Popup qui reviennent sous firefox

Popup qui reviennent sous firefox - Sécurité - Windows & Software

Marsh Posté le 01-11-2005 à 15:57:45    

Salut a tous.
Donc le probleme c'est que j'ai des popups qui s'ouvrent toutes les 5 minutes dans firefox.
Il arrive parfois que ca ouvre firfox (qui etait fermé).
Les pubs sont en generales des trucs de smileys ou des logiciels anti spywares.
Je sais que ecrtains ont deja posté pour ce probleme mais je ne sais pas si G la même config.
 
J'ai aussi rundll32.exe qui est lancé 2X dans mon gestionnaire de tache... bizzare nan?
 
je mets un log de Hijack:  
 

Code :
  1. Logfile of HijackThis v1.99.1
  2. Scan saved at 15:57:20, on 1/11/2005
  3. Platform: Windows XP SP1 (WinNT 5.01.2600)
  4. MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  6. Running processes:
  7. C:\WINDOWS\System32\smss.exe
  8. C:\WINDOWS\system32\winlogon.exe
  9. C:\WINDOWS\system32\services.exe
  10. C:\WINDOWS\system32\lsass.exe
  11. C:\WINDOWS\System32\Ati2evxx.exe
  12. C:\WINDOWS\system32\svchost.exe
  13. C:\WINDOWS\System32\svchost.exe
  14. C:\WINDOWS\system32\spoolsv.exe
  15. C:\WINDOWS\system32\rundll32.exe
  16. C:\WINDOWS\system32\Ati2evxx.exe
  17. C:\WINDOWS\Explorer.EXE
  18. C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  19. C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  20. C:\WINDOWS\System32\RunDll32.exe
  21. C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  22. C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  23. C:\WINDOWS\System32\ctfmon.exe
  24. C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
  25. C:\clavier\Clavier.exe
  26. C:\Program Files\eMule\emule.exe
  27. C:\Program Files\Alwil Software\Avast4\ashServ.exe
  28. C:\yzdock\YzDock.exe
  29. C:\WINDOWS\System32\svchost.exe
  30. C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  31. C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  32. C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  33. C:\Program Files\Mozilla Firefox\firefox.exe
  34. C:\WINDOWS\system32\NOTEPAD.EXE
  35. C:\Documents and Settings\djedie\Bureau\HijackThis\HijackThis.exe
  37. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
  38. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
  39. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  40. O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  41. O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  42. O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  43. O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
  44. O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  45. O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  46. O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  47. O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
  48. O4 - HKCU\..\Run: [Clavier+] C:\clavier\Clavier.exe
  49. O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
  50. O4 - Startup: YzDock.lnk = C:\yzdock\YzDock.exe
  51. O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  52. O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
  53. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  54. O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  55. O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  56. O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  57. O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  58. O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
  59. O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
  60. O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
  61. O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
  62. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6747254828
  63. O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
  64. O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  65. O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
  66. O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\n4l80e3ueh.dll
  67. O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  68. O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
  69. O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  70. O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  71. O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  72. O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  73. O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
  74. O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
  75. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
  76. O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


 
merci pour vos réponses.

Reply

Marsh Posté le 01-11-2005 à 15:57:45   

Reply

Marsh Posté le 01-11-2005 à 16:39:17    

J'ai exactement le même problème que toi ! Et avec firefox aussi !
 
J'ai tout essayé, y compris hijackthis et consorts ....
 
Rien n'y fait et je suis au bord de la crise de nerfs !!
 
HELP !!  :fou:  :cry:
 
 
EDIT : je pense que ce post devrait nous interesser ! Jette un oeil !!  
 
http://forum.hardware.fr/hardwaref [...] 1154-1.htm


Message édité par Gilmour le 01-11-2005 à 16:42:19
Reply

Marsh Posté le 01-11-2005 à 16:55:17    

voici mon rapport l2mfix (le 2eme) car j en ai pas eu en utilisant l'option 1.
 
 

Code :
  1. L2Mfix 1.04a
  3. Running From:
  4. C:\Documents and Settings\djedie\Bureau\HijackThis\l2mfix
  8. RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  9. Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  10. This program is Freeware, use it on your own risk!
  12. Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
  13. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  14. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  15. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  16. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  17. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
  18. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
  19. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  20. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  21. (ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
  22. (ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
  23. (ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
  24. (ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
  25. (ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
  29. Setting registry permissions:
  32. RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  33. Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  34. This program is Freeware, use it on your own risk!
  37. Denying C(CI) access for predefined group "Administrators"
  38. - adding new ACCESS DENY entry
  41. Registry Permissions set too:
  43. RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  44. Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  45. This program is Freeware, use it on your own risk!
  47. Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
  48. (CI)    DENY   --C-------    BUILTIN\Administrateurs
  49. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  50. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  51. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  52. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  53. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
  54. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
  55. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  56. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  57. (ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
  58. (ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
  59. (ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
  60. (ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
  61. (ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
  65. Setting up for Reboot
  68. Starting Reboot!
  70. Setting Directory
  71. C:\Documents and Settings\djedie\Bureau\HijackThis\l2mfix
  72. System Rebooted!
  74. Running From:
  75. C:\Documents and Settings\djedie\Bureau\HijackThis\l2mfix
  77. killing explorer and rundll32.exe
  79. Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
  80. Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
  81. Killing PID 1136 'explorer.exe'
  83. Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
  84. Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
  85. Killing PID 1336 'rundll32.exe'
  86. Killing PID 1440 'rundll32.exe'
  88. Scanning First Pass. Please Wait!
  90. First Pass Completed
  92. Second Pass Scanning
  94. Second pass Completed!
  95. Backing Up: C:\WINDOWS\system32\cLtsrvut.dll
  96.         1 fichier(s) copi‚(s).
  97. Backing Up: C:\WINDOWS\system32\cnyptdll.dll
  98.         1 fichier(s) copi‚(s).
  99. Backing Up: C:\WINDOWS\system32\dn2001fme.dll
  100.         1 fichier(s) copi‚(s).
  101. Backing Up: C:\WINDOWS\system32\e6jmlg1116.dll
  102.         1 fichier(s) copi‚(s).
  103. Backing Up: C:\WINDOWS\system32\gp80l3lm1.dll
  104.         1 fichier(s) copi‚(s).
  105. Backing Up: C:\WINDOWS\system32\ifrdbg32.dll
  106.         1 fichier(s) copi‚(s).
  107. Backing Up: C:\WINDOWS\system32\iisutil.dll
  108.         1 fichier(s) copi‚(s).
  109. Backing Up: C:\WINDOWS\system32\j0j60a1sed.dll
  110.         1 fichier(s) copi‚(s).
  111. Backing Up: C:\WINDOWS\system32\jtlu0739e.dll
  112.         1 fichier(s) copi‚(s).
  113. Backing Up: C:\WINDOWS\system32\l42s0ef7eh2.dll
  114.         1 fichier(s) copi‚(s).
  115. Backing Up: C:\WINDOWS\system32\lvls0937e.dll
  116.         1 fichier(s) copi‚(s).
  117. Backing Up: C:\WINDOWS\system32\m682lglo16qc.dll
  118.         1 fichier(s) copi‚(s).
  119. Backing Up: C:\WINDOWS\system32\mvr0l99m1.dll
  120.         1 fichier(s) copi‚(s).
  121. Backing Up: C:\WINDOWS\system32\pclmon.dll
  122.         1 fichier(s) copi‚(s).
  123. Backing Up: C:\WINDOWS\system32\guard.tmp
  124.         1 fichier(s) copi‚(s).
  125. deleting: C:\WINDOWS\system32\cLtsrvut.dll 
  126. Successfully Deleted: C:\WINDOWS\system32\cLtsrvut.dll
  127. deleting: C:\WINDOWS\system32\cnyptdll.dll 
  128. Successfully Deleted: C:\WINDOWS\system32\cnyptdll.dll
  129. deleting: C:\WINDOWS\system32\dn2001fme.dll 
  130. Successfully Deleted: C:\WINDOWS\system32\dn2001fme.dll
  131. deleting: C:\WINDOWS\system32\e6jmlg1116.dll 
  132. Successfully Deleted: C:\WINDOWS\system32\e6jmlg1116.dll
  133. deleting: C:\WINDOWS\system32\gp80l3lm1.dll 
  134. Successfully Deleted: C:\WINDOWS\system32\gp80l3lm1.dll
  135. deleting: C:\WINDOWS\system32\ifrdbg32.dll 
  136. Successfully Deleted: C:\WINDOWS\system32\ifrdbg32.dll
  137. deleting: C:\WINDOWS\system32\iisutil.dll 
  138. Successfully Deleted: C:\WINDOWS\system32\iisutil.dll
  139. deleting: C:\WINDOWS\system32\j0j60a1sed.dll 
  140. Successfully Deleted: C:\WINDOWS\system32\j0j60a1sed.dll
  141. deleting: C:\WINDOWS\system32\jtlu0739e.dll 
  142. Successfully Deleted: C:\WINDOWS\system32\jtlu0739e.dll
  143. deleting: C:\WINDOWS\system32\l42s0ef7eh2.dll 
  144. Successfully Deleted: C:\WINDOWS\system32\l42s0ef7eh2.dll
  145. deleting: C:\WINDOWS\system32\lvls0937e.dll 
  146. Successfully Deleted: C:\WINDOWS\system32\lvls0937e.dll
  147. deleting: C:\WINDOWS\system32\m682lglo16qc.dll 
  148. Successfully Deleted: C:\WINDOWS\system32\m682lglo16qc.dll
  149. deleting: C:\WINDOWS\system32\mvr0l99m1.dll 
  150. Successfully Deleted: C:\WINDOWS\system32\mvr0l99m1.dll
  151. deleting: C:\WINDOWS\system32\pclmon.dll 
  152. Successfully Deleted: C:\WINDOWS\system32\pclmon.dll
  153. deleting: C:\WINDOWS\system32\guard.tmp 
  154. Successfully Deleted: C:\WINDOWS\system32\guard.tmp
  157. Zipping up files for submission:
  158.   adding: cLtsrvut.dll (164 bytes security) (deflated 5%)
  159.   adding: cnyptdll.dll (164 bytes security) (deflated 5%)
  160.   adding: dn2001fme.dll (164 bytes security) (deflated 4%)
  161.   adding: e6jmlg1116.dll (164 bytes security) (deflated 5%)
  162.   adding: gp80l3lm1.dll (164 bytes security) (deflated 5%)
  163.   adding: ifrdbg32.dll (164 bytes security) (deflated 5%)
  164.   adding: iisutil.dll (164 bytes security) (deflated 5%)
  165.   adding: j0j60a1sed.dll (164 bytes security) (deflated 5%)
  166.   adding: jtlu0739e.dll (164 bytes security) (deflated 5%)
  167.   adding: l42s0ef7eh2.dll (164 bytes security) (deflated 5%)
  168.   adding: lvls0937e.dll (164 bytes security) (deflated 5%)
  169.   adding: m682lglo16qc.dll (164 bytes security) (deflated 4%)
  170.   adding: mvr0l99m1.dll (164 bytes security) (deflated 5%)
  171.   adding: pclmon.dll (164 bytes security) (deflated 5%)
  172.   adding: guard.tmp (164 bytes security) (deflated 5%)
  173.   adding: clear.reg (164 bytes security) (deflated 22%)
  174.   adding: echo.reg (164 bytes security) (deflated 12%)
  175.   adding: direct.txt (164 bytes security) (stored 0%)
  176.   adding: lo2.txt (164 bytes security) (deflated 82%)
  177.   adding: readme.txt (164 bytes security) (deflated 52%)
  178.   adding: report.txt (164 bytes security) (deflated 65%)
  179.   adding: test.txt (164 bytes security) (deflated 75%)
  180.   adding: test2.txt (164 bytes security) (deflated 2%)
  181.   adding: test3.txt (164 bytes security) (deflated 2%)
  182.   adding: test5.txt (164 bytes security) (deflated 2%)
  183.   adding: xfind.txt (164 bytes security) (deflated 68%)
  184.   adding: backregs/3C5CA255-90A4-4227-B994-AAA964FCBD3B.reg (164 bytes security) (deflated 70%)
  185.   adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
  186.   adding: backregs/shell.reg (164 bytes security) (deflated 73%)
  188. Restoring Registry Permissions:
  191. RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  192. Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  193. This program is Freeware, use it on your own risk!
  196. Revoking access for predefined group "Administrators"
  197. Inherited ACE can not be revoked here!
  198. Inherited ACE can not be revoked here!
  201. Registry permissions set too:
  203. RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  204. Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  205. This program is Freeware, use it on your own risk!
  207. Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
  208. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  209. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  210. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  211. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  212. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
  213. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
  214. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  215. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  216. (ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
  217. (ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
  218. (ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
  219. (ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
  220. (ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
  223. Restoring Sedebugprivilege:
  225. Granting SeDebugPrivilege to Administrators   ... failed (GetAccountSid(Administrators)=1332
  227. Restoring Windows Update Certificates.:
  229. deleting local copy: cLtsrvut.dll 
  230. deleting local copy: cnyptdll.dll 
  231. deleting local copy: dn2001fme.dll 
  232. deleting local copy: e6jmlg1116.dll 
  233. deleting local copy: gp80l3lm1.dll 
  234. deleting local copy: ifrdbg32.dll 
  235. deleting local copy: iisutil.dll 
  236. deleting local copy: j0j60a1sed.dll 
  237. deleting local copy: jtlu0739e.dll 
  238. deleting local copy: l42s0ef7eh2.dll 
  239. deleting local copy: lvls0937e.dll 
  240. deleting local copy: m682lglo16qc.dll 
  241. deleting local copy: mvr0l99m1.dll 
  242. deleting local copy: pclmon.dll 
  243. deleting local copy: guard.tmp 
  245. The following Is the Current Export of the Winlogon notify key:
  246. ****************************************************************************
  247. Windows Registry Editor Version 5.00
  249. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
  251. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
  252. "DLLName"="Ati2evxx.dll"
  253. "Asynchronous"=dword:00000000
  254. "Impersonate"=dword:00000001
  255. "Lock"="AtiLockEvent"
  256. "Logoff"="AtiLogoffEvent"
  257. "Logon"="AtiLogonEvent"
  258. "Disconnect"="AtiDisConnectEvent"
  259. "Reconnect"="AtiReConnectEvent"
  260. "Safe"=dword:00000000
  261. "Shutdown"="AtiShutdownEvent"
  262. "StartScreenSaver"="AtiStartScreenSaverEvent"
  263. "StartShell"="AtiStartShellEvent"
  264. "Startup"="AtiStartupEvent"
  265. "StopScreenSaver"="AtiStopScreenSaverEvent"
  266. "Unlock"="AtiUnLockEvent"
  268. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  269. "Asynchronous"=dword:00000000
  270. "Impersonate"=dword:00000000
  271. "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  272.   6c,00,00,00
  273. "Logoff"="ChainWlxLogoffEvent"
  275. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  276. "Asynchronous"=dword:00000000
  277. "Impersonate"=dword:00000000
  278. "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  279.   6c,00,6c,00,00,00
  280. "Logoff"="CryptnetWlxLogoffEvent"
  282. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  283. "DLLName"="cscdll.dll"
  284. "Logon"="WinlogonLogonEvent"
  285. "Logoff"="WinlogonLogoffEvent"
  286. "ScreenSaver"="WinlogonScreenSaverEvent"
  287. "Startup"="WinlogonStartupEvent"
  288. "Shutdown"="WinlogonShutdownEvent"
  289. "StartShell"="WinlogonStartShellEvent"
  290. "Impersonate"=dword:00000000
  291. "Asynchronous"=dword:00000001
  293. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  294. "DLLName"="wlnotify.dll"
  295. "Logon"="SCardStartCertProp"
  296. "Logoff"="SCardStopCertProp"
  297. "Lock"="SCardSuspendCertProp"
  298. "Unlock"="SCardResumeCertProp"
  299. "Enabled"=dword:00000001
  300. "Impersonate"=dword:00000001
  301. "Asynchronous"=dword:00000001
  303. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  304. "Asynchronous"=dword:00000000
  305. "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  306.   6c,00,6c,00,00,00
  307. "Impersonate"=dword:00000000
  308. "StartShell"="SchedStartShell"
  309. "Logoff"="SchedEventLogOff"
  311. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  312. "Logoff"="WLEventLogoff"
  313. "Impersonate"=dword:00000000
  314. "Asynchronous"=dword:00000001
  315. "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  316.   6c,00,6c,00,00,00
  318. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  319. "DLLName"="WlNotify.dll"
  320. "Lock"="SensLockEvent"
  321. "Logon"="SensLogonEvent"
  322. "Logoff"="SensLogoffEvent"
  323. "Safe"=dword:00000001
  324. "MaxWait"=dword:00000258
  325. "StartScreenSaver"="SensStartScreenSaverEvent"
  326. "StopScreenSaver"="SensStopScreenSaverEvent"
  327. "Startup"="SensStartupEvent"
  328. "Shutdown"="SensShutdownEvent"
  329. "StartShell"="SensStartShellEvent"
  330. "PostShell"="SensPostShellEvent"
  331. "Disconnect"="SensDisconnectEvent"
  332. "Reconnect"="SensReconnectEvent"
  333. "Unlock"="SensUnlockEvent"
  334. "Impersonate"=dword:00000001
  335. "Asynchronous"=dword:00000001
  337. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  338. "Asynchronous"=dword:00000000
  339. "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  340.   6c,00,6c,00,00,00
  341. "Impersonate"=dword:00000000
  342. "Logoff"="TSEventLogoff"
  343. "Logon"="TSEventLogon"
  344. "PostShell"="TSEventPostShell"
  345. "Shutdown"="TSEventShutdown"
  346. "StartShell"="TSEventStartShell"
  347. "Startup"="TSEventStartup"
  348. "MaxWait"=dword:00000258
  349. "Reconnect"="TSEventReconnect"
  350. "Disconnect"="TSEventDisconnect"
  352. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  353. "DLLName"="wlnotify.dll"
  354. "Logon"="RegisterTicketExpiredNotificationEvent"
  355. "Logoff"="UnregisterTicketExpiredNotificationEvent"
  356. "Impersonate"=dword:00000001
  357. "Asynchronous"=dword:00000001
  359. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
  360. "DLLName"="wzcdlg.dll"
  361. "Logon"="WZCEventLogon"
  362. "Logoff"="WZCEventLogoff"
  363. "Impersonate"=dword:00000000
  364. "Asynchronous"=dword:00000000
  367. The following are the files found:
  368. ****************************************************************************
  369. C:\WINDOWS\system32\cLtsrvut.dll
  370. C:\WINDOWS\system32\cnyptdll.dll
  371. C:\WINDOWS\system32\dn2001fme.dll
  372. C:\WINDOWS\system32\e6jmlg1116.dll
  373. C:\WINDOWS\system32\gp80l3lm1.dll
  374. C:\WINDOWS\system32\ifrdbg32.dll
  375. C:\WINDOWS\system32\iisutil.dll
  376. C:\WINDOWS\system32\j0j60a1sed.dll
  377. C:\WINDOWS\system32\jtlu0739e.dll
  378. C:\WINDOWS\system32\l42s0ef7eh2.dll
  379. C:\WINDOWS\system32\lvls0937e.dll
  380. C:\WINDOWS\system32\m682lglo16qc.dll
  381. C:\WINDOWS\system32\mvr0l99m1.dll
  382. C:\WINDOWS\system32\pclmon.dll
  383. C:\WINDOWS\system32\guard.tmp
  385. Registry Entries that were Deleted:
  386. Please verify that the listing looks ok. 
  387. If there was something deleted wrongly there are backups in the backreg folder.
  388. ****************************************************************************
  389. REGEDIT4
  391. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
  392. "{3C5CA255-90A4-4227-B994-AAA964FCBD3B}"=-
  393. [-HKEY_CLASSES_ROOT\CLSID\{3C5CA255-90A4-4227-B994-AAA964FCBD3B}]
  394. REGEDIT4
  396. [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  397. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  398. "SV1"=""
  399. ****************************************************************************
  400. Desktop.ini Contents:
  401. ****************************************************************************
  402. ****************************************************************************
  403. 


 
et le nouveau rapport Hijack :
 

Code :
  1. Logfile of HijackThis v1.99.1
  2. Scan saved at 16:56:17, on 1/11/2005
  3. Platform: Windows XP SP1 (WinNT 5.01.2600)
  4. MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  6. Running processes:
  7. C:\WINDOWS\System32\smss.exe
  8. C:\WINDOWS\system32\winlogon.exe
  9. C:\WINDOWS\system32\services.exe
  10. C:\WINDOWS\system32\lsass.exe
  11. C:\WINDOWS\System32\Ati2evxx.exe
  12. C:\WINDOWS\system32\svchost.exe
  13. C:\WINDOWS\System32\svchost.exe
  14. C:\WINDOWS\system32\spoolsv.exe
  15. C:\WINDOWS\system32\Ati2evxx.exe
  16. C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  17. C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  18. C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  19. C:\WINDOWS\System32\ctfmon.exe
  20. C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
  21. C:\clavier\Clavier.exe
  22. C:\Program Files\eMule\emule.exe
  23. C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  24. C:\Program Files\Alwil Software\Avast4\ashServ.exe
  25. C:\yzdock\YzDock.exe
  26. C:\WINDOWS\System32\svchost.exe
  27. C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  28. C:\Program Files\Mozilla Firefox\firefox.exe
  29. C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  30. C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  31. C:\Program Files\Webteh\BSplayer\bsplayer.exe
  32. C:\WINDOWS\explorer.exe
  33. C:\Program Files\Notepad++\notepad++.exe
  34. C:\Documents and Settings\djedie\Bureau\HijackThis\HijackThis.exe
  36. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
  37. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
  38. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  39. O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  40. O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  41. O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  42. O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
  43. O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  44. O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  45. O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  46. O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
  47. O4 - HKCU\..\Run: [Clavier+] C:\clavier\Clavier.exe
  48. O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
  49. O4 - Startup: YzDock.lnk = C:\yzdock\YzDock.exe
  50. O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  51. O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
  52. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  53. O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  54. O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  55. O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  56. O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  57. O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
  58. O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
  59. O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
  60. O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
  61. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6747254828
  62. O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
  63. O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  64. O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
  65. O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  66. O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
  67. O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  68. O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  69. O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  70. O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  71. O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
  72. O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
  73. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
  74. O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


 
Si quelqu'un peut m'aider ...

Reply

Marsh Posté le 01-11-2005 à 16:56:50    

Essaye l'uninstaller Look2me !
 
Il y a le lien sur le post que je t'ai cité !

Reply

Marsh Posté le 01-11-2005 à 17:01:00    

C'est OK. Ton log HijackThis est propre.  
 

Reply

Marsh Posté le 01-11-2005 à 17:12:24    

Ben ecoute ca va faire 20 mns que je n'ai plus de fenetres intempestives qui s'ouvrent !
 
Tout ça grâce à l'uninstaller look2me !
 
Essaye le ca devrait bien bien t'aider !

Reply

Marsh Posté le 01-11-2005 à 17:17:10    

c'est koi l'uninstaller ?
j 'ai l2mfix
mais je vois pas d' uninstall ...
 
en tout cas il ne se passe plus rien pour l'instant donc c'est cool !

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed