Votre question

pop up intempestifs

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Novembre 2005 15:57:31

Bonjour,
Depuis quelques jours j'ai un problème avec des fenetres de pub qui s'ouvrent tous les 2 minutes ce qui a pour conséquence de ralentir mon système vu que j'ai un pc pas assez performant , j'ai essayé avec tous les anti spyware (spybot,avast,spysweeper,security task manager) mais rien est fait le problème reste le même
alors je vous demande si vous pouver m'aider à résoudre ce problème voici mon logfile avec hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:48:18, on 18/11/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\ZONELABS\minilog.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\internat.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.menara.ma
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Iusage] C:\Program Files\Internet Usage Monitor Lite Edition\netdet.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\windows\sp2update00.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: View Original Image - C:\Program Files\Ict\AcceleNet\getoriginal.htm
O9 - Extra button: Voiced Keyboard Homepage - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - http://www.yayahoohoo.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.menara.ma
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5E59424-3558-4DFE-98A9-031A3007BF8A}: NameServer = 212.217.1.4 212.217.0.13
O20 - Winlogon Notify: WebCheck - C:\WINNT\system32\e402ledo1h0c.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINNT\System32\vbsys2.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QWRtaW5pc3RyYXRldXIA\command.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\minilog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe

Aidez moi le plus vite possible je vous en remercie d"avance
:-x

Autres pages sur : pop intempestifs

18 Novembre 2005 16:07:15

Salut, installe une barre anti-popup style GoogleToolbar.
Contenus similaires
18 Novembre 2005 17:13:19

ceci ne suffira pas tu a une infection look2me fait ceci

1/ Télécharge l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install

2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.

3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.
18 Novembre 2005 18:32:48

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\e402ledo1h0c.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{2A26FDF7-134B-1F16-F000-C2C030C358EE}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="Extension du Panneau de configuration PlusPack"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'interpr‚teur de commandes"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour les objets Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'interpr‚teur de commandes pour la compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension du shell d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau et accŠs … distance"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Dossier favori du shell"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="Poste de travail"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Porte-documents"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Raccourci vers le dossier"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Volume mont‚"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="Extension de la page de propri‚t‚s des fichiers"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="Page des types de fichiers"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Gestionnaire des types de fichiers MIME"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Service Copier vers Microsoft"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Service D‚placer vers Microsoft"
"{13709620-C279-11CE-A49E-444553540000}"="Service d'automatisation de l'interface"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menu D‚marrer"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Service SendTo Microsoft"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Service Nouvel objet Microsoft"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Ouvrir avec le gestionnaire de menu contextuel"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Afficher les extensions HTML du Panneau de configuration"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Extension de la page de propri‚t‚s des options des dossiers"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Application d'aide du systŠme pour le glisser-d‚placer"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Ajouter l'‚l‚ment de cryptage dans les menus contextuels de l'Explorateur"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Dossier Bureau"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Bande de menus"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Suivi du menu Shell"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Barre du Bureau"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Image miniature"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Extracteur de miniatures des filtres graphiques Office"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'application du shell"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menu Fichiers hors connexion"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Options du dossier Fichiers hors connexion"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{8D8F3D23-8DF1-4B03-99FE-5CD41BAC82AD}"=""
"{4105C11B-20DA-4634-BADD-E1D7A832E8D9}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D8F3D23-8DF1-4B03-99FE-5CD41BAC82AD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D8F3D23-8DF1-4B03-99FE-5CD41BAC82AD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D8F3D23-8DF1-4B03-99FE-5CD41BAC82AD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D8F3D23-8DF1-4B03-99FE-5CD41BAC82AD}\InprocServer32]
@="C:\\WINNT\\system32\\oqesvr32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4105C11B-20DA-4634-BADD-E1D7A832E8D9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4105C11B-20DA-4634-BADD-E1D7A832E8D9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4105C11B-20DA-4634-BADD-E1D7A832E8D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4105C11B-20DA-4634-BADD-E1D7A832E8D9}\InprocServer32]
@="C:\\WINNT\\system32\\wphtcpip.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINNT\SYSTEM32\
bassmod.dll Thu 27 Oct 2005 23:09:12 A.... 34 308 33,50 K
unlmon.dll Tue 25 Oct 2005 21:50:30 ..S.R 234 272 228,78 K
atmtd.dll Tue 25 Oct 2005 21:58:24 A.... 687 592 671,48 K
drdskres.dll Tue 25 Oct 2005 22:23:52 ..S.R 234 272 228,78 K
mzaudite.dll Fri 28 Oct 2005 16:54:52 ..S.R 236 224 230,69 K
aza603~1.dll Fri 28 Oct 2005 0:06:46 ..S.R 235 531 230,01 K
gwfspi~1.dll Mon 29 Aug 2005 13:27:06 A.... 23 304 22,76 K
legitc~1.dll Mon 29 Aug 2005 13:27:12 A.... 520 968 508,76 K
n0p4la~1.dll Wed 26 Oct 2005 13:19:52 ..S.R 234 272 228,78 K
krdic.dll Fri 28 Oct 2005 11:30:50 ..S.R 236 224 230,69 K
shtupapi.dll Tue 1 Nov 2005 10:24:44 ..S.R 236 224 230,69 K
domstor.dll Wed 2 Nov 2005 12:36:06 ..S.R 233 930 228,45 K
dncapi.dll Thu 3 Nov 2005 10:32:10 ..S.R 236 224 230,69 K
srcur32.dll Fri 4 Nov 2005 12:40:38 ..S.R 233 930 228,45 K
n8r20i~1.dll Fri 28 Oct 2005 11:30:46 ..S.R 236 522 230,98 K
swbapiu.dll Sat 5 Nov 2005 10:59:48 ..S.R 236 224 230,69 K
inwphbk.dll Sun 6 Nov 2005 12:10:34 ..S.R 233 930 228,45 K
ovecnv32.dll Mon 7 Nov 2005 8:23:46 ..S.R 236 224 230,69 K
pclagent.dll Mon 7 Nov 2005 14:54:18 ..S.R 236 224 230,69 K
waploc.dll Mon 7 Nov 2005 21:26:58 ..S.R 236 224 230,69 K
mecsubs.dll Thu 10 Nov 2005 18:59:10 ..S.R 235 033 229,52 K
dbcobj.dll Thu 10 Nov 2005 21:22:50 ..S.R 235 033 229,52 K
ilssvcs.dll Tue 8 Nov 2005 21:05:06 ..S.R 234 215 228,72 K
serobj.dll Wed 9 Nov 2005 21:01:58 ..S.R 234 215 228,72 K
fnntsub.dll Wed 9 Nov 2005 21:13:24 ..S.R 234 215 228,72 K
mvjsl9~1.dll Sun 6 Nov 2005 23:09:00 ..S.R 233 930 228,45 K
m8280i~1.dll Mon 7 Nov 2005 14:54:16 ..S.R 237 052 231,50 K
dycapi.dll Wed 9 Nov 2005 13:12:38 ..S.R 236 224 230,69 K
dhmssocn.dll Wed 9 Nov 2005 21:29:48 ..S.R 234 215 228,72 K
q086la~1.dll Wed 9 Nov 2005 15:17:50 ..S.R 236 224 230,69 K
t2r80c~1.dll Wed 9 Nov 2005 21:13:24 ..S.R 235 107 229,59 K
jtl007~1.dll Wed 9 Nov 2005 21:29:46 ..S.R 234 252 228,76 K
fp4403~1.dll Sat 12 Nov 2005 23:21:32 ..S.R 235 033 229,52 K
dfmstor.dll Sat 12 Nov 2005 12:41:50 ..S.R 235 033 229,52 K
nntdtect.dll Wed 9 Nov 2005 21:36:48 ..S.R 234 215 228,72 K
axvpack.dll Sun 13 Nov 2005 9:49:14 ..S.R 235 033 229,52 K
o8840i~1.dll Wed 9 Nov 2005 22:40:52 ..S.R 234 215 228,72 K
fp4803~1.dll Thu 10 Nov 2005 21:22:50 ..S.R 235 876 230,35 K
d40mle~1.dll Thu 10 Nov 2005 22:09:10 ..S.R 236 137 230,60 K
sgmlib.dll Fri 11 Nov 2005 12:24:20 ..S.R 235 033 229,52 K
ik41_qcx.dll Sat 29 Oct 2005 10:22:36 ..S.R 234 173 228,68 K
mvnsspc.dll Mon 14 Nov 2005 7:44:10 ..S.R 235 666 230,14 K
satupapi.dll Wed 16 Nov 2005 10:08:40 ..S.R 235 666 230,14 K
nndsa.dll Thu 17 Nov 2005 10:17:28 ..S.R 235 666 230,14 K
wxnrnr.dll Sun 13 Nov 2005 16:08:22 ..S.R 235 033 229,52 K
g440le~1.dll Mon 14 Nov 2005 21:29:00 ..S.R 235 033 229,52 K
f22m0c~1.dll Mon 14 Nov 2005 22:27:30 ..S.R 235 666 230,14 K
isssvcs.dll Mon 14 Nov 2005 21:31:06 ..S.R 235 666 230,14 K
wphtcpip.dll Fri 18 Nov 2005 17:14:56 ..S.R 235 666 230,14 K
ir8sl5~1.dll Thu 17 Nov 2005 10:26:28 ..S.R 235 666 230,14 K
s0rsla~1.dll Thu 17 Nov 2005 17:26:32 ..S.R 235 666 230,14 K
lv6u09~1.dll Sun 30 Oct 2005 0:15:34 ..S.R 234 173 228,68 K
ojui400.dll Sun 30 Oct 2005 8:47:22 ..S.R 236 224 230,69 K
k480le~1.dll Thu 17 Nov 2005 10:35:08 ..S.R 235 666 230,14 K
e402le~1.dll Thu 17 Nov 2005 12:38:02 ..S.R 235 666 230,14 K
ir06l5~1.dll Fri 18 Nov 2005 10:16:00 ..S.R 235 666 230,14 K
fp4o03~1.dll Sun 30 Oct 2005 18:11:16 ..S.R 236 567 231,02 K
szmmon.dll Sun 30 Oct 2005 18:11:18 ..S.R 236 224 230,69 K
otecli.dll Sun 30 Oct 2005 19:37:18 ..S.R 236 224 230,69 K
uaimdmat.dll Mon 31 Oct 2005 10:38:22 ..S.R 233 930 228,45 K

60 items found: 60 files (56 H/S), 0 directories.
Total of file sizes: 14 442 820 bytes 13,77 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 240F-4579

R‚pertoire de C:\WINNT\System32

18/11/2005 17:14 235ÿ666 wphtcpip.dll
18/11/2005 10:16 235ÿ666 ir06l5ds1.dll
17/11/2005 17:26 235ÿ666 s0rsla971d.dll
17/11/2005 12:38 235ÿ666 e402ledo1h0c.dll
17/11/2005 10:35 235ÿ666 k480lelm1hqa.dll
17/11/2005 10:26 235ÿ666 ir8sl5l71.dll
17/11/2005 10:17 235ÿ666 nndsa.dll
16/11/2005 10:08 235ÿ666 satupapi.dll
14/11/2005 22:27 235ÿ666 f22m0cf1ef2.dll
14/11/2005 21:31 235ÿ666 iSssvcs.dll
14/11/2005 21:29 235ÿ033 g440lehm1h4a.dll
14/11/2005 07:44 235ÿ666 mvnsspc.dll
13/11/2005 16:08 235ÿ033 wxnrnr.dll
13/11/2005 09:49 235ÿ033 axvpack.dll
12/11/2005 23:21 235ÿ033 fp4403hqe.dll
12/11/2005 12:41 235ÿ033 dfmstor.dll
11/11/2005 12:24 235ÿ033 sGmlib.dll
10/11/2005 22:09 236ÿ137 d40mled11h0.dll
10/11/2005 21:22 235ÿ033 DBCOBJ.DLL
10/11/2005 21:22 235ÿ876 fp4803hue.dll
10/11/2005 18:59 235ÿ033 mecsubs.dll
09/11/2005 22:40 234ÿ215 o8840ilqe8qe0.dll
09/11/2005 21:36 234ÿ215 nntdtect.dll
09/11/2005 21:29 234ÿ215 dhmssocn.dll
09/11/2005 21:29 234ÿ252 jtl0073me.dll
09/11/2005 21:13 234ÿ215 fnntsub.dll
09/11/2005 21:13 235ÿ107 t2r80c9uef.dll
09/11/2005 21:01 234ÿ215 serobj.dll
09/11/2005 15:17 236ÿ224 q086lals1dq6.dll
09/11/2005 13:12 236ÿ224 dycapi.dll
08/11/2005 21:05 234ÿ215 iLssvcs.dll
07/11/2005 21:26 236ÿ224 waploc.dll
07/11/2005 14:54 236ÿ224 pclagent.dll
07/11/2005 14:54 237ÿ052 m8280ifue8280.dll
07/11/2005 08:23 236ÿ224 ovecnv32.dll
06/11/2005 23:09 233ÿ930 mvjsl9171.dll
06/11/2005 12:10 233ÿ930 inwphbk.dll
05/11/2005 10:59 236ÿ224 swbapiU.dll
04/11/2005 12:40 233ÿ930 srcur32.dll
03/11/2005 10:32 236ÿ224 dncapi.dll
02/11/2005 12:36 233ÿ930 domstor.dll
01/11/2005 10:24 236ÿ224 shtupapi.dll
31/10/2005 10:38 233ÿ930 uaimdmat.dll
30/10/2005 19:37 236ÿ224 otecli.dll
30/10/2005 18:11 236ÿ224 szmmon.dll
30/10/2005 18:11 236ÿ567 fp4o03h3e.dll
30/10/2005 08:47 236ÿ224 ojui400.dll
30/10/2005 00:15 234ÿ173 lv6u09j9e.dll
29/10/2005 10:22 234ÿ173 ik41_qcx.dll
28/10/2005 16:54 236ÿ224 mzaudite.dll
28/10/2005 11:30 236ÿ224 krdic.dll
28/10/2005 11:30 236ÿ522 n8r20i9oe8.dll
28/10/2005 00:06 235ÿ531 aza6039se.dll
26/10/2005 13:19 234ÿ272 n0p4la7q1d.dll
25/10/2005 22:23 234ÿ272 drdskres.dll
25/10/2005 21:50 234ÿ272 unlmon.dll
04/10/2005 14:51 <DIR> dllcache
56 fichier(s) 13ÿ176ÿ648 octets
1 R‚p(s) 1ÿ569ÿ996ÿ800 octets libres
18 Novembre 2005 18:44:18

poste maintenent le 2eme rapport L2MFIX
18 Novembre 2005 19:03:35

le voici merci d'avance

Setting Directory
C:\Documents and Settings\Administrateur\Bureau\l2mfix

Running From:
C:\Documents and Settings\Administrateur\Bureau\l2mfix

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 140 'smss.exe'
Error 0x6 : Descripteur non valide


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 160 'winlogon.exe'
Error 0x6 : Descripteur non valide


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1172 'explorer.exe'
Killing PID 1172 'explorer.exe'
Error 0x5 : Accès refusé.


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1044 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINNT\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: C:\WINNT\system32\guard.tmp


Zipping up files for submission:
zip warning: name not matched: *.dll

zip error: Nothing to do! (backup.zip)
updating: guard.tmp (deflated 5%)
updating: clear.reg (deflated 22%)
zip warning: name not matched: *.ini

zip error: Nothing to do! (backup.zip)
updating: readme.txt (deflated 52%)
updating: report.txt (deflated 68%)
updating: lo2.txt (deflated 64%)
updating: flag.txt (stored 0%)
updating: test2.txt (stored 0%)
updating: test3.txt (stored 0%)
updating: test5.txt (stored 0%)
updating: test.txt (stored 0%)
updating: xfind.txt (stored 0%)
adding: log.txt (deflated 85%)
updating: backregs/notibac.reg (deflated 85%)
updating: backregs/shell.reg (deflated 75%)
updating: backregs/8D8F3D23-8DF1-4B03-99FE-5CD41BAC82AD.reg (deflated 70%)
updating: backregs/4105C11B-20DA-4634-BADD-E1D7A832E8D9.reg (deflated 70%)
updating: backregs/8A261201-1543-4B70-BE7C-6B4AA2FE1E64.reg (deflated 70%)
adding: backregs/50BC8EFD-2065-4732-B026-6D2FBFE0AC1C.reg (deflated 70%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Warning (option /rga:( IO)) - There is no ACE to remove!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

Restoring Windows Update Certificates.:

deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\fp6q03j5e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINNT\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{50BC8EFD-2065-4732-B026-6D2FBFE0AC1C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{50BC8EFD-2065-4732-B026-6D2FBFE0AC1C}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************




et le hjt:
Logfile of HijackThis v1.99.1
Scan saved at 17:57:52, on 18/11/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\ZONELABS\minilog.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\internat.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.menara.ma
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Iusage] C:\Program Files\Internet Usage Monitor Lite Edition\netdet.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\windows\sp2update00.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: View Original Image - C:\Program Files\Ict\AcceleNet\getoriginal.htm
O9 - Extra button: Voiced Keyboard Homepage - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - http://www.yayahoohoo.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.menara.ma
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O20 - Winlogon Notify: Explorer - C:\WINNT\system32\fp6q03j5e.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINNT\System32\vbsys2.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QWRtaW5pc3RyYXRldXIA\command.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\minilog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe

que dois je faire thanks


19 Novembre 2005 11:05:50

l infection look2me a resister passe un coup de spy sweeper

fix ceci dans hijacthis

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ntdll.dll] C:\windows\sp2update00.exe


supprime ceci
C:\windows\sp2update00.exe

redemare et reposte un log
19 Novembre 2005 15:18:23

Voici le hijackthis que tu m'as demandé merci d'avance


Logfile of HijackThis v1.99.1
Scan saved at 14:13:49, on 19/11/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\ZONELABS\minilog.exe
C:\WINNT\loadqm.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\internat.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.menara.ma
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Menara
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Iusage] C:\Program Files\Internet Usage Monitor Lite Edition\netdet.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: View Original Image - C:\Program Files\Ict\AcceleNet\getoriginal.htm
O9 - Extra button: Voiced Keyboard Homepage - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - http://www.yayahoohoo.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.menara.ma
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O20 - Winlogon Notify: Controls Folder - C:\WINNT\
O20 - Winlogon Notify: ShellScrap - C:\WINNT\system32\f4l0le3m1h.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QWRtaW5pc3RyYXRldXIA\command.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\minilog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe

a b , Internet Explorer
19 Novembre 2005 20:23:08

Salut,

La désinfection avec Spy Sweeper n'a pas fonctionnée.

Il existe l'uninstaller créé par ceux qui ont fait le virus.
Il parait qu'il fonctionne très bien.
Je ne le conseille que quand on a plus d'autres solutions (enfin il existe une autre solution, mais elle est vachement compliquée ! :-?)

Si tu veux tester l'uninstaller, tu le trouves ici :
http://www.ad-w-a-r-e.com/cgi-bin/UnInstaller

A tes risques et périls...
20 Novembre 2005 11:45:52

oui merci mais l'unistaller ca marche pas chez moi il me met vous n'avez pas le doit par mesure de sécurité mais bon je crois que le probleme est résolu j'ai plus ces pages
Q: est ce que look2m est un virus qui récidive
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS