un dossier dédié.
    Puis tu double cliques sur ce fichier,il va travailler, patiente jusqu'à l'affichage d'un message.

    La fin doit ressembler à ceci

    Citation :
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 104 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 14 seconds.
    ---------- (total run time: 162 seconds)

    Un rapport est généré dans le meme dossier, colle le ici avec un fichier texte qui se trouve ici C:\egd.txt
    7 Juillet 2006 17:59:12

    Alors, J'ai executé bfu (le fichier que j'ai crée : Fixme.bfu, on est d'accord, et windows me dit : type de fichier = fichier bfu)

    pour silent runners, c'est fait, mais j'ai pas eu le message que tu me donne...

    par contre, ssqrr.dll est toujours là....

    et

    Voici le egd :

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
    "IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
    "Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
    "Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
    "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
    "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
    "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
    "CAP3ON"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3ONN.EXE"
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
    "UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "SetIcon"="\\Program Files\\WDC\\SetIcon.exe"
    "WD Button Manager"="WDBtnMgr.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    7 Juillet 2006 18:24:53

    Il faudrait poster le rapport de Silent runners pour trouver s'il y a un fichier caché qui réactive l'infection.
    7 Juillet 2006 18:31:26

    Pardon, le voici :

    "Silent Runners.vbs", revision 46, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "IE New Window Maximizer" = "C:\Program Files\IE New Window Maximizer\iemaximizer.exe" ["jiiSoft"]
    "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
    "QKSMTPServer3" = "C:\PROGRA~1\QKSMTP~2\QKSmtpServer3.exe" ["Brave World"]
    "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
    "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
    "AtomSync" = ""C:\Program Files\AtomSync\atomsync.exe"" [null data]
    "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
    "IntelWireless" = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless" ["Intel Corporation"]
    "Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [empty string]
    "Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
    "DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
    "DMXLauncher" = "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [null data]
    "Acrobat Assistant 7.0" = ""C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
    "CAP3ON" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" ["CANON INC."]
    "DiskeeperSystray" = ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"" ["Diskeeper Corporation"]
    "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
    "UnlockerAssistant" = ""C:\Program Files\Unlocker\UnlockerAssistant.exe"" [null data]
    "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
    "SetIcon" = "\Program Files\WDC\SetIcon.exe" ["Standard Microsystems Corp."]
    "WD Button Manager" = "WDBtnMgr.exe" ["Western Digital Technologies, Inc."]
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
    "Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
    "WIAWizardMenu" = "RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu" [MS]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
    \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "HelperObject Class"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll" ["TechSmith Corporation"]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {334AD199-60E8-4DE8-B9A6-CDC594F6411D}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ssqrr.dll" [null data]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
    {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
    -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {HKLM...CLSID} = "Shell Search Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"
    -> {HKLM...CLSID} = "SnagIt"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"]
    "{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
    -> {HKLM...CLSID} = "SnagItShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
    "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"
    -> {HKLM...CLSID} = "Context Menu Shell Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
    -> {HKLM...CLSID} = "ShellLink for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
    -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    "{5477408D-422A-4ffc-ADCA-7078D23AE0B4}" = "AdBackup"
    -> {HKLM...CLSID} = "AdBackup"
    \InProcServer32\(Default) = "C:\Program Files\AdBackup\ooshlnsx.dll" [null data]
    "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "Mes dossiers de partage"
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
    "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
    -> {HKLM...CLSID} = "Appareil mobile"
    \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
    INFECTION WARNING! IntelWireless\DLLName = "C:\Program Files\Intel\Wireless\Bin\LgNotify.dll" ["Intel Corporation"]
    INFECTION WARNING! ldr64\DLLName = "ldr64.dll" [file not found]
    INFECTION WARNING! ssqrr\DLLName = "C:\WINDOWS\system32\ssqrr.dll" [null data]
    INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
    INFECTION WARNING! winxia32\DLLName = "winxia32.dll" [file not found]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
    -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
    -> {HKLM...CLSID} = "SnagItShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
    TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
    -> {HKLM...CLSID} = "Context Menu Shell Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
    -> {HKLM...CLSID} = "SnagItShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
    -> {HKLM...CLSID} = "Context Menu Shell Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Ancea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\system32\LOGON.SCR" [MS]


    Startup items in "Ancea" & "All Users" startup folders:
    -------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "AdBackup" -> shortcut to: "C:\Program Files\AdBackup\oointray.exe" [null data]
    "Fenêtre d'état de Canon LASER SHOT LBP-1120" -> shortcut to: "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE !N" ["CANON INC."]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "AdBackup" -> shortcut to: "C:\Program Files\AdBackup\oointray.exe" [null data]
    "Fenêtre d'état de Canon LASER SHOT LBP-1120" -> shortcut to: "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE !N" ["CANON INC."]


    Enabled Scheduled Tasks:
    ------------------------

    "At1" -> launches: "c:\windows\system32\VundoFix.exe" [file not found]
    "OEB_Outlook Backup" -> launches: "C:\Program Files\Genie-Soft\Genie Outlook Backup 6.0\O2Backup.exe -e -job "Outlook Backup" " ["Genie-Soft"]
    "Rappel d'abonnement 1 auprès de l'ISP" -> launches: "C:\WINDOWS\system32\OOBE\OOBEBALN.EXE /sys /i /n:1" [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
    "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)
    -> {HKLM...CLSID} = "SnagIt"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
    "ButtonText" = "Create Mobile Favorite"
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {HKLM...CLSID} = "Create Mobile Favorite"
    \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
    "MenuText" = "Créer un favori mobile..."
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {HKLM...CLSID} = "Create Mobile Favorite"
    \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    "ButtonText" = "Recherche"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

    Missing lines (compared with English-language version):
    [Strings]: 1 line


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AdBackup, adbackup, "C:\PROGRA~1\AdBackup\ooservice.exe" [empty string]
    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
    avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
    avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
    avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
    Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
    Carte de performance WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
    Diskeeper, Diskeeper, ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"]
    EvtEng, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
    ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
    iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
    LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
    Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
    NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]
    NTRconnect, NTRconnect, "C:\Program Files\NTR Global\NTRconnect\NTRconnect.exe" ["Net Transmit & Receive"]
    RegSrvc, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
    Spectrum24 Event Monitor, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
    WLANKEEPER, WLANKEEPER, "C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe" ["Intel® Corporation"]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
    Canon BJ Language Monitor i865\Driver = "CNMLM5m.DLL" ["CANON INC."]
    CAP3 Monitor\Driver = "CAP3LMK.DLL" ["CANON INC."]
    Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
    Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 17 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 9 seconds.
    ---------- (total run time: 57 seconds)




    ;)  et y'a bien le message que tu me donnais...
    7 Juillet 2006 18:33:09

    C'est déja fait..... je le relance....
    7 Juillet 2006 18:38:38

    Voilà le rapport


    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    UPX! 31/05/2006 11:02:04 624640 C:\WINDOWS\SYSTEM32\aswBoot.exe
    aspack 22/07/2005 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
    PEC2 05/08/2004 13:00:00 41131 C:\WINDOWS\SYSTEM32\DFRG.MSC
    PTech 19/06/2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
    PECompact2 09/06/2006 03:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 09/06/2006 03:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 05/08/2004 13:00:00 733184 C:\WINDOWS\SYSTEM32\NTDLL.DLL
    Umonitor 05/08/2004 13:00:00 685056 C:\WINDOWS\SYSTEM32\RASDLG.DLL
    aspack 16/02/2001 14:23:44 48640 C:\WINDOWS\SYSTEM32\SKCA32.dll
    aspack 23/03/2001 00:27:04 117248 C:\WINDOWS\SYSTEM32\SKCL.dll
    UPX! 27/04/2006 17:49:30 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
    UPX! 09/01/2006 10:36:04 42496 C:\WINDOWS\SYSTEM32\swreg.exe
    UPX! 09/01/2006 10:36:06 40960 C:\WINDOWS\SYSTEM32\swsc.exe
    winsync 05/08/2004 13:00:00 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
    PTech 19/06/2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

    Checking %System%\Drivers folder and sub-folders...

    Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts

    abetterinternet.com 25/03/2006 18:18:24 5741 C:\WINDOWS\SYSTEM32\drivers\ETC\hosts.msn

    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    07/07/2006 17:51:34 S 2048 C:\WINDOWS\BOOTSTAT.DAT
    04/07/2006 18:33:12 H 54156 C:\WINDOWS\QTFont.qfn
    17/05/2006 23:53:10 H 26280 C:\WINDOWS\Help\TWEAKUI.GID
    07/07/2006 18:36:52 HS 625409 C:\WINDOWS\SYSTEM32\rrqss.ini
    22/06/2006 13:18:14 S 13309 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
    29/05/2006 18:16:04 S 23751 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
    18/05/2006 09:15:02 S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
    01/06/2006 22:28:42 S 11043 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
    22/05/2006 15:07:50 S 7645 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem37.CAT
    19/06/2006 16:20:58 S 7160 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
    07/07/2006 17:54:22 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
    07/07/2006 17:59:12 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
    07/07/2006 17:54:22 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
    07/07/2006 18:36:52 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
    07/07/2006 18:29:32 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
    26/06/2006 11:04:56 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
    01/07/2006 20:06:16 S 341 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
    01/07/2006 20:06:18 S 413 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
    01/07/2006 20:06:16 S 574 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5
    01/07/2006 20:06:16 S 126 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
    01/07/2006 20:06:18 S 98 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
    01/07/2006 20:06:16 S 136 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5
    29/06/2006 23:32:06 HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\432a361a-d2d9-42cb-ad66-980b95141f22
    29/06/2006 23:32:06 HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
    07/07/2006 17:51:44 H 6 C:\WINDOWS\Tasks\SA.DAT

    Checking for CPL files...
    Microsoft Corporation 05/08/2004 13:00:00 71680 C:\WINDOWS\SYSTEM32\ACCESS.CPL
    Microsoft Corporation 05/08/2004 13:00:00 555008 C:\WINDOWS\SYSTEM32\APPWIZ.CPL
    18/08/2004 13:28:00 24576 C:\WINDOWS\SYSTEM32\BACSCPL.cpl
    Microsoft Corporation 05/08/2004 13:00:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL
    Microsoft Corporation 05/08/2004 13:00:00 138240 C:\WINDOWS\SYSTEM32\DESK.CPL
    Microsoft Corporation 05/08/2004 13:00:00 80384 C:\WINDOWS\SYSTEM32\FIREWALL.CPL
    Microsoft Corporation 05/08/2004 13:00:00 157184 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
    Microsoft Corporation 05/08/2004 13:00:00 359936 C:\WINDOWS\SYSTEM32\INETCPL.CPL
    Microsoft Corporation 05/08/2004 13:00:00 134144 C:\WINDOWS\SYSTEM32\INTL.CPL
    Microsoft Corporation 05/08/2004 13:00:00 380928 C:\WINDOWS\SYSTEM32\IRPROPS.CPL
    Microsoft Corporation 05/08/2004 13:00:00 70144 C:\WINDOWS\SYSTEM32\JOY.CPL
    Sun Microsystems, Inc. 10/11/2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 05/08/2004 13:00:00 189952 C:\WINDOWS\SYSTEM32\MAIN.CPL
    Microsoft Corporation 05/08/2004 13:00:00 626176 C:\WINDOWS\SYSTEM32\MMSYS.CPL
    Microsoft Corporation 05/08/2004 13:00:00 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
    Ahead Software AG 09/10/2002 14:36:14 57344 C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl
    Microsoft Corporation 05/08/2004 13:00:00 25600 C:\WINDOWS\SYSTEM32\NETSETUP.CPL
    Dell Inc. 10/11/2004 12:51:26 122880 C:\WINDOWS\SYSTEM32\NicConfigSvc.Cpl
    Microsoft Corporation 05/08/2004 13:00:00 261120 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
    Microsoft Corporation 05/08/2004 13:00:00 32768 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
    Microsoft Corporation 05/08/2004 13:00:00 118272 C:\WINDOWS\SYSTEM32\POWERCFG.CPL
    SigmaTel Inc. 17/08/2004 18:34:44 R 102481 C:\WINDOWS\SYSTEM32\stac97.cpl
    Microsoft Corporation 05/08/2004 13:00:00 305152 C:\WINDOWS\SYSTEM32\SYSDM.CPL
    Microsoft Corporation 05/08/2004 13:00:00 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
    Microsoft Corporation 05/08/2004 13:00:00 94208 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
    Microsoft Corporation 21/09/2000 01:24:34 81408 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL
    Microsoft Corporation 05/08/2004 13:00:00 148480 C:\WINDOWS\SYSTEM32\WSCUI.CPL
    Microsoft Corporation 26/05/2005 05:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 26/05/2005 05:16:32 175896 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
    SigmaTel Inc. 20/07/2004 11:14:06 102481 C:\WINDOWS\SYSTEM32\ReinstallBackups\0012\DriverFiles\STAC97.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    22/05/2006 17:18:30 1498 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AdBackup.lnk
    20/08/2004 11:37:20 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DESKTOP.INI
    06/06/2006 16:57:48 1066 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    20/08/2004 11:30:24 HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
    7 Juillet 2006 18:45:28

    Ok, au travail.


    1. Télécharger The Avenger par Swandog46 sur votre Bureau
    http://swandog46.geekstogo.com/avenger.zip
  • Click sur Avenger.zip pour ouvrir le fichier
  • Extraire avenger.exe sur votre bureau

    2. Copier tout le texte de la boîte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):

    Citation :
    Files to delete:
    C:\WINDOWS\system32\ssqrr.dll
    C:\WINDOWS\SYSTEM32\ldr64.dll
    C:\WINDOWS\system32\winxia32.dll
    C:\WINDOWS\SYSTEM32\rrqss.ini
    C:\WINDOWS\system32\rrqss.bak1
    C:\WINDOWS\SYSTEM32\rrqss.bak2
    C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\SYSTEM32\rrqss.tmp


    IMPORTANT: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.


    3. Maintenant, lancer The Avenger en cliquant sur son icône du bureau.
  • Sous "Script file to execute" choisir "Input Script Manually".
  • Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
  • Dans cette fenêtre, coller le texte précedemment copié sur le bureau par les touches (Ctrl+V).
  • Cliquer Done
  • ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
  • Répondre "Yes" deux fois quand demandé.

    4. The Avenger va automatiquement faire ce qui suit:
  • Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)
  • Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.
  • Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
  • The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.

    5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau log Silent Runner.
    7 Juillet 2006 18:55:50

    Voici le log avenger : tout n'a pas été trouvé..., suivi du log silentrunner.



    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\jmcdqevq

    *******************

    Script file located at: \??\C:\WINDOWS\ypfelvaw.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\ssqrr.dll deleted successfully.


    File C:\WINDOWS\SYSTEM32\ldr64.dll not found!
    Deletion of file C:\WINDOWS\SYSTEM32\ldr64.dll failed!

    Could not process line:
    C:\WINDOWS\SYSTEM32\ldr64.dll
    Status: 0xc0000034



    File C:\WINDOWS\system32\winxia32.dll not found!
    Deletion of file C:\WINDOWS\system32\winxia32.dll failed!

    Could not process line:
    C:\WINDOWS\system32\winxia32.dll
    Status: 0xc0000034

    File C:\WINDOWS\SYSTEM32\rrqss.ini deleted successfully.


    File C:\WINDOWS\system32\rrqss.bak1 not found!
    Deletion of file C:\WINDOWS\system32\rrqss.bak1 failed!

    Could not process line:
    C:\WINDOWS\system32\rrqss.bak1
    Status: 0xc0000034



    File C:\WINDOWS\SYSTEM32\rrqss.bak2 not found!
    Deletion of file C:\WINDOWS\SYSTEM32\rrqss.bak2 failed!

    Could not process line:
    C:\WINDOWS\SYSTEM32\rrqss.bak2
    Status: 0xc0000034



    File C:\WINDOWS\system32\rrqss.ini2 not found!
    Deletion of file C:\WINDOWS\system32\rrqss.ini2 failed!

    Could not process line:
    C:\WINDOWS\system32\rrqss.ini2
    Status: 0xc0000034



    File C:\WINDOWS\SYSTEM32\rrqss.tmp not found!
    Deletion of file C:\WINDOWS\SYSTEM32\rrqss.tmp failed!

    Could not process line:
    C:\WINDOWS\SYSTEM32\rrqss.tmp
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.




    "Silent Runners.vbs", revision 46, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "IE New Window Maximizer" = "C:\Program Files\IE New Window Maximizer\iemaximizer.exe" ["jiiSoft"]
    "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
    "QKSMTPServer3" = "C:\PROGRA~1\QKSMTP~2\QKSmtpServer3.exe" ["Brave World"]
    "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
    "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
    "AtomSync" = ""C:\Program Files\AtomSync\atomsync.exe"" [null data]
    "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
    "IntelWireless" = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless" ["Intel Corporation"]
    "Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [empty string]
    "Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
    "DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
    "DMXLauncher" = "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [null data]
    "Acrobat Assistant 7.0" = ""C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
    "CAP3ON" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" ["CANON INC."]
    "DiskeeperSystray" = ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"" ["Diskeeper Corporation"]
    "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
    "UnlockerAssistant" = ""C:\Program Files\Unlocker\UnlockerAssistant.exe"" [null data]
    "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
    "SetIcon" = "\Program Files\WDC\SetIcon.exe" ["Standard Microsystems Corp."]
    "WD Button Manager" = "WDBtnMgr.exe" ["Western Digital Technologies, Inc."]
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
    "Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
    "WIAWizardMenu" = "RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu" [MS]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
    \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "HelperObject Class"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll" ["TechSmith Corporation"]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {334AD199-60E8-4DE8-B9A6-CDC594F6411D}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ssqrr.dll" [file not found]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
    {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
    -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {HKLM...CLSID} = "Shell Search Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"
    -> {HKLM...CLSID} = "SnagIt"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"]
    "{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
    -> {HKLM...CLSID} = "SnagItShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
    "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"
    -> {HKLM...CLSID} = "Context Menu Shell Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
    -> {HKLM...CLSID} = "ShellLink for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
    -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    "{5477408D-422A-4ffc-ADCA-7078D23AE0B4}" = "AdBackup"
    -> {HKLM...CLSID} = "AdBackup"
    \InProcServer32\(Default) = "C:\Program Files\AdBackup\ooshlnsx.dll" [null data]
    "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "Mes dossiers de partage"
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
    "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
    -> {HKLM...CLSID} = "Appareil mobile"
    \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
    INFECTION WARNING! IntelWireless\DLLName = "C:\Program Files\Intel\Wireless\Bin\LgNotify.dll" ["Intel Corporation"]
    INFECTION WARNING! ldr64\DLLName = "ldr64.dll" [file not found]
    INFECTION WARNING! ssqrr\DLLName = "C:\WINDOWS\system32\ssqrr.dll" [file not found]
    INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
    INFECTION WARNING! winxia32\DLLName = "winxia32.dll" [file not found]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
    -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
    -> {HKLM...CLSID} = "SnagItShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
    TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
    -> {HKLM...CLSID} = "Context Menu Shell Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
    -> {HKLM...CLSID} = "SnagItShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
    -> {HKLM...CLSID} = "Context Menu Shell Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Ancea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\system32\LOGON.SCR" [MS]


    Startup items in "Ancea" & "All Users" startup folders:
    -------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "AdBackup" -> shortcut to: "C:\Program Files\AdBackup\oointray.exe" [null data]
    "Fenêtre d'état de Canon LASER SHOT LBP-1120" -> shortcut to: "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE !N" ["CANON INC."]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "AdBackup" -> shortcut to: "C:\Program Files\AdBackup\oointray.exe" [null data]
    "Fenêtre d'état de Canon LASER SHOT LBP-1120" -> shortcut to: "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE !N" ["CANON INC."]


    Enabled Scheduled Tasks:
    ------------------------

    "At1" -> launches: "c:\windows\system32\VundoFix.exe" [file not found]
    "OEB_Outlook Backup" -> launches: "C:\Program Files\Genie-Soft\Genie Outlook Backup 6.0\O2Backup.exe -e -job "Outlook Backup" " ["Genie-Soft"]
    "Rappel d'abonnement 1 auprès de l'ISP" -> launches: "C:\WINDOWS\system32\OOBE\OOBEBALN.EXE /sys /i /n:1" [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
    "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)
    -> {HKLM...CLSID} = "SnagIt"
    \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
    "ButtonText" = "Create Mobile Favorite"
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {HKLM...CLSID} = "Create Mobile Favorite"
    \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
    "MenuText" = "Créer un favori mobile..."
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {HKLM...CLSID} = "Create Mobile Favorite"
    \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    "ButtonText" = "Recherche"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

    Missing lines (compared with English-language version):
    [Strings]: 1 line


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AdBackup, adbackup, "C:\PROGRA~1\AdBackup\ooservice.exe" [empty string]
    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
    avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
    avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
    avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
    Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
    Carte de performance WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
    Diskeeper, Diskeeper, ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"]
    EvtEng, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
    ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
    iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
    LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
    Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
    NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]
    NTRconnect, NTRconnect, "C:\Program Files\NTR Global\NTRconnect\NTRconnect.exe" ["Net Transmit & Receive"]
    RegSrvc, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
    Spectrum24 Event Monitor, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
    WLANKEEPER, WLANKEEPER, "C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe" ["Intel® Corporation"]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
    Canon BJ Language Monitor i865\Driver = "CNMLM5m.DLL" ["CANON INC."]
    CAP3 Monitor\Driver = "CAP3LMK.DLL" ["CANON INC."]
    Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
    Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 76 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 7 seconds.
    ---------- (total run time: 100 seconds)
    7 Juillet 2006 19:07:12

    Refais une fois la manip avec Vundo pour voir ce qu'il trouve.
    7 Juillet 2006 23:08:45

    C'est nettoyé!!! Bravo les gars....

    Je suis épaté.

    Merci

    Lx
    8 Juillet 2006 15:58:54

    Bonjour

    Supprime les utilitaires :

    VundoFix
    BFU
    The Avenger
    Winpfind
    Silent Runners
    mwav.exe
    Sysclean Package

    Plus de dysfonctionnements ?
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS