"Adware.look2Me" impossible à retirer... - Sécurité - Windows & Software
Marsh Posté le 10-05-2006 à 20:24:09
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
Marsh Posté le 10-05-2006 à 20:31:41
Utiliser un antivirus pourrait etre une solution
Marsh Posté le 10-05-2006 à 21:00:34
Voilà le log L2M-Destroyer :
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 10/05/2006 14:45:08
Infected! C:\WINDOWS\system32\gpl2l33o1.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134522.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134540.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134563.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134585.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134618.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134651.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134664.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134764.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134777.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134796.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134821.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134834.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135832.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135837.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135852.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135858.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135866.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135880.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135892.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135895.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135907.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135914.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135926.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135941.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135954.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135958.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135959.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135978.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135992.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135996.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0136009.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137028.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137040.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137156.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137169.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137219.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137240.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137306.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137319.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP660\A0137325.dll
Infected! C:\WINDOWS\system32\aoi2edxx.dll
Infected! C:\WINDOWS\system32\djnetlib.dll
Infected! C:\WINDOWS\system32\dn6401jqe.dll
Infected! C:\WINDOWS\system32\fp6u03j9e.dll
Infected! C:\WINDOWS\system32\gpl2l33o1.dll
Infected! C:\WINDOWS\system32\j4l4le3q1h.dll
Infected! C:\WINDOWS\system32\k2no0c53ef.dll
Infected! C:\WINDOWS\system32\lTngwrbk.dll
Infected! C:\WINDOWS\system32\mfcshext.dll
Infected! C:\WINDOWS\system32\mnexch40.dll
Infected! C:\WINDOWS\system32\mwidntld.dll
Infected! C:\WINDOWS\system32\nxwmsdrm.dll
Infected! C:\WINDOWS\system32\oauninst.dll
Infected! C:\WINDOWS\system32\vwrcodec.dll
Infected! C:\WINDOWS\system32\WKDRMdev.dll
Infected! C:\WINDOWS\system32\wwcsvc.dll
Infected! C:\WINDOWS\system32\xCctsrv.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\gpl2l33o1.dll
C:\WINDOWS\system32\gpl2l33o1.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134522.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134522.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134540.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134540.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134563.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134563.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134585.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134585.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134618.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134618.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134651.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134651.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134664.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134664.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134764.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134764.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134777.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134777.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134796.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134796.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134821.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134821.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134834.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134834.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135832.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135832.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135837.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135837.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135852.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135852.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135858.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135858.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135866.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135866.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135880.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135880.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135892.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135892.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135895.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135895.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135907.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135907.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135914.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135914.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135926.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135926.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135941.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135941.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135954.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135954.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135958.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135958.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135959.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135959.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135978.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135978.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135992.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135992.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135996.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135996.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0136009.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0136009.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137028.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137028.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137040.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137040.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137156.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137156.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137169.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137169.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137219.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137219.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137240.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137240.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137306.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137306.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137319.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137319.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP660\A0137325.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP660\A0137325.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\aoi2edxx.dll
C:\WINDOWS\system32\aoi2edxx.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\djnetlib.dll
C:\WINDOWS\system32\djnetlib.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dn6401jqe.dll
C:\WINDOWS\system32\dn6401jqe.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fp6u03j9e.dll
C:\WINDOWS\system32\fp6u03j9e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\gpl2l33o1.dll
C:\WINDOWS\system32\gpl2l33o1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j4l4le3q1h.dll
C:\WINDOWS\system32\j4l4le3q1h.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\k2no0c53ef.dll
C:\WINDOWS\system32\k2no0c53ef.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lTngwrbk.dll
C:\WINDOWS\system32\lTngwrbk.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mfcshext.dll
C:\WINDOWS\system32\mfcshext.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mnexch40.dll
C:\WINDOWS\system32\mnexch40.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mwidntld.dll
C:\WINDOWS\system32\mwidntld.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\nxwmsdrm.dll
C:\WINDOWS\system32\nxwmsdrm.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\oauninst.dll
C:\WINDOWS\system32\oauninst.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\vwrcodec.dll
C:\WINDOWS\system32\vwrcodec.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\WKDRMdev.dll
C:\WINDOWS\system32\WKDRMdev.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wwcsvc.dll
C:\WINDOWS\system32\wwcsvc.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\xCctsrv.dll
C:\WINDOWS\system32\xCctsrv.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6B2EA2D5-D4BF-424A-BF77-813C2138E14E}"
HKCR\Clsid\{6B2EA2D5-D4BF-424A-BF77-813C2138E14E}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{941AA292-E02B-4C05-8152-87063330468F}"
HKCR\Clsid\{941AA292-E02B-4C05-8152-87063330468F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EB61AC6C-6E39-4495-8B7F-D27436C5284B}"
HKCR\Clsid\{EB61AC6C-6E39-4495-8B7F-D27436C5284B}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D7BAEE8D-3DE1-4DA0-B7A2-5F0BE3AFDC40}"
HKCR\Clsid\{D7BAEE8D-3DE1-4DA0-B7A2-5F0BE3AFDC40}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1FD92BAB-06BB-40AD-B777-859D041E7832}"
HKCR\Clsid\{1FD92BAB-06BB-40AD-B777-859D041E7832}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{92680BE9-F094-489B-9BF9-F2D061E3F58E}"
HKCR\Clsid\{92680BE9-F094-489B-9BF9-F2D061E3F58E}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8A2BAE45-E238-42B4-82A2-1CE7C4C2E3F6}"
HKCR\Clsid\{8A2BAE45-E238-42B4-82A2-1CE7C4C2E3F6}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{36DE8E04-3483-4E83-A683-8352E778752E}"
HKCR\Clsid\{36DE8E04-3483-4E83-A683-8352E778752E}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C19D525C-1C2E-414D-9CF9-DF8DD1D2DEE3}"
HKCR\Clsid\{C19D525C-1C2E-414D-9CF9-DF8DD1D2DEE3}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0354360C-6416-475A-AC70-420040671A3C}"
HKCR\Clsid\{0354360C-6416-475A-AC70-420040671A3C}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Marsh Posté le 10-05-2006 à 21:13:55
Voici aussi un autre log HijackThis :
Logfile of HijackThis v1.98.2
Scan saved at 15:19:41, on 10/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\System32\dragdiag.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\bgcm\Mes documents\hijackthis\Hijack This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1145F7A8-1A31-40EF-62A1-3346E19089CA} - C:\WINDOWS\System32\ugtogqhq.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [dragdiag] C:\WINDOWS\System32\dragdiag.exe /icon
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] G:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/671 [...] taller.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D3DFF8F-1BCA-4571-9012-A1395623E4F6}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
Marsh Posté le 11-05-2006 à 16:33:02
Bonjour a tous,
* Télécharge et installe ATF-Cleaner (Attribune) : http://www.atribune.org/ccount/click.php?id=1
* Télécharger et installer :
- Ewido http://www.ewido.net/fr/download/
* Durant l'installation
* Sur la page Additional Options
* Décoche Install background guardet et Install scan via context menu
* Lance Ewido Security Suite. Clique sur Mise à jour mais ne t'en serts pas tout de suite.
* Imprime ou enregistre ceci dans un fichier texte.
* S'assurer que tout les fichiers soient la :
- Autorise l'affichage des fichiers et dossiers cachés
- Clique sur Démarrer - Panneau de configuration - Outils - Option des dossiers onglet Affichage
- Cocher Afficher les Fichiers et dossiers cachés
- Décocher Masquer les fichiers protégés du système d'exploitation (recommandé)
- Décocher Masquer les extensions dont le type est connu
- Clique sur Appliquer et Ok pour valider les changements
* Redémarrez votre PC en mode sans échec [ http://www.sosordi.net/Faq/Faq.2.html ] [color=red] Impératif [/color] !!!
* Enlevez les applications nocives :
Verifiez si ce programme est present via Panneau de configuration / Ajout et suppresion de programmes :
FlashGet
S'il est present, le desinstaller.
* Enlever les lignes nefastes :
Relancez HijackThis et cliquez sur Scan only puis cochez les lignes [ si presentes ] en gras ci-dessous :
R3 - URLSearchHook: (no name) - {1145F7A8-1A31-40EF-62A1-3346E19089CA} - C:\WINDOWS\System32\ugtogqhq.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/671 [...] taller.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
Fermez toutes les applications en cours sauf HijackThis et faites Fixed checked .
* Supprimez les mauvais fichiers :
Supprimez les fichiers/dossiers incriminés en gras ci dessous [ s'ils sont presents ] en suivant le chemin d'acces.
C:\WINDOWS\System32\ ugtogqhq.dll <= Le fichier
C:\PROGRAM FILES\ FlashGet <= Le dossier
* Démarre ATF-Cleaner :
Coche ceci :
* Windows Temp
* Current User Temp
* All Users Temp
* Cookies
* Temporary Internet Files
* Prefetch
* Java Cache
* Recycle Bin
Clique sur Empty Selected et au message "Done Cleaning" sur Ok
* Faire un scan avec Ewido
* Clique sur Scanner et choisir Scan complet du système
* Si des fichiers infectés sont trouvés, toujours les supprimer
* Le scan fini, sauver le rapport et le postez ici.
* Voir les resultats de la manipulation :
Redémarrez l'ordinateur en mode normal et postez un nouveau rapport HijackThis à titre vérificatif ainsi que le rapport d'Ewido
Marsh Posté le 10-05-2006 à 20:20:46
Bonjour,
Depuis quelques temps des pages web avec de la pub s'affichent régulièrement. Mon antivirus (AntiVir) trouve bien des fichiers, les met en quarantaine, mais ils réapparaissent. Parfois même un programme (msconfigup.exe) se lance et coupe Antivir, m'empêche de faire Ctrl+Alt+Suppr et de lancer HijackThis.
J'ai donc fait un scan avec Spybot S&D et a² qui ont trouvé quelques spywares (retirables uniquement en mode sans échec), et j'ai fait de même avec Ad-Aware, qui lui trouve "Adware.Look2Me", un processus qui même en mode sans échec n'est pas supprimable (C:\Windows\system32\Glp2l33o1.dll n'a pas pau être effacé) De plus, pendant le scan avec Ad-Aware, explorer.exe se redémarre.
Je joins une partie du log Ad-Aware et un log HijackThis :
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 10-05-2006 11:06:42
BasePriority : High
Adware.Look2Me Object Recognized!
Type : Process
Data : gpl2l33o1.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\gpl2l33o1.dll)
#:8 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1164
ThreadCreationTime : 10-05-2006 11:06:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : mdc42u.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\mdc42u.dll)
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1500
ThreadCreationTime : 10-05-2006 11:06:50
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : mdc42u.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\
-------------------------------------------
Logfile of HijackThis v1.98.2
Scan saved at 14:00:40, on 10/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\System32\dragdiag.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\bgcm\Mes documents\hijackthis\Hijack This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1145F7A8-1A31-40EF-62A1-3346E19089CA} - C:\WINDOWS\System32\ugtogqhq.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [dragdiag] C:\WINDOWS\System32\dragdiag.exe /icon
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] G:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/671 [...] taller.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52B39154-FD85-453D-98C4-DA26BC83C555}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D3DFF8F-1BCA-4571-9012-A1395623E4F6}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
Enfin, dans le dossier Windows/System32, quelques fichiers datant d'aujourd'hui (alors que presque tous les fichiers de ce dossier datent de 2001) sont apparus et semblent correspondre à ce que trouve Ad-Aware, mais je ne sais pas si je peux les supprimer sans problème
Donc qu'est-ce-que je peux faire pour me débarasser de ça?
Merci d'avance
Message édité par zoglu le 10-05-2006 à 20:21:32