yanou

Oui il est désactivé.

Je peux envoyer des messages via thunderbird par contre

Si j'ai connection à pop.wanadoo.fr et la barre de progression mais rien ne vient. J'ai vu qu'avec Antivir il y avait des soucis, j'ai coupé mon anti virus mais pareil.

Salut leo! j'ai XP professionnel service pack2

Merci gibé, j'ai désinstallé thunderbird, j'ai réinstallé, ça charge mais rien ne vient, j'ai en bas, connexion à "pop.wanadoo.fr"

Bonjour, j'ai téléchargé thunderbird, mais je n'arrive pas à reçevoir mes mails via wanadoo. J'ai lu quelques tutoriels dessus mais toujours impossible de faire fonctionner thunderbird. Merci d'avance, pour ceux qui pourraient m'aider.

OK! J'ai telechargé "Antivir", j'ai spybot c'est bon je pense, par contre en pare feu, celui de windows et désactivé, je le laisse ainsi et je telecharge un autre ou celui de windows suffit?

Non pas de probléme apparent, par contre j'ai une qusetion? j'ai fait ses manips en utilsateur "administrateur" si je reprend mon autre utilisateur, est ce qu'il va être propre comme celui ci? qu'est ce que tu me conseille pour ne pas renouveler cette boulette en antivirus? un anti spyware ne suffit pas? j'ai anti spyware de chez wanadoo. En tout cas merci pour ta disponiblité et ta patience.

Voilà mon nouveau rapport Logfile of HijackThis v1.99.1 Scan saved at 00:09:27, on 26/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Office keyboard utility\1.1\nhksrv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.1\nhksrv.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Ok, je refais un rapport hijackthis ensuite.

Sur l'un de tes post précedent tu m'avais dit de virer toutes les keys trouvées par easy cleaner, je l'ai pas fait, faut il que le fasse? en mode sans echec?

Bon voilà j'ai réinstallé L2MFIX impecale ça a fait comme tu l'a ecrit. ya un paquet de truc L2Mfix 1.04 Running From: C:\Documents and Settings\Administrateur\Bureau\l2mfix RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Denying C(CI) access for predefined group "Administrators" - adding new ACCESS DENY entry Registry Permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- BUILTIN\Administrateurs (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE Setting up for Reboot Starting Reboot! C:\Documents and Settings\Administrateur\Bureau\l2mfix System Rebooted! Running From: C:\Documents and Settings\Administrateur\Bureau\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1228 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 896 'rundll32.exe' Killing PID 1876 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Backing Up: C:\WINDOWS\system32\CHMCAT.DLL 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\CHMCAT.DLL 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\cigwin1.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\cigwin1.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\cwyptdlg.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\cwyptdlg.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dqnlobby.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dqnlobby.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\duloader.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\duloader.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\fZultrep.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\fZultrep.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\iass.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\iass.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ivsecsvc.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ivsecsvc.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\kmdur.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\kmdur.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ksdest.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ksdest.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\kydic.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\kydic.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\lkcmgr10.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\lkcmgr10.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mhjter40.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mhjter40.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mmafd.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mmafd.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mogentr.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mogentr.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ovecnv32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ovecnv32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\pfwave.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\pfwave.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\qjap.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\qjap.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\rypwsx.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\rypwsx.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\SjmpleRegistry.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\SjmpleRegistry.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\smcbase.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\smcbase.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\WA5Inf32.DLL 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\WA5Inf32.DLL 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wdvcore.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wdvcore.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\guard.tmp 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\guard.tmp 1 fichier(s) copi‚(s). deleting: C:\WINDOWS\system32\CHMCAT.DLL Successfully Deleted: C:\WINDOWS\system32\CHMCAT.DLL deleting: C:\WINDOWS\system32\CHMCAT.DLL Successfully Deleted: C:\WINDOWS\system32\CHMCAT.DLL deleting: C:\WINDOWS\system32\cigwin1.dll Successfully Deleted: C:\WINDOWS\system32\cigwin1.dll deleting: C:\WINDOWS\system32\cigwin1.dll Successfully Deleted: C:\WINDOWS\system32\cigwin1.dll deleting: C:\WINDOWS\system32\cwyptdlg.dll Successfully Deleted: C:\WINDOWS\system32\cwyptdlg.dll deleting: C:\WINDOWS\system32\cwyptdlg.dll Successfully Deleted: C:\WINDOWS\system32\cwyptdlg.dll deleting: C:\WINDOWS\system32\dqnlobby.dll Successfully Deleted: C:\WINDOWS\system32\dqnlobby.dll deleting: C:\WINDOWS\system32\dqnlobby.dll Successfully Deleted: C:\WINDOWS\system32\dqnlobby.dll deleting: C:\WINDOWS\system32\duloader.dll Successfully Deleted: C:\WINDOWS\system32\duloader.dll deleting: C:\WINDOWS\system32\duloader.dll Successfully Deleted: C:\WINDOWS\system32\duloader.dll deleting: C:\WINDOWS\system32\fZultrep.dll Successfully Deleted: C:\WINDOWS\system32\fZultrep.dll deleting: C:\WINDOWS\system32\fZultrep.dll Successfully Deleted: C:\WINDOWS\system32\fZultrep.dll deleting: C:\WINDOWS\system32\iass.dll Successfully Deleted: C:\WINDOWS\system32\iass.dll deleting: C:\WINDOWS\system32\iass.dll Successfully Deleted: C:\WINDOWS\system32\iass.dll deleting: C:\WINDOWS\system32\ivsecsvc.dll Successfully Deleted: C:\WINDOWS\system32\ivsecsvc.dll deleting: C:\WINDOWS\system32\ivsecsvc.dll Successfully Deleted: C:\WINDOWS\system32\ivsecsvc.dll deleting: C:\WINDOWS\system32\kmdur.dll Successfully Deleted: C:\WINDOWS\system32\kmdur.dll deleting: C:\WINDOWS\system32\kmdur.dll Successfully Deleted: C:\WINDOWS\system32\kmdur.dll deleting: C:\WINDOWS\system32\ksdest.dll Successfully Deleted: C:\WINDOWS\system32\ksdest.dll deleting: C:\WINDOWS\system32\ksdest.dll Successfully Deleted: C:\WINDOWS\system32\ksdest.dll deleting: C:\WINDOWS\system32\kydic.dll Successfully Deleted: C:\WINDOWS\system32\kydic.dll deleting: C:\WINDOWS\system32\kydic.dll Successfully Deleted: C:\WINDOWS\system32\kydic.dll deleting: C:\WINDOWS\system32\lkcmgr10.dll Successfully Deleted: C:\WINDOWS\system32\lkcmgr10.dll deleting: C:\WINDOWS\system32\lkcmgr10.dll Successfully Deleted: C:\WINDOWS\system32\lkcmgr10.dll deleting: C:\WINDOWS\system32\mhjter40.dll Successfully Deleted: C:\WINDOWS\system32\mhjter40.dll deleting: C:\WINDOWS\system32\mhjter40.dll Successfully Deleted: C:\WINDOWS\system32\mhjter40.dll deleting: C:\WINDOWS\system32\mmafd.dll Successfully Deleted: C:\WINDOWS\system32\mmafd.dll deleting: C:\WINDOWS\system32\mmafd.dll Successfully Deleted: C:\WINDOWS\system32\mmafd.dll deleting: C:\WINDOWS\system32\mogentr.dll Successfully Deleted: C:\WINDOWS\system32\mogentr.dll deleting: C:\WINDOWS\system32\mogentr.dll Successfully Deleted: C:\WINDOWS\system32\mogentr.dll deleting: C:\WINDOWS\system32\ovecnv32.dll Successfully Deleted: C:\WINDOWS\system32\ovecnv32.dll deleting: C:\WINDOWS\system32\ovecnv32.dll Successfully Deleted: C:\WINDOWS\system32\ovecnv32.dll deleting: C:\WINDOWS\system32\pfwave.dll Successfully Deleted: C:\WINDOWS\system32\pfwave.dll deleting: C:\WINDOWS\system32\pfwave.dll Successfully Deleted: C:\WINDOWS\system32\pfwave.dll deleting: C:\WINDOWS\system32\qjap.dll Successfully Deleted: C:\WINDOWS\system32\qjap.dll deleting: C:\WINDOWS\system32\qjap.dll Successfully Deleted: C:\WINDOWS\system32\qjap.dll deleting: C:\WINDOWS\system32\rypwsx.dll Successfully Deleted: C:\WINDOWS\system32\rypwsx.dll deleting: C:\WINDOWS\system32\rypwsx.dll Successfully Deleted: C:\WINDOWS\system32\rypwsx.dll deleting: C:\WINDOWS\system32\SjmpleRegistry.dll Successfully Deleted: C:\WINDOWS\system32\SjmpleRegistry.dll deleting: C:\WINDOWS\system32\SjmpleRegistry.dll Successfully Deleted: C:\WINDOWS\system32\SjmpleRegistry.dll deleting: C:\WINDOWS\system32\smcbase.dll Successfully Deleted: C:\WINDOWS\system32\smcbase.dll deleting: C:\WINDOWS\system32\smcbase.dll Successfully Deleted: C:\WINDOWS\system32\smcbase.dll deleting: C:\WINDOWS\system32\WA5Inf32.DLL Successfully Deleted: C:\WINDOWS\system32\WA5Inf32.DLL deleting: C:\WINDOWS\system32\WA5Inf32.DLL Successfully Deleted: C:\WINDOWS\system32\WA5Inf32.DLL deleting: C:\WINDOWS\system32\wdvcore.dll Successfully Deleted: C:\WINDOWS\system32\wdvcore.dll deleting: C:\WINDOWS\system32\wdvcore.dll Successfully Deleted: C:\WINDOWS\system32\wdvcore.dll deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp Desktop.ini sucessfully removed Zipping up files for submission: adding: CHMCAT.DLL (164 bytes security) (deflated 48%) adding: cigwin1.dll (164 bytes security) (deflated 48%) adding: cwyptdlg.dll (164 bytes security) (deflated 48%) adding: dqnlobby.dll (164 bytes security) (deflated 48%) adding: duloader.dll (164 bytes security) (deflated 48%) adding: fZultrep.dll (164 bytes security) (deflated 48%) adding: iass.dll (164 bytes security) (deflated 48%) adding: ivsecsvc.dll (164 bytes security) (deflated 48%) adding: kmdur.dll (164 bytes security) (deflated 48%) adding: ksdest.dll (164 bytes security) (deflated 48%) adding: kydic.dll (164 bytes security) (deflated 48%) adding: lkcmgr10.dll (164 bytes security) (deflated 48%) adding: mhjter40.dll (164 bytes security) (deflated 48%) adding: mmafd.dll (164 bytes security) (deflated 48%) adding: mogentr.dll (164 bytes security) (deflated 48%) adding: ovecnv32.dll (164 bytes security) (deflated 48%) adding: pfwave.dll (164 bytes security) (deflated 48%) adding: qjap.dll (164 bytes security) (deflated 48%) adding: rypwsx.dll (164 bytes security) (deflated 48%) adding: SjmpleRegistry.dll (164 bytes security) (deflated 48%) adding: smcbase.dll (164 bytes security) (deflated 48%) adding: WA5Inf32.DLL (164 bytes security) (deflated 48%) adding: wdvcore.dll (164 bytes security) (deflated 48%) adding: guard.tmp (164 bytes security) (deflated 48%) adding: clear.reg (164 bytes security) (deflated 2%) adding: echo.reg (164 bytes security) (deflated 10%) adding: desktop.ini (164 bytes security) (stored 0%) adding: direct.txt (164 bytes security) (stored 0%) adding: lo2.txt (164 bytes security) (deflated 89%) adding: readme.txt (164 bytes security) (deflated 52%) adding: test.txt (164 bytes security) (deflated 89%) adding: test2.txt (164 bytes security) (stored 0%) adding: test3.txt (164 bytes security) (stored 0%) adding: test5.txt (164 bytes security) (stored 0%) adding: xfind.txt (164 bytes security) (deflated 85%) adding: backregs/notibac.reg (164 bytes security) (deflated 87%) adding: backregs/shell.reg (164 bytes security) (deflated 63%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for predefined group "Administrators" Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332 Restoring Windows Update Certificates.: deleting local copy: CHMCAT.DLL deleting local copy: CHMCAT.DLL deleting local copy: cigwin1.dll deleting local copy: cigwin1.dll deleting local copy: cwyptdlg.dll deleting local copy: cwyptdlg.dll deleting local copy: dqnlobby.dll deleting local copy: dqnlobby.dll deleting local copy: duloader.dll deleting local copy: duloader.dll deleting local copy: fZultrep.dll deleting local copy: fZultrep.dll deleting local copy: iass.dll deleting local copy: iass.dll deleting local copy: ivsecsvc.dll deleting local copy: ivsecsvc.dll deleting local copy: kmdur.dll deleting local copy: kmdur.dll deleting local copy: ksdest.dll deleting local copy: ksdest.dll deleting local copy: kydic.dll deleting local copy: kydic.dll deleting local copy: lkcmgr10.dll deleting local copy: lkcmgr10.dll deleting local copy: mhjter40.dll deleting local copy: mhjter40.dll deleting local copy: mmafd.dll deleting local copy: mmafd.dll deleting local copy: mogentr.dll deleting local copy: mogentr.dll deleting local copy: ovecnv32.dll deleting local copy: ovecnv32.dll deleting local copy: pfwave.dll deleting local copy: pfwave.dll deleting local copy: qjap.dll deleting local copy: qjap.dll deleting local copy: rypwsx.dll deleting local copy: rypwsx.dll deleting local copy: SjmpleRegistry.dll deleting local copy: SjmpleRegistry.dll deleting local copy: smcbase.dll deleting local copy: smcbase.dll deleting local copy: WA5Inf32.DLL deleting local copy: WA5Inf32.DLL deleting local copy: wdvcore.dll deleting local copy: wdvcore.dll deleting local copy: guard.tmp deleting local copy: guard.tmp The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 The following are the files found: **************************************************************************** C:\WINDOWS\system32\CHMCAT.DLL C:\WINDOWS\system32\CHMCAT.DLL C:\WINDOWS\system32\cigwin1.dll C:\WINDOWS\system32\cigwin1.dll C:\WINDOWS\system32\cwyptdlg.dll C:\WINDOWS\system32\cwyptdlg.dll C:\WINDOWS\system32\dqnlobby.dll C:\WINDOWS\system32\dqnlobby.dll C:\WINDOWS\system32\duloader.dll C:\WINDOWS\system32\duloader.dll C:\WINDOWS\system32\fZultrep.dll C:\WINDOWS\system32\fZultrep.dll C:\WINDOWS\system32\iass.dll C:\WINDOWS\system32\iass.dll C:\WINDOWS\system32\ivsecsvc.dll C:\WINDOWS\system32\ivsecsvc.dll C:\WINDOWS\system32\kmdur.dll C:\WINDOWS\system32\kmdur.dll C:\WINDOWS\system32\ksdest.dll C:\WINDOWS\system32\ksdest.dll C:\WINDOWS\system32\kydic.dll C:\WINDOWS\system32\kydic.dll C:\WINDOWS\system32\lkcmgr10.dll C:\WINDOWS\system32\lkcmgr10.dll C:\WINDOWS\system32\mhjter40.dll C:\WINDOWS\system32\mhjter40.dll C:\WINDOWS\system32\mmafd.dll C:\WINDOWS\system32\mmafd.dll C:\WINDOWS\system32\mogentr.dll C:\WINDOWS\system32\mogentr.dll C:\WINDOWS\system32\ovecnv32.dll C:\WINDOWS\system32\ovecnv32.dll C:\WINDOWS\system32\pfwave.dll C:\WINDOWS\system32\pfwave.dll C:\WINDOWS\system32\qjap.dll C:\WINDOWS\system32\qjap.dll C:\WINDOWS\system32\rypwsx.dll C:\WINDOWS\system32\rypwsx.dll C:\WINDOWS\system32\SjmpleRegistry.dll C:\WINDOWS\system32\SjmpleRegistry.dll C:\WINDOWS\system32\smcbase.dll C:\WINDOWS\system32\smcbase.dll C:\WINDOWS\system32\WA5Inf32.DLL C:\WINDOWS\system32\WA5Inf32.DLL C:\WINDOWS\system32\wdvcore.dll C:\WINDOWS\system32\wdvcore.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ****************************************************************************

OK merci, sinon le premier rapport de L2MFIX ne te donne rien de précis?

Donc j'ai voulu lancer le 2 mais il me met que windows ne trouve pas "reboot.exe" alors qu'il est présent dans mes fichiers

Donc j'ai télechargé et installé mypctuneup et je l'ai lancé, j'ai redémarré, j'ai fait l'extraction des fichiers l2mfix, et voilà le rapport L2MFIX find log 1.04 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NetCache] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\cwyptdlg.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{ED22557C-041A-2065-2E46-BFFA495350F8}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{E72CC6DE-8769-4FC8-BF90-9BA776F8042D}"="" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{51917337-5113-4EC2-9CB6-C6212D0EF3E9}"="BPS Shredder Context Menu" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{B8AB3565-B0C8-4880-A8D4-DBA8DD979F1A}"="" "{FE7FEB63-5E3B-4190-8659-4309350B8B33}"="" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2567539F-9FB8-4BC4-9D53-9FD54BD5E9BC}"="" "{944A220B-F02D-41DD-806A-B1D8B7753DFB}"="" "{7BED816E-9AC1-495C-A690-EF479F568948}"="" "{1BAC3341-7518-4522-B72C-E353B4E22060}"="" "{67965746-42A9-4278-A4BA-44B5EF2E7B1E}"="" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{944A220B-F02D-41DD-806A-B1D8B7753DFB}] @="" [HKEY_CLASSES_ROOT\CLSID\{944A220B-F02D-41DD-806A-B1D8B7753DFB}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{944A220B-F02D-41DD-806A-B1D8B7753DFB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{944A220B-F02D-41DD-806A-B1D8B7753DFB}\InprocServer32] @="C:\\WINDOWS\\system32\\rypwsx.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{67965746-42A9-4278-A4BA-44B5EF2E7B1E}] @="" [HKEY_CLASSES_ROOT\CLSID\{67965746-42A9-4278-A4BA-44B5EF2E7B1E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{67965746-42A9-4278-A4BA-44B5EF2E7B1E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{67965746-42A9-4278-A4BA-44B5EF2E7B1E}\InprocServer32] @="C:\\WINDOWS\\system32\\pfwave.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: Locate .tmp files: ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 6062-82C8 R‚pertoire de C:\WINDOWS\System32 25/08/2005 18:29 417ÿ792 pfwave.dll 25/08/2005 17:14 417ÿ792 mhjter40.dll 25/08/2005 14:13 417ÿ792 mmafd.dll 25/08/2005 10:10 417ÿ792 dqnlobby.dll 25/08/2005 00:48 417ÿ792 CHMCAT.DLL 25/08/2005 00:02 417ÿ792 iass.dll 24/08/2005 23:52 417ÿ792 WA5Inf32.DLL 24/08/2005 23:34 417ÿ792 cigwin1.dll 24/08/2005 23:29 417ÿ792 lkcmgr10.dll 24/08/2005 22:58 417ÿ792 SjmpleRegistry.dll 24/08/2005 22:29 417ÿ792 ksdest.dll 24/08/2005 21:21 417ÿ792 kmdur.dll 24/08/2005 20:54 417ÿ792 kydic.dll 24/08/2005 20:46 417ÿ792 fZultrep.dll 24/08/2005 20:22 417ÿ792 mogentr.dll 24/08/2005 20:18 417ÿ792 wdvcore.dll 24/08/2005 19:57 417ÿ792 qjap.dll 23/08/2005 13:00 <REP> dllcache 23/08/2005 11:14 11ÿ270 KGyGaAvL.sys 21/08/2005 12:16 417ÿ792 ivsecsvc.dll 11/08/2005 02:46 417ÿ792 duloader.dll 11/08/2005 01:56 417ÿ792 ovecnv32.dll 10/08/2005 19:39 417ÿ792 rypwsx.dll 10/08/2005 19:27 417ÿ792 guard.tmp 10/08/2005 12:16 417ÿ792 cwyptdlg.dll 02/01/2005 18:46 <REP> Microsoft 24 fichier(s) 9ÿ620ÿ486 octets 2 R‚p(s) 11ÿ164ÿ468ÿ224 octets libres Je fait quoi ensuite?

C:\WINDOWS\system32\cwyptdlg.dll Pour celui la impossible de virer, parce que ce programme est utilisé

re! stomagel j'ai quelques soucis, ou je capte pas trés bien donc les etapes jusqu'à easy cleaner ça le fait même si je trouve pas tout à cochés. mais easy cleaner dans registre il me trouve 91 keys en vert, je ne sais pas quoi faire? supprimer tout? J'ai pas osé. pour les inutiles j'ai viré. pour le dossier l2mfix je trouve pas le fichier .bat je mets mon rapport quand même, désolé pour le reste Logfile of HijackThis v1.99.1 Scan saved at 18:13:01, on 25/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Office keyboard utility\1.1\nhksrv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\jxymrd.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\PowerArchiver\POWERARC.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_PA322\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O4 - HKLM\..\Run: [hxnjkd] C:\WINDOWS\system32\jxymrd.exe r O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\cwyptdlg.dll O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.1\nhksrv.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Merci stonangel En regardant mon rapport j'ai cette ligne la qui me pose réflexion O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Parce que j'ai plus aol ça peut être rien à voir.

Me revoilou! Aprés avoir fait les démarches, j'ai perdu ma connection internet, mais c'est maintenant résolu, mais j'ai toujours ce winfixer2005 truc de ouff, j'ai l'impression que même si je formaté mon DD il serait encore Là Voilà mon nouveau rapport. Logfile of HijackThis v1.99.1 Scan saved at 16:04:10, on 25/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Office keyboard utility\1.1\nhksrv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\wpldvq.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Windows\services32.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Fichiers communs\services.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\PowerArchiver\POWERARC.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_PA749\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O4 - HKLM\..\Run: [petimm] C:\WINDOWS\system32\wpldvq.exe r O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-58-12-0000117.exe O4 - HKCU\..\Run: [DNS] C:\Program Files\Fichiers communs\mc-58-12-0000117.exe O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O20 - Winlogon Notify: RunServicesOnce - C:\WINDOWS\system32\cwyptdlg.dll O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.1\nhksrv.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Ok! en fait la premiere intervention que j'ai fait, j'avais perdu mon fond ecran et les racourcis sur le bureau mes tout mes logiciels et applications etaint toujours présents, c'est style je suis sur call of dutty en ce moment ça me ferait caguer de perdre mes sauvegardes et l'application exe par exemple, pour le reste c'est sur mon disque ammovible interne. Donc je pense qu'il n'y a pas de soucis.

Salut charles, merci de t'occuper de mon cas, est ce que j'ai un risque de perdre des documents sous "C"?

Je n'est pas non plus de winfixer 2005 dans mes fichiers ajouter/supprimer mais il me fait toujours caguer

Salut! Voilà mon raport Logfile of HijackThis v1.99.1 Scan saved at 12:52:21, on 21/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Office keyboard utility\1.1\nhksrv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\PowerArchiver\POWERARC.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_PA440\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe" O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0035.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109369460718 O17 - HKLM\System\CCS\Services\Tcpip\..\{945B7BAF-71B6-43C0-A981-47395C644DE0}: NameServer = 192.168.1.1 O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\cwyptdlg.dll O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.1\nhksrv.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Me revoilà aprés 10 jours de vacances, et toujours mon probléme de winfixer 2005

Bon je vais me coucher, je part à 10h ce matin pour une semaine, je reviendrai vous voir pour essayer de resoudre ce problème merci