Aller au contenu

comval

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    156

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par comval

  1. comval
    Re, Ci dessous le log l2mfix : L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/notibac.reg (deflated 72%) adding: backregs/shell.reg (deflated 74%) adding: backregs/B74A2A2E-CA40-4C37-848B-6DF7D35CA99C.reg (deflated 70%) adding: backregs/058AFE0B-BD81-4A7D-BD1F-4CB50763FB51.reg (deflated 71%) adding: backregs/131B9CF6-7EC9-47D8-8525-19E88A897160.reg (deflated 71%) adding: backregs/55FAA4FE-6E01-471F-AC29-FADBE34C5D67.reg (deflated 71%) adding: backregs/4057CB62-5C8C-4A5C-87DC-84EB370FA5A8.reg (deflated 71%) adding: backregs/1FCD20CF-7657-43F0-AAAC-832634C72B82.reg (deflated 70%) adding: backregs/F4B36F05-CA8A-4C9C-A88C-3D102BF314B3.reg (deflated 70%) Et le nouveau HiJack This : Logfile of HijackThis v1.99.1 Scan saved at 18:22:08, on 17/03/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\cisvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\rundll32.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\pctspk.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\PRPCUI.exe C:\Program Files\DELL\AccessDirect\dadapp.exe C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE C:\Program Files\DELL\AccessDirect\DadTray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\HiJackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 212.83.149.119 Home/Brother Internet/FR O1 - Hosts: 212.83.149.119 Home.brother.fr O1 - Hosts: 212.83.149.121 fw-brother O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [CD-Eject Launcher V1] "C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\r4r60e9seh.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe Merci d'avance!
  2. comval
    Merci de tes encouragements !! Ci-dessous le rapport demandé : L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall] "Asynchronous"=dword:00000000 "DllName"="C:\\WINNT\\system32\\r4r60e9seh.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{9238F780-E8F2-300D-02DD-EAF3E8412071}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="Extension du Panneau de configuration PlusPack" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'interpr‚teur de commandes" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour les objets Microsoft Windows Network" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'interpr‚teur de commandes pour la compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension du shell d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau et accŠs … distance" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{1A9BA3A0-143A-11CF-8350-444553540000}"="Dossier favori du shell" "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="Poste de travail" "{86747AC0-42A0-1069-A2E6-08002B30309D}"="Porte-documents" "{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Raccourci vers le dossier" "{12518493-00B2-11d2-9FA5-9E3420524153}"="Volume mont‚" "{21B22460-3AEA-1069-A2DC-08002B30309D}"="Extension de la page de propri‚t‚s des fichiers" "{B091E540-83E3-11CF-A713-0020AFD79762}"="Page des types de fichiers" "{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Gestionnaire des types de fichiers MIME" "{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Service Copier vers Microsoft" "{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Service D‚placer vers Microsoft" "{13709620-C279-11CE-A49E-444553540000}"="Service d'automatisation de l'interface" "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View" "{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menu D‚marrer" "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Service SendTo Microsoft" "{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Service Nouvel objet Microsoft" "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Ouvrir avec le gestionnaire de menu contextuel" "{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Afficher les extensions HTML du Panneau de configuration" "{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop" "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Extension de la page de propri‚t‚s des options des dossiers" "{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon" "{4657278A-411B-11d2-839A-00C04FD918D0}"="Application d'aide du systŠme pour le glisser-d‚placer" "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Ajouter l'‚l‚ment de cryptage dans les menus contextuels de l'Explorateur" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Dossier Bureau" "{5b4dae26-b807-11d0-9815-00c04fd91972}"="Bande de menus" "{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Suivi du menu Shell" "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site" "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Barre du Bureau" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7487cd30-f71a-11d0-9ea7-00805f714772}"="Image miniature" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures" "{EAB841A0-9550-11CF-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Extracteur de miniatures des filtres graphiques Office" "{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'application du shell" "{0B124F8C-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menu Fichiers hors connexion" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Options du dossier Fichiers hors connexion" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind" "{445E4740-3BF5-11D0-9384-D0B903C10E27}"="Split File Shell Extension v3.1b" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{B74A2A2E-CA40-4C37-848B-6DF7D35CA99C}"="" "{058AFE0B-BD81-4A7D-BD1F-4CB50763FB51}"="" "{131B9CF6-7EC9-47D8-8525-19E88A897160}"="" "{55FAA4FE-6E01-471F-AC29-FADBE34C5D67}"="" "{4057CB62-5C8C-4A5C-87DC-84EB370FA5A8}"="" "{1FCD20CF-7657-43F0-AAAC-832634C72B82}"="" "{F4B36F05-CA8A-4C9C-A88C-3D102BF314B3}"="" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B74A2A2E-CA40-4C37-848B-6DF7D35CA99C}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{B74A2A2E-CA40-4C37-848B-6DF7D35CA99C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B74A2A2E-CA40-4C37-848B-6DF7D35CA99C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B74A2A2E-CA40-4C37-848B-6DF7D35CA99C}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{058AFE0B-BD81-4A7D-BD1F-4CB50763FB51}] @="" [HKEY_CLASSES_ROOT\CLSID\{058AFE0B-BD81-4A7D-BD1F-4CB50763FB51}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{058AFE0B-BD81-4A7D-BD1F-4CB50763FB51}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{058AFE0B-BD81-4A7D-BD1F-4CB50763FB51}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{131B9CF6-7EC9-47D8-8525-19E88A897160}] @="" [HKEY_CLASSES_ROOT\CLSID\{131B9CF6-7EC9-47D8-8525-19E88A897160}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{131B9CF6-7EC9-47D8-8525-19E88A897160}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{131B9CF6-7EC9-47D8-8525-19E88A897160}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{55FAA4FE-6E01-471F-AC29-FADBE34C5D67}] @="" [HKEY_CLASSES_ROOT\CLSID\{55FAA4FE-6E01-471F-AC29-FADBE34C5D67}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{55FAA4FE-6E01-471F-AC29-FADBE34C5D67}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{55FAA4FE-6E01-471F-AC29-FADBE34C5D67}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4057CB62-5C8C-4A5C-87DC-84EB370FA5A8}] @="" [HKEY_CLASSES_ROOT\CLSID\{4057CB62-5C8C-4A5C-87DC-84EB370FA5A8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4057CB62-5C8C-4A5C-87DC-84EB370FA5A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4057CB62-5C8C-4A5C-87DC-84EB370FA5A8}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1FCD20CF-7657-43F0-AAAC-832634C72B82}] @="" [HKEY_CLASSES_ROOT\CLSID\{1FCD20CF-7657-43F0-AAAC-832634C72B82}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1FCD20CF-7657-43F0-AAAC-832634C72B82}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1FCD20CF-7657-43F0-AAAC-832634C72B82}\InprocServer32] @="C:\\WINNT\\system32\\mummoh.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F4B36F05-CA8A-4C9C-A88C-3D102BF314B3}] @="" "IDEx"="AD" [HKEY_CLASSES_ROOT\CLSID\{F4B36F05-CA8A-4C9C-A88C-3D102BF314B3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F4B36F05-CA8A-4C9C-A88C-3D102BF314B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F4B36F05-CA8A-4C9C-A88C-3D102BF314B3}\InprocServer32] "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINNT\SYSTEM32\ demv2clt.dll Fri 17 Mar 2006 17:06:52 ..S.R 234 933 229,43 K mgrd2x40.dll Fri 17 Mar 2006 16:45:44 ..S.R 234 033 228,55 K mummoh.dll Fri 17 Mar 2006 17:50:00 ..S.R 235 627 230,10 K r4r60e~1.dll Fri 17 Mar 2006 17:06:52 ..S.R 235 627 230,10 K k6jslg~1.dll Fri 17 Mar 2006 17:48:54 ..S.R 234 933 229,43 K atmtd.dll Thu 16 Mar 2006 14:04:42 A.... 687 592 671,48 K dmsshlex.dll Fri 17 Mar 2006 15:25:40 ..S.R 237 271 231,71 K avsda.dll Wed 18 Jan 2006 13:06:02 A.... 57 344 56,00 K 8 items found: 8 files (6 H/S), 0 directories. Total of file sizes: 2 157 360 bytes 2,05 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 07D2-0903 R‚pertoire de C:\WINNT\System32 17/03/2006 17:50 235ÿ627 mummoh.dll 17/03/2006 17:48 234ÿ933 k6jslg1716.dll 17/03/2006 17:06 235ÿ627 r4r60e9seh.dll 17/03/2006 17:06 234ÿ933 demv2clt.dll 17/03/2006 16:45 234ÿ033 mgrd2x40.dll 17/03/2006 15:25 237ÿ271 dmsshlex.dll 03/09/2002 13:28 <DIR> dllcache 6 fichier(s) 1ÿ412ÿ424 octets 1 R‚p(s) 24ÿ946ÿ409ÿ472 octets libres Je ne sais vraiment pas comment vous faites pour comprendre tout cela !!! Bravo et merki...!!
  3. comval
    Bonjour à tous, Tout d'abord et encore une fois, merci de votre aide ! Alors je me suis lancé en début d'aprèsm, et après deux heures de lutte et la réalisation du post tuto, voici les résultats : --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 16:29:40, 17/03/2006 + Somme de contrôle: 4A501FE4 + Résultats du scan: HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Nettoyer et sauvegarder HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Nettoyer et sauvegarder HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Nettoyer et sauvegarder [376] C:\WINNT\system32\dmsshlex.dll -> Adware.Look2Me : Erreur durant le nettoyage [432] C:\WINNT\system32\dmsshlex.dll -> Adware.Look2Me : Erreur durant le nettoyage C:\WINNT\SYSTEM32\ctrpol.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\gvedit.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\RBSSAPI.DLL -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\caseqchk.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\drlayx.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\dwutil.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\dzmstor.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\KGDSP.DLL -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\cudial32.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\RFSDLG.DLL -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\GYKRSRC.DLL -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\g040lahm1d4a.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\PYAPI.DLL -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\cvdial32.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\l42s0ef7eh2.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\ioss.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\oojsel.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\spvsvc.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\cdyptdll.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\lv0o09d3e.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\mcwstr10.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\cnseqchk.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\dgloader.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\fQxadmin.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\desrslvr.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\rvm.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\ad.html -> Hijacker.Agent.e : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\whvdmoe.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\mccorier.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\ir2sl5f71.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\PSM.DLL -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\jMvart.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\en2ul1f91.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\aza0lahm1d4a.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\lv4609hse.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\irnul5591.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\mv0ml9d11.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\e402ledo1h0c.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\fpr6039se.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\SYSTEM32\jZp0la7m1d.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINNT\YnJvdGhlcg\asappsrv.dll -> Adware.CommAd : Nettoyer et sauvegarder C:\WINNT\icont.exe -> Adware.AdURL : Nettoyer et sauvegarder C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\LTROJCZU\stubNsbg[1].exe -> Adware.Maxifiles : Nettoyer et sauvegarder C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\LTROJCZU\Installer[2].exe -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\00OHYPLQ\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Nettoyer et sauvegarder :mozilla.6:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.7:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.8:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.9:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.10:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.11:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.12:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.13:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.14:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.15:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.16:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.17:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.21:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.22:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.23:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.29:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Paypopup : Nettoyer et sauvegarder :mozilla.30:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Paypopup : Nettoyer et sauvegarder :mozilla.31:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Paypopup : Nettoyer et sauvegarder :mozilla.32:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Paypopup : Nettoyer et sauvegarder :mozilla.33:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Paypopup : Nettoyer et sauvegarder :mozilla.34:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Nettoyer et sauvegarder :mozilla.35:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.38:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.39:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.44:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.45:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.46:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.52:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder :mozilla.53:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder :mozilla.56:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder :mozilla.64:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.66:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.68:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.69:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.70:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rtbqokne.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Nettoyer et sauvegarder C:\Installer.exe -> Adware.Look2Me : Nettoyer et sauvegarder C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Nettoyer et sauvegarder ::Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 16:42:15, on 17/03/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\cisvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINNT\system32\rundll32.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\pctspk.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\PRPCUI.exe C:\Program Files\DELL\AccessDirect\dadapp.exe C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE C:\Program Files\DELL\AccessDirect\DadTray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HiJackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 212.83.149.119 Home/Brother Internet/FR O1 - Hosts: 212.83.149.119 Home.brother.fr O1 - Hosts: 212.83.149.121 fw-brother O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [CD-Eject Launcher V1] "C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr O20 - Winlogon Notify: Setup - C:\WINNT\system32\h80qlid5180.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe Précision, en redémarrant en mode normal et en me connectant, j'ai encore deux pop-ups qui s'ouvrent, même s'ils ont l'air moins virulents... Merci d'avance de vos précieux conseils s'il reste des malwares dans mon ordi...!
  4. comval
    Yep, sorry, vous avez posté vos seconds conseils pour l'install d'un pare feu et d'Activir pendant que je n'étais plus connecté pour faire le pré-nettoyage ! Entre temps, j'ai installé Kerio, je l'avais sur une autre machine, donc je savais mieux le configurer ! Et j'ai réinstallé antivir! En tout cas, merci de votre aide ! Par ailleurs, je ne pourrais pas utiliser tes précieux conseils avant demain, je dois me déconnecter maintenant... Donc pas de souci si tu ne poste ton tutoriel 'anti-truc et machin que j'ai chopé' que demain, merci encore...
  5. comval
    Ouf, me revoilou, tout d'abord merci de vos différentes réponses et de votre aide. J'ai donc fait toutes les étapes du lien de pitcat. La seule modif apportée au pré-nettoyage conseillé a été d'ouvrir le système sur Administrateur car il s'agit de ma session courante. Antivir m'a trouvé plus de 40 alertes... Ci-dessous le log de HiJack après tout ça : Logfile of HijackThis v1.99.1 Scan saved at 18:55:08, on 16/03/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\cisvc.exe C:\WINNT\YnJvdGhlcg\command.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\rundll32.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\pctspk.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\PRPCUI.exe C:\Program Files\DELL\AccessDirect\dadapp.exe C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\DELL\AccessDirect\DadTray.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE C:\Program Files\HiJackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 212.83.149.119 Home/Brother Internet/FR O1 - Hosts: 212.83.149.119 Home.brother.fr O1 - Hosts: 212.83.149.121 fw-brother O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [CD-Eject Launcher V1] "C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ddf] ddf.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe O4 - HKLM\..\Run: [newname] C:\\newname2.exe O4 - HKLM\..\Run: [installed] 237 O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKLM\..\RunServices: [igamatu] ekor.exe O4 - HKLM\..\RunServices: [ddf] ddf.exe O4 - HKCU\..\Run: [igamatu] ekor.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O20 - Winlogon Notify: Run - C:\WINNT\system32\ktpml7711.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YnJvdGhlcg\command.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINNT\wscntify.exe (file missing) Et si ca peut servir, le log d'Antivir, il y a des docs qu'il n'a pas pu ouvrir... Start of the scan: jeudi 16 mars 2006 18:29 Start scanning boot sectors: Boot sector 'C:' [NOTE] No virus was found! Boot sector 'A:' [NOTE] In the drive 'A:' no data medium is inserted! Starting to scan the registry. C:\WINNT\SYSTEM32\eyenedumi.exe [DETECTION] Is the Trojan horse TR/Proxy.Ranky.s.1 [iNFO] The file was deleted! C:\WINNT\SYSTEM32\eyenedumi.exe [DETECTION] Is the Trojan horse TR/Proxy.Ranky.s.1 C:\WINNT\SYSTEM32\ekor.exe [DETECTION] Contains signature of the worm WORM/SdBot.YV [iNFO] The file was deleted! C:\WINNT\SYSTEM32\ekor.exe [DETECTION] Contains signature of the worm WORM/SdBot.YV C:\mousepad2.exe [DETECTION] Is the Trojan horse TR/Click.VB.LI.10 [iNFO] The file was deleted! C:\mousepad2.exe [DETECTION] Is the Trojan horse TR/Click.VB.LI.10 C:\WINNT\newfrn.exe [DETECTION] Is the Trojan horse TR/Click.VB.IS.2 [iNFO] The file was deleted! C:\WINNT\newfrn.exe [DETECTION] Is the Trojan horse TR/Click.VB.IS.2 C:\WINNT\SYSTEM32\ekor.exe [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\ekor.exe [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\kutav.exe [DETECTION] Contains signature of the worm WORM/SdBot.35129.1 [iNFO] The file was deleted! C:\WINNT\SYSTEM32\kutav.exe [DETECTION] Contains signature of the worm WORM/SdBot.35129.1 C:\WINNT\SYSTEM32\ekor.exe [WARNING] The file could not be opened! The registry was scanned ( 27 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\gotya.exe [DETECTION] Is the Trojan horse TR/Dldr.Adload.Q.6 [iNFO] The file was deleted! C:\MTE3NDI6ODoxNg.exe [DETECTION] Is the Trojan horse TR/Dldr.Small.buy.1 [iNFO] The file was deleted! C:\stub_113_4_0_4_0.exe [DETECTION] Is the Trojan horse TR/Dldr.TSUpdate.O [iNFO] The file was deleted! C:\WINNT\wnplayer.exe [DETECTION] Contains signature of the worm WORM/SdBot.45594.5 [iNFO] The file was deleted! C:\WINNT\wscntify.exe [DETECTION] Contains signature of the worm WORM/SdBot.XD.269 [iNFO] The file was deleted! C:\WINNT\DH.dll [DETECTION] Is the Trojan horse TR/Click.Small.JF.1 [iNFO] The file was deleted! C:\WINNT\wallpap.exe [DETECTION] Is the Trojan horse TR/Click.Agent.GP [iNFO] The file was deleted! C:\WINNT\SYSTEM32\ktpml7711.dll [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\mvcuia32.dll [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\atidoma.exe [DETECTION] Contains signature of the dropper DR/SdBot.104880 [iNFO] The file was deleted! C:\WINNT\SYSTEM32\ipoci.exe [DETECTION] Contains signature of the worm WORM/SdBot.35129.1 [iNFO] The file was deleted! C:\WINNT\SYSTEM32\dosiriko.exe [DETECTION] Contains signature of the dropper DR/Proxy.Ranky.Z.23 [iNFO] The file was deleted! C:\WINNT\SYSTEM32\dupeziver.exe [DETECTION] Contains signature of the worm WORM/SdBot.YV [iNFO] The file was deleted! C:\WINNT\SYSTEM32\wnplayer.exe [DETECTION] Contains signature of the worm WORM/SdBot.45594.5 [iNFO] The file was deleted! C:\WINNT\SYSTEM32\payloing.dat [DETECTION] Contains signature of the worm WORM/SdBot.45594.5 [iNFO] The file was deleted! C:\WINNT\SYSTEM32\d60m0gd1e60.dll [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\CONFIG\SOFTWARE.LOG [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\CONFIG\DEFAULT.LOG [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\CONFIG\SECURITY [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\CONFIG\SECURITY.LOG [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\CONFIG\SYSTEM.ALT [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\CONFIG\SAM [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\CONFIG\SAM.LOG [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\CONFIG\SYSTEM [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\CONFIG\SOFTWARE [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\CONFIG\DEFAULT [WARNING] The file could not be opened! C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\P1HHGNZ8\drupdate[1].exe [DETECTION] Is the Trojan horse TR/Dldr.Adload.Q.6 [iNFO] The file was deleted! C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\P1HHGNZ8\MTE3NDI6ODoxNg[1].exe [DETECTION] Is the Trojan horse TR/Dldr.Small.buy.1 [iNFO] The file was deleted! C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\P1HHGNZ8\stub_113_4_0_4_0[1].exe [DETECTION] Is the Trojan horse TR/Dldr.TSUpdate.O [iNFO] The file was deleted! C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\AT1GDAUM\mousepad1[1].exe [DETECTION] Is the Trojan horse TR/Click.VB.LI.9 [iNFO] The file was deleted! C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\AT1GDAUM\mousepad2[1].exe [DETECTION] Is the Trojan horse TR/Click.VB.LI.10 [iNFO] The file was deleted! C:\Documents and Settings\All Users\Documents\dosiriko.exe [DETECTION] Contains signature of the dropper DR/Proxy.Ranky.Z.23 [iNFO] The file was deleted! C:\Documents and Settings\All Users\Documents\atidoma.exe [DETECTION] Contains signature of the dropper DR/SdBot.104880 [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! The path A:\ could not be found! Le périphérique n'est pas prêt. End of the scan: jeudi 16 mars 2006 18:44 Used time: 14:53 min The scan has been done completely. 1087 Scanning directories 94202 Files were scanned 25 viruses and/or unwanted programs was found 25 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1618 Archives were scanned 42 Warnings 0 Notes Merci encore de votre aide, pitié, ditez-moi que ça va mieux qu'au début!! (par contre, suite à redémarrage, les pop-ups reviennent illico
  6. comval
    Bonjour, Nouveau venu ici, je suis un peu perdu, merci d'avance à tous ceux qui voudront bien m'aider ! Voilà, j'ai acheté récemment d'occasion un PC ultra portable sur OS Windows 2000. A peine connecté à Internet via Free, j'ai attrapé un spyware ou malware ou trojan (!!) dont je n'arrive pas à me débarrasser, et qui m'ouvre tout le temps des pop upspendant que je navigue. Ci dessous le log HiJack sur ouverture en mode sans échec : Logfile of HijackThis v1.99.1 Scan saved at 16:53:53, on 16/03/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\userinit.exe C:\WINNT\Explorer.EXE C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 212.83.149.119 Home/Brother Internet/FR O1 - Hosts: 212.83.149.119 Home.brother.fr O1 - Hosts: 212.83.149.121 fw-brother O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [CD-Eject Launcher V1] "C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Aesmnnrsd] C:\WINNT\SYSTEM32\eyenedumi.exe O4 - HKLM\..\Run: [igamatu] ekor.exe O4 - HKLM\..\Run: [ddf] ddf.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe O4 - HKLM\..\Run: [NewFrn] C:\WINNT\newfrn.exe O4 - HKLM\..\Run: [newname] C:\\newname2.exe O4 - HKLM\..\RunServices: [igamatu] ekor.exe O4 - HKLM\..\RunServices: [ddf] ddf.exe O4 - HKCU\..\Run: [igamatu] ekor.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O20 - Winlogon Notify: Uninstall - C:\WINNT\system32\lvj2091oe.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YnJvdGhlcg\command.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINNT\wscntify.exe Et le log HiJack suite à lancement normal et navigation internet : Logfile of HijackThis v1.99.1 Scan saved at 16:41:33, on 16/03/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\cisvc.exe C:\WINNT\YnJvdGhlcg\command.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\MSTask.exe C:\WINNT\wscntify.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\rundll32.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\pctspk.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\PRPCUI.exe C:\Program Files\DELL\AccessDirect\dadapp.exe C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\DELL\AccessDirect\DadTray.exe C:\WINNT\system32\ekor.exe C:\keyboard2.exe C:\mousepad2.exe C:\WINNT\newfrn.exe C:\WINNT\system32\ekor.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 212.83.149.119 Home/Brother Internet/Fr O1 - Hosts: 212.83.149.119 Home.brother.fr O1 - Hosts: 212.83.149.121 fw-brother O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [CD-Eject Launcher V1] "C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Aesmnnrsd] C:\WINNT\SYSTEM32\eyenedumi.exe O4 - HKLM\..\Run: [igamatu] ekor.exe O4 - HKLM\..\Run: [ddf] ddf.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe O4 - HKLM\..\Run: [NewFrn] C:\WINNT\newfrn.exe O4 - HKLM\..\Run: [newname] C:\\newname2.exe O4 - HKLM\..\RunServices: [igamatu] ekor.exe O4 - HKLM\..\RunServices: [ddf] ddf.exe O4 - HKCU\..\Run: [igamatu] ekor.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O20 - Winlogon Notify: WebCheck - C:\WINNT\system32\l4r00e9meh.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YnJvdGhlcg\command.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINNT\wscntify.exe Inutile de préciser que je n'ai pas la moindre idée pour déchiffrer tout cela, malgré un essai de compréhension des explications fournies sur le site... Merci d'avance si vous pouvez m'aider!
×
×
  • Créer...