arnaud paris

Bonjour, Je ne vois pas ta derniere repomse regis merci de me la redonner Arnaud

Bonjour, Voila le rapport de fsecure 04/19/06 10:31:16 [info]: BlackLight Engine 1.0.35 initialized 04/19/06 10:31:16 [info]: OS: 5.1 build 2600 (Dodatek Service Pack 2) 04/19/06 10:31:17 [Note]: 7019 4 04/19/06 10:31:17 [Note]: 7005 0 04/19/06 10:31:33 [Note]: 7006 0 04/19/06 10:31:33 [Note]: 7011 2012 04/19/06 10:31:34 [Note]: 7026 0 04/19/06 10:31:35 [Note]: 7026 0 04/19/06 10:31:35 [Note]: FSRAW library version 1.7.1015 Cordialement Arnaud

Bonjour, Concernant les fichiers cites . C:\Windows\System32\hjewyrgcp.exe PAS DE TRACE C:\Windows\System32\hjewyrgcp.dat Il EST BIEN LA C:\Windows\System32\hjewyrgcp_nav.dat IL EST LA AUSSI C:\Windows\System32\hjewyrgcp_navps.dat IL EST LA EGALEMENT Cordialement Merci d4avance de ta reponse Arnaud

Re Bonsoir, Voila le rapport de panda en ligne suivi d4un nouveu rapport hijack this Incident Statut Analyse Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Maciej\Cookies\maciej@bluestreak[2].txt Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Maciej\Cookies\maciej@tradedoubler[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Maciej\Cookies\maciej@xiti[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt[] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Maciej\Ustawienia lokalne\Temp\Cookies\maciej@xiti[1].txt Adware:Adware/IST.ISTBar No Désinfecté C:\Program Files\Common Files\Totem Shared\Update\distribution.dll.043 Adware:Adware/IST.ISTBar No Désinfecté C:\Program Files\Common Files\Totem Shared\Update\music.dll.021 Adware:Adware/IST.ISTBar No Désinfecté C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.070 Adware:Adware/IST.ISTBar No Désinfecté C:\Program Files\Common Files\Totem Shared\Update\windowsex.dll.039 Adware:adware/gator No Désinfecté C:\WINDOWS\GatorFDDLI.log Dialer:Dialer.B No Désinfecté C:\WINDOWS\p2esocks_1048.dll Dialer:Dialer.B No Désinfecté C:\WINDOWS\system32\eg_auth_srv_1048.dll Adware:adware/navipromo No Désinfecté C:\WINDOWS\system32\hjewyrgcp_nav.dat Hijack this Logfile of HijackThis v1.99.1 Scan saved at 22:55:32, on 2006-04-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Real\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Real\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/.../client/wuweb_s ite.cab?1140995324841 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{642D0FAE-18B4-40E9-A366-922BFA77DBC7}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe Cordialement Arnaud

Bonsoir, Je suis en train de faire un scan panda, je te post le resultat des aue c est pret, plus un nouveau rapport hijack this. concernant les lignes a cocher, je n ai pas coche les lignes suivantes R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = La raion est aue c est l ordi d un ami qui est en pologne avec moi en ce moment, aussi les sites indiaues correspondent reellememt a quelaue chose de connu, je suis a l ecoute de ton avis... Sur ce pc, il n y a que le pare feu de windows, je suis preneur d une solution efficace et meilleure et si possible gratuite. Concernant les mises a jour de windows, je les ferai. Merci et a tout a l heure. arnaud

Re Bonjour, Merci de tes conseils avises . voici le rapport suite au scan co;plet de evido et ensuite un nouvel hijack this apres ce scan . Evido . --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 17:08:21, 2006-04-18 + Report-Checksum: 47750C36 + Scan result: C:\Documents and Settings\Maciej\Cookies\maciej@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Maciej\Cookies\maciej@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.22:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.23:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.24:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.39:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.40:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.44:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adbutler : Cleaned with backup :mozilla.45:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adbutler : Cleaned with backup :mozilla.46:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adbutler : Cleaned with backup :mozilla.47:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.48:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.50:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.51:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.52:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.53:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.57:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.58:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.80:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.86:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.87:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.88:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.112:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.113:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.114:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.115:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.116:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.117:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.118:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.122:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup :mozilla.123:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.124:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.126:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.127:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.128:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.129:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.130:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.131:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.132:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.133:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.134:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.135:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.136:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.137:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.139:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.140:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.159:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup :mozilla.195:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.196:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.205:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.229:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.230:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.237:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup :mozilla.262:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.280:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.281:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.305:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.306:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.317:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup :mozilla.320:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.346:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.352:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.353:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.354:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.355:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.366:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.367:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.368:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.369:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.370:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.371:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.372:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.373:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.374:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.375:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.376:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.377:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.384:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.385:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.386:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.387:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.388:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.389:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficcenter : Cleaned with backup :mozilla.390:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficcenter : Cleaned with backup :mozilla.391:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficcenter : Cleaned with backup :mozilla.392:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficcenter : Cleaned with backup :mozilla.393:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficcenter : Cleaned with backup :mozilla.394:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.395:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.396:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.401:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.402:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.410:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.411:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.430:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.431:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.439:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.440:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.441:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup :mozilla.444:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup :mozilla.445:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup :mozilla.449:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.450:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.451:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.462:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.71i : Cleaned with backup :mozilla.465:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.466:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.467:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.468:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.469:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.474:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup :mozilla.475:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup :mozilla.476:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup :mozilla.477:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup :mozilla.493:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Inet-cash : Cleaned with backup :mozilla.494:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Inet-cash : Cleaned with backup :mozilla.499:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup :mozilla.500:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.501:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.502:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.525:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.529:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.530:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.531:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.532:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.542:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.577:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.615:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.616:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.617:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.8:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.14:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.15:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.16:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.17:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.18:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.19:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.20:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.21:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.27:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.29:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup C:\Documents and Settings\Maciej\Pulpit\Nieużywane skróty pulpitu\Ulubione strony.exe -> Heuristic.Win32.Dialer : Cleaned with backup C:\Documents and Settings\Maciej\Ustawienia lokalne\Temp\Cookies\maciej@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup C:\Documents and Settings\Maciej\Ustawienia lokalne\Temp\Cookies\maciej@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Maciej\Ustawienia lokalne\Temp\SAcc.prod.v1158.02mar2006.exe.77bf176e5dca598920408defa75a7c80 -> Adware.SurfAccuracy : Cleaned with backup C:\Documents and Settings\Maciej\Ustawienia lokalne\Temp\uninstall.exe -> Adware.SurfAcc : Cleaned with backup C:\Program Files\Hijack this\backups\backup-20060418-142906-625.dll -> Dialer.InstantAccess.e : Cleaned with backup C:\WINDOWS\antyvirk.exe -> Heuristic.Win32.Dialer : Cleaned with backup C:\WINDOWS\system32\egaccess4_1059.dll -> Trojan.Dialer.pc : Cleaned with backup C:\WINDOWS\system32\hjewyrgcp.exe -> Adware.NaviPromo : Cleaned with backup C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Cleaned with backup C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup D:\Instalki\Instant-Access.exe -> Dialer.InstantAccess.m : Cleaned with backup ::Report End Hijack this Logfile of HijackThis v1.99.1 Scan saved at 17:12:18, on 2006-04-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WgaTray.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Real\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - blank (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing) O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Real\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/.../client/wuweb_s ite.cab?1140995324841 O17 - HKLM\System\CCS\Services\Tcpip\..\{642D0FAE-18B4-40E9-A366-922BFA77DBC7}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe cordialement Arnaud

Bomjour, merci de ces precisions. j ai fixe les ligmes mentionnes avec hijack this. une precision avant d installer hevido, est ce un antivirus et dois desinstaller antivir le cas echeant merci par avance arnaud

Rebonjour, J ai installe spybot, fait une analyse. Outre winfixer, il semble avoir eradiaque un bon nombre de spywares. voila le nouveau rapport hijack this merci d avance de votre aide Logfile of HijackThis v1.99.1 Scan saved at 12:57:12, on 2006-04-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Real\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - blank (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing) O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Real\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [instant Access] rundll32.exe EGACCESS4_1060.dll,InstantAccess O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2E..._1049_EN_XP.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140995324841 O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4...ccess4_1060.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Merci de tes reponses> Je vais essayer avec spybot, ;ais j4ai;erias bien un avis expert en securite> Cordialement Arnaud

Bonjour, Merci de votre aide pour analyse rapport hijack pc infecte . les manips prealables ont ete faites, antivir, configuration, dossiers caches, etc le rapport est dessous Logfile of HijackThis v1.99.1 Scan saved at 11:06:37, on 2006-04-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WgaTray.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Real\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\DOCUME~1\Maciej\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - blank (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing) O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Real\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [instant Access] rundll32.exe EGACCESS4_1060.dll,InstantAccess O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /scan O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2E..._1049_EN_XP.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140995324841 O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4...ccess4_1060.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe Merci Arnaud

Merci de ta réponse. Oui des problèmes bizarres. Des interruptions assez fréquentes. Des Blocages. Des tas de petits soucis divers : impossible de graver, l'ordinateur plante régulièrement.... Une idée ??? Merci d'avance. Cordialement

Bonjour, Quelqu'un peut-il me dire si ce fichoer Hijack indique quelque chose d'anormal : Merci d'avance. Arnaud Logfile of HijackThis v1.99.1 Scan saved at 16:14:19, on 01/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\macromed\flash\GetFlash.exe C:\DOCUME~1\BARBIER\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: LostGoggles plug-in (web site preview snapshots - www.lostgoggles.com) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\Program Files\LostGoggles\LGoggles.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122362387299 O17 - HKLM\System\CCS\Services\Tcpip\..\{49A18BF3-BFF2-4826-8027-E22E8092B7A1}: NameServer = 80.10.246.1 80.10.246.132 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Bonjour, Je trouve les dossier suivants en recherchant Backups : HCKU domains.reg HCKU Range.reg Est-ce les bons ? Cordialement Arnaud

Bonjour, Merci de cette précision. Nénmoins, je n'ai pas trouvé de sauvegarde dans les "backups" de Hijack. Comment rétablir cette ligne ? Cordialement Arnaud

Re, Ligne indiqué fixée. Voici le nouveau rapport Hijack : Logfile of HijackThis v1.99.1 Scan saved at 18:50:05, on 01/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Apps\Softex\OmniPass\scureapp.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe D:\DOCUME~1\ARNAUD\LOCALS~1\Temp\Répertoire temporaire 6 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...se=6&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE O4 - Global Startup: Phone Connection Monitor.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe Merci. Arnaud

Re, Suite du processus : L2mfix option 2 rapport : L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 644 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 732 'winlogon.exe' Killing PID 732 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 2824 'explorer.exe' Killing PID 2824 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina] "ASYNCHRONOUS"=dword:00000000 "DISCONNECT"="OPWlxDisconnect" "DLLNAME"="C:\\Apps\\Softex\\OmniPass\\opxpgina.dll" "IMPERSONATE"=dword:00000000 "LOCK"="OPWlxLock" "LOGOFF"="OPWlxLogoff" "LOGON"="OPWlxLogon" "RECONNECT"="OPWlxReconnect" "SHUTDOWN"="OPWlxShutdown" "STARTSCREENSAVER"="OPWlxStartScreenSaver" "STARTSHELL"="OPWlxStartShell" "STARTUP"="OPWlxStartup" "STOPSCREENSAVER"="OPWlxStopScreenSaver" "UNLOCK"="OPWlxUnlock" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/notibac.reg (164 bytes security) (deflated 87%) adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Re, J'ai fixé avec Hijack les lignes indiquées. J'ai installé L2mfix, fais option 1 : voivi le rapport : L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina] "ASYNCHRONOUS"=dword:00000000 "DISCONNECT"="OPWlxDisconnect" "DLLNAME"="C:\\Apps\\Softex\\OmniPass\\opxpgina.dll" "IMPERSONATE"=dword:00000000 "LOCK"="OPWlxLock" "LOGOFF"="OPWlxLogoff" "LOGON"="OPWlxLogon" "RECONNECT"="OPWlxReconnect" "SHUTDOWN"="OPWlxShutdown" "STARTSCREENSAVER"="OPWlxStartScreenSaver" "STARTSHELL"="OPWlxStartShell" "STARTUP"="OPWlxStartup" "STOPSCREENSAVER"="OPWlxStopScreenSaver" "UNLOCK"="OPWlxUnlock" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}"="OmniPass Shell Extension" "{D0CE97A0-415B-42E9-B251-34393AF2D5F6}"="OmniPass Shell Extension" "{D5B1944E-DB4E-482E-B3F1-DB05827F0978}"="OmniPass ShellNameSpace Extension" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{fc181130-05a0-11d6-8140-000102e745a6}"="Mon P910i" "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu" "{1EBC3533-B289-409F-9924-B84B3F0717D2}"="AceFTP Context Menu Shell Extension" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Broyeur Window Washer" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ avsda.dll Wed 18 Jan 2006 13:06:02 A.... 57 344 56,00 K browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M gdi32.dll Thu 29 Dec 2005 3:56:04 A.... 280 064 273,50 K legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534 280 521,76 K livesnth.dll Sat 28 Jan 2006 23:11:22 A.... 278 528 272,00 K mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M pxsfs.dll Thu 22 Dec 2005 12:11:56 ..... 1 093 632 1,04 M shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K vxblock.dll Thu 22 Dec 2005 12:11:56 ..... 28 672 28,00 K wmploc.dll Tue 8 Nov 2005 12:55:28 A.... 3 424 256 3,27 M 12 items found: 12 files, 0 directories. Total of file sizes: 12 889 352 bytes 12,29 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle HDD Le num‚ro de s‚rie du volume est 506C-DDD9 R‚pertoire de C:\WINDOWS\System32 30/01/2006 18:32 <REP> dllcache 30/01/2006 17:36 5 AuxDrv32ds_g.ods 12/09/2005 23:50 <REP> Microsoft 1 fichier(s) 5 octets 2 R‚p(s) 222ÿ150ÿ107ÿ136 octets libres Merci d'avance. Arnaud

Bonjour, Juste le pare feu de windows. J'ai viré norton et mis antivir. Je lis tes recommandations, les fais et je reposte. Cordialement.

Hawai est supprimé en mode sans echec. Si jai relance un sujet c'etait pour une confirmation d'un conseiller comme tu me l'avais préconisé. Concernant RxToolbar je ne ke trouve nulle part. Cordialement

Bonjour, J'ai fait toutes les manips préalables indiqués par Mégataupe. Je souhaiterais avoir une analyse à ce niveau d'un conseiller de séurité. Voici le rapport Jijack : Logfile of HijackThis v1.99.1 Scan saved at 17:49:57, on 01/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\MIC\HAWAII\Hawaii.exe C:\Apps\Softex\OmniPass\scureapp.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE C:\Program Files\MIC\HAWAII\Hawaii.exe C:\Program Files\MIC\HAWAII\Hawaii.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe D:\DOCUME~1\ARNAUD\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...se=6&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE O4 - Global Startup: Phone Connection Monitor.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe Merci d'avance. Cordialement

Re Bruce, J'ai en fait trouvé le dossier Mic/ Hawai, mais il est impossible de le supprimer manuellement, même en enlevant l'option lecture seule. As-tu une piste pour l'enlever ? Merci d'avance. Arnaud

Bonjour, C'est une radéon toute récente. Cordialement

Bonjo Merci de ces infos charles. Je vais aller voir. Bruce lee, Je ne trouve pas les programmes Hawai ni rx Tollbar dans programme file, ni en lançant une recherche approfondie. J'attends une confirmation d'un agent de sécurité comme tu me l'as précisé. Cordialement

Ca ne me dit rien non plus. Arnaud

Re bonjour, Hawai.exe, connais pas Concernant Hijack, lavais pourtant placé dans programme file. Si j'ai bien compris je fix les deux lignes o4 et la ligne o18. Merci