Zoltan sensei

est ce que qqn peux m'aider et me dire comment regler mon probleme ? Merci encore à tous de votre attention

Bonjour à tous, je commence à avoir de plus en plus de problèmes avec mon ordinateur... En effet il met de plus en plus de temps à s'éteindre et parfois même il s'arrete et ne s'éteint plus. C'est vraiment dommage... J'ai suivi la procédure de pré-désinfection de méga taupe, vidé le repertoir prefecth comme induiqé sur un post pour accéler la fermeture de windows, mais maintenant je reste quoi... Je vous poste le rapport et merci pour votre aide si précieuse... Logfile of HijackThis v1.99.1 Scan saved at 13:54:34, on 04/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Documents and Settings\Administrateur\Mes documents\MsgPlus.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\global\LOCALS~1\Temp\Rar$EX00.984\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [soltek] C:\WINDOWS\System32\autorun.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrateur\Mes documents\MsgPlus.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ? O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Securitoo Control Parental (OPTENET_FILTER) - Securitoo - C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe

en fait c'est bien esay cleaner que j'ai utilisé... Mon ordi se porte bien j'ai l'impression... Faut il encore que je fasse qqc ? Si tout est bon je vous remercie tous grandement pour votre disponibilité et votre aide perspicasse, rapide efficace etc... Bonne continuation...

J'ai deja fais un regcleaner, faut il quand meme que j'installe CCleaner à la place ? Et apres avoir vidé le fichier temp c'est fini ? C'est propre ?

J'ai un prob c'est que easy cleaner n'arrive pas à s'installer. Je ne sais pas quoi faire... Voici le rapport de Panda : Incident Statut Analyse Virus:W32/Sdbot.ftp Désinfecté C:\WINDOWS\SYSTEM32\i Adware:Adware/CommAd No Désinfecté C:\WINDOWS\TEMP\cmdinst.exe Adware:Adware/Sqwire No Désinfecté C:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe Outil indésirable:Application/Processor No Désinfecté C:\Program Files\l2mfix\l2mfix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\zoltan sensei\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\Cache\35897D89d01[Process.exe] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\zoltan sensei\Cookies\zoltan sensei@xiti[1].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\zoltan sensei\Cookies\zoltan [email protected][2].txt Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt[] Outil indésirable:Application/Processor No Désinfecté D:\Protection\l2mfix.exe[Process.exe] Outil indésirable:Application/Processor No Désinfecté D:\Protection\Zipé\SmitfraudFix.zip[Process.exe] Outil indésirable:Application/Processor No Désinfecté D:\Protection\SmitfraudFix\Process.exe Pour Regcleaner j'y arrive.

Voilà mon rapport de eiwdo : --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 20:52:08, 29/01/2006 + Somme de contrôle: 49AB850A + Résultats du scan: C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8PYZGHIJ\drsmartload[1].exe -> Downloader.Adload.j : Nettoyer et sauvegarder :mozilla.11:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder :mozilla.17:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.18:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.40:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.41:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.42:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.43:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.44:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder ::Fin du rapport Qu'est ce qu'il faut que je fasse maintenant ? Pour le prob de Win xp, c'est le suivant. Quand je fais la mise à jour service pack 2, il me dit que je n'ai pas une clé valide. Que dois faire ?

Voici le scan avec ewido : Par contre un truc bizarre il me dit que tout l2mfix est un spyware... --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 15:04:42, 29/01/2006 + Somme de contrôle: 3997DC3D + Résultats du scan: C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OTQR01QN\stubNsbg[1].exe -> Spyware.Maxifiles : Nettoyer et sauvegarder C:\WINDOWS\SYSTEM32\gain.exe -> Adware.Gator : Nettoyer et sauvegarder C:\ACE Mega CoDecS Pack\gain.exe -> Adware.Gator : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\dlls\awtodisc.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\dlls\enp6l17s1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\dlls\l2r00c9mef.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\dlls\mximg32.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\dlls\n08olal31dq.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\dlls\nvmsmgr.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\dlls\pnh.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\dlls\rnmotepg.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\backup.zip/dlls/awtodisc.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\backup.zip/dlls/enp6l17s1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\backup.zip/dlls/l2r00c9mef.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\backup.zip/dlls/mximg32.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\backup.zip/dlls/n08olal31dq.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\backup.zip/dlls/nvmsmgr.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\backup.zip/dlls/pnh.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\l2mfix\l2mfix\backup.zip/dlls/rnmotepg.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\OTQR01QN\stubNsbg[1].exe -> Spyware.Maxifiles : Nettoyer et sauvegarder C:\Documents and Settings\zoltan sensei\Local Settings\Temporary Internet Files\Content.IE5\OTQR01QN\stubNsbg[1].exe -> Spyware.Maxifiles : Nettoyer et sauvegarder C:\Documents and Settings\zoltan sensei\Cookies\zoltan [email protected][1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder C:\Documents and Settings\zoltan sensei\Cookies\zoltan sensei@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\zoltan sensei\Cookies\zoltan sensei@adtech[1].txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder C:\Documents and Settings\zoltan sensei\Cookies\zoltan sensei@overture[1].txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder :mozilla.7:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder :mozilla.16:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder :mozilla.17:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.18:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.19:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.20:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder :mozilla.21:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder :mozilla.22:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder :mozilla.32:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder :mozilla.34:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder :mozilla.38:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder :mozilla.39:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder :mozilla.40:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder :mozilla.57:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder :mozilla.58:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder :mozilla.59:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder :mozilla.60:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder :mozilla.61:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder :mozilla.62:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.63:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.65:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.66:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.69:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder :mozilla.70:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder :mozilla.77:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.78:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.79:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.80:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.81:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.82:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.83:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.87:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder :mozilla.117:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.118:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.119:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.120:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.139:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder :mozilla.140:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder :mozilla.141:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder :mozilla.142:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder :mozilla.143:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder :mozilla.144:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder :mozilla.145:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder :mozilla.147:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder :mozilla.148:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder :mozilla.149:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder :mozilla.154:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder :mozilla.174:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder :mozilla.178:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder :mozilla.179:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder :mozilla.182:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder :mozilla.190:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder :mozilla.191:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder :mozilla.192:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder :mozilla.193:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder :mozilla.194:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder :mozilla.195:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder :mozilla.196:C:\Documents and Settings\zoltan sensei\Application Data\Mozilla\Firefox\Profiles\q3oilxkr.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OTQR01QN\stubNsbg[1].exe -> Spyware.Maxifiles : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP9\A0004297.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP9\A0004328.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP10\A0004333.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP10\A0004341.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP10\A0004344.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP10\A0004348.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP10\A0004354.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP10\A0005351.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP21\A0005863.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP21\A0006003.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP22\A0006008.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP22\A0006013.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP22\A0006020.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP22\A0006021.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP22\A0006022.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP22\A0006023.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP22\A0006024.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{8317DC08-EB5F-4C86-86F9-C259D66A4D5D}\RP22\A0006025.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder ::Fin du rapport Un autre truc qui n'a rien à voir mais faut il que je passe de la version XP pro de base à celle service pack 2 ? Si oui qd je l'installe il me fait un erreur de clé que dois je faire ?

Bonjour, voici mes rapports des différents scans... Le premier c'est celui de l2mfix que j'ai fait : L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ExtShellViews] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\l2r00c9mef.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{0E58AE0F-73A1-FE91-047C-04FE3022FCB1}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur CCI" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran CCI" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante CCI" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Merge Shell Folder" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Microsoft SearchBand" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Abonnements" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder" "{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band" "{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu" "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site" "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar" "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand" "{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens" "{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image" "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures" "{7D688A77-C613-11D0-999B-00C04FD655E1}"="SlowFile Icon Overlay" "{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}"="" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}] @="" [HKEY_CLASSES_ROOT\CLSID\{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}\InprocServer32] @="C:\\WINDOWS\\system32\\mximg32.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ mximg32.dll Sun 29 Jan 2006 13:04:12 ..S.R 234 340 228,85 K cmuda.dll Thu 15 Dec 2005 18:48:20 A.... 172 032 168,00 K msvcr71.dll Thu 26 Jan 2006 12:42:44 A.... 348 160 340,00 K pnh.dll Sat 28 Jan 2006 16:08:16 ..S.R 236 355 230,81 K nvmsmgr.dll Sat 28 Jan 2006 18:13:34 ..S.R 234 439 228,94 K msvcp71.dll Thu 26 Jan 2006 12:42:44 A.... 499 712 488,00 K awtodisc.dll Sat 28 Jan 2006 13:49:46 ..S.R 234 946 229,44 K rnmotepg.dll Sat 28 Jan 2006 13:16:30 ..S.R 234 166 228,68 K enp6l1~1.dll Sat 28 Jan 2006 18:27:34 ..S.R 234 083 228,59 K l2r00c~1.dll Sat 28 Jan 2006 19:01:08 ..S.R 234 340 228,85 K n08ola~1.dll Sun 29 Jan 2006 13:04:12 ..S.R 235 720 230,20 K 11 items found: 11 files (8 H/S), 0 directories. Total of file sizes: 2 898 293 bytes 2,76 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 3851-1BF4 R‚pertoire de C:\WINDOWS\System32 29/01/2006 13:04 234ÿ340 mximg32.dll 29/01/2006 13:04 235ÿ720 n08olal31dq.dll 28/01/2006 19:01 234ÿ340 l2r00c9mef.dll 28/01/2006 18:27 234ÿ083 enp6l17s1.dll 28/01/2006 18:13 234ÿ439 nvmsmgr.dll 28/01/2006 16:08 236ÿ355 pnh.dll 28/01/2006 13:49 234ÿ946 awtodisc.dll 28/01/2006 13:16 234ÿ166 rnmotepg.dll 25/01/2006 21:35 <REP> Microsoft 25/01/2006 21:12 <REP> dllcache 8 fichier(s) 1ÿ878ÿ389 octets 2 R‚p(s) 574ÿ840ÿ832 octets libres Ensuite voici le second apres les reparations : L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 [email protected] Killing PID 316 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 [email protected] Killing PID 388 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 [email protected] Killing PID 1456 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 [email protected] Killing PID 1024 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). Deleting: C:\WINDOWS\system32\awtodisc.dll Successfully Deleted: C:\WINDOWS\system32\awtodisc.dll Deleting: C:\WINDOWS\system32\enp6l17s1.dll Successfully Deleted: C:\WINDOWS\system32\enp6l17s1.dll Deleting: C:\WINDOWS\system32\l2r00c9mef.dll Successfully Deleted: C:\WINDOWS\system32\l2r00c9mef.dll Deleting: C:\WINDOWS\system32\mximg32.dll Successfully Deleted: C:\WINDOWS\system32\mximg32.dll Deleting: C:\WINDOWS\system32\n08olal31dq.dll Successfully Deleted: C:\WINDOWS\system32\n08olal31dq.dll Deleting: C:\WINDOWS\system32\nvmsmgr.dll Successfully Deleted: C:\WINDOWS\system32\nvmsmgr.dll Deleting: C:\WINDOWS\system32\pnh.dll Successfully Deleted: C:\WINDOWS\system32\pnh.dll Deleting: C:\WINDOWS\system32\rnmotepg.dll Successfully Deleted: C:\WINDOWS\system32\rnmotepg.dll msg11?.dll 0 fichier(s) copi‚(s). Desktop.ini sucessfully removed Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ExtShellViews] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\l2r00c9mef.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\awtodisc.dll C:\WINDOWS\system32\enp6l17s1.dll C:\WINDOWS\system32\l2r00c9mef.dll C:\WINDOWS\system32\mximg32.dll C:\WINDOWS\system32\n08olal31dq.dll C:\WINDOWS\system32\nvmsmgr.dll C:\WINDOWS\system32\pnh.dll C:\WINDOWS\system32\rnmotepg.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}] @="" [HKEY_CLASSES_ROOT\CLSID\{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}\InprocServer32] @="C:\\WINDOWS\\system32\\mximg32.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}"=- [-HKEY_CLASSES_ROOT\CLSID\{2B9D31F8-B4A9-4D63-A97E-7B51B84388D2}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/awtodisc.dll (deflated 5%) adding: dlls/enp6l17s1.dll (deflated 4%) adding: dlls/l2r00c9mef.dll (deflated 5%) adding: dlls/mximg32.dll (deflated 5%) adding: dlls/n08olal31dq.dll (deflated 5%) adding: dlls/nvmsmgr.dll (deflated 5%) adding: dlls/pnh.dll (deflated 5%) adding: dlls/rnmotepg.dll (deflated 4%) adding: backregs/notibac.reg (deflated 87%) adding: backregs/shell.reg (deflated 74%) adding: backregs/2B9D31F8-B4A9-4D63-A97E-7B51B84388D2.reg (deflated 70%) Par contre je n'arrive pas à lancer le programme cleanreg... Je vais essayer de le trouver autre part. Par contre j'ai un soucis, j'ai supprimé le fichier explorer.exe dans c:\windows\prefetch C'eset grave ? Un autre soucis, je ne vois plus tres clair dans toutes les explications, que faut il que je fasse maintenant ? J'ai fais un scan avec hijackthis. Je poste le resultat : Logfile of HijackThis v1.99.1 Scan saved at 13:49:13, on 29/01/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\DaemonTools\daemon.exe C:\WINDOWS\System32\MMTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\zoltan sensei\Bureau\Protection\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\DaemonTools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138398244897 O20 - Winlogon Notify: ExtShellViews - C:\WINDOWS\system32\l2r00c9mef.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe Merci pour votre aide...

Alors le rapprt smithfraud est le suivant SmitFraudFix v2.15 Rapport fait à 18:25:21,12 le 28/01/2006 Executé à partir de C:\Documents and Settings\zoltan sensei\Bureau\Protection\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\migicons.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport le rapport hijackthis en mode normal que j'ai fait apres : Logfile of HijackThis v1.99.1 Scan saved at 18:27:59, on 28/01/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\DaemonTools\daemon.exe C:\WINDOWS\System32\MMTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\zoltan sensei\Bureau\Protection\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\DaemonTools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138398244897 O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\lvjm0911e.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe Merci pour votr eaide si précieuse en tout cas...

Voici le post de mon analysee avec smitfraud SmitFraudFix v2.15 Rapport fait à 16:53:43,84 le 28/01/2006 Executé à partir de C:\Documents and Settings\zoltan sensei\Bureau\Protection\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 C:\WINDOWS\system32\migicons.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\zoltan sensei\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Le plus bizarre pour l'imprimante c'est que je n'arrive pas à arreter un processus dans le gestionnaire de tahce pour finir de tout supprimer... Faut-il que je redemmare en sans echec ?

Voilà le rapport de Hijackthis après le passage de cleanmgr... Logfile of HijackThis v1.99.1 Scan saved at 16:09:35, on 28/01/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\DaemonTools\daemon.exe C:\WINDOWS\System32\MMTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\wuauclt.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lequipe.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\DaemonTools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: Win32 Classes - O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138398244897 O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\e020lafm1d2a.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe Pour la ligne de commande que tu as cité avant je ne sais pas trop je suis pas un expert... Par contre un truc bizarre c'set que je n'ai pas d'EPSON mais une HP... Faut t'il que je fasse qqc de particulier ?

Bonjour, je ne sais que faire est ce que tout est bon là dedans ??? Comme systeme j'ai Windows XP avecun AMD 900 et 512 de RAM. Je sais pas s'il y a assez d'infos. Merci de m'aider.. J'ai des pubs qui n'arretent pas de s'afficher meme qd je fais rien... Logfile of HijackThis v1.99.1 Scan saved at 22:26:06, on 27/01/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\DaemonTools\daemon.exe C:\WINDOWS\System32\MMTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\zoltan sensei\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lequipe.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\DaemonTools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: Win32 Classes - O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\enl4l13q1.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe En tout cas j'ai un gros doute sur ces trois là O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe