Popup qui reviennent sous firefox

Popup qui reviennent sous firefox - Sécurité - Windows & Software

Marsh Posté le 01-11-2005 à 15:57:45    

Salut a tous.
Donc le probleme c'est que j'ai des popups qui s'ouvrent toutes les 5 minutes dans firefox.
Il arrive parfois que ca ouvre firfox (qui etait fermé).
Les pubs sont en generales des trucs de smileys ou des logiciels anti spywares.
Je sais que ecrtains ont deja posté pour ce probleme mais je ne sais pas si G la même config.
 
J'ai aussi rundll32.exe qui est lancé 2X dans mon gestionnaire de tache... bizzare nan?
 
je mets un log de Hijack:  
 

Code :
  1. Logfile of HijackThis v1.99.1
  2. Scan saved at 15:57:20, on 1/11/2005
  3. Platform: Windows XP SP1 (WinNT 5.01.2600)
  4. MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  5. Running processes:
  6. C:\WINDOWS\System32\smss.exe
  7. C:\WINDOWS\system32\winlogon.exe
  8. C:\WINDOWS\system32\services.exe
  9. C:\WINDOWS\system32\lsass.exe
  10. C:\WINDOWS\System32\Ati2evxx.exe
  11. C:\WINDOWS\system32\svchost.exe
  12. C:\WINDOWS\System32\svchost.exe
  13. C:\WINDOWS\system32\spoolsv.exe
  14. C:\WINDOWS\system32\rundll32.exe
  15. C:\WINDOWS\system32\Ati2evxx.exe
  16. C:\WINDOWS\Explorer.EXE
  17. C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  18. C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  19. C:\WINDOWS\System32\RunDll32.exe
  20. C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  21. C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  22. C:\WINDOWS\System32\ctfmon.exe
  23. C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
  24. C:\clavier\Clavier.exe
  25. C:\Program Files\eMule\emule.exe
  26. C:\Program Files\Alwil Software\Avast4\ashServ.exe
  27. C:\yzdock\YzDock.exe
  28. C:\WINDOWS\System32\svchost.exe
  29. C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  30. C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  31. C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  32. C:\Program Files\Mozilla Firefox\firefox.exe
  33. C:\WINDOWS\system32\NOTEPAD.EXE
  34. C:\Documents and Settings\djedie\Bureau\HijackThis\HijackThis.exe
  35. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
  36. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
  37. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  38. O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  39. O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  40. O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  41. O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
  42. O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  43. O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  44. O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  45. O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
  46. O4 - HKCU\..\Run: [Clavier+] C:\clavier\Clavier.exe
  47. O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
  48. O4 - Startup: YzDock.lnk = C:\yzdock\YzDock.exe
  49. O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  50. O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
  51. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  52. O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  53. O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  54. O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  55. O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  56. O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
  57. O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
  58. O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
  59. O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
  60. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6747254828
  61. O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
  62. O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  63. O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
  64. O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\n4l80e3ueh.dll
  65. O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  66. O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
  67. O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  68. O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  69. O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  70. O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  71. O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
  72. O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
  73. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
  74. O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


 
merci pour vos réponses.

Reply

Marsh Posté le 01-11-2005 à 15:57:45   

Reply

Marsh Posté le 01-11-2005 à 16:39:17    

J'ai exactement le même problème que toi ! Et avec firefox aussi !
 
J'ai tout essayé, y compris hijackthis et consorts ....
 
Rien n'y fait et je suis au bord de la crise de nerfs !!
 
HELP !!  :fou:  :cry:
 
 
EDIT : je pense que ce post devrait nous interesser ! Jette un oeil !!  
 
http://forum.hardware.fr/hardwaref [...] 1154-1.htm


Message édité par Gilmour le 01-11-2005 à 16:42:19
Reply

Marsh Posté le 01-11-2005 à 16:55:17    

voici mon rapport l2mfix (le 2eme) car j en ai pas eu en utilisant l'option 1.
 
 

Code :
  1. L2Mfix 1.04a
  2. Running From:
  3. C:\Documents and Settings\djedie\Bureau\HijackThis\l2mfix
  4. RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  5. Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  6. This program is Freeware, use it on your own risk!
  7. Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
  8. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  9. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  10. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  11. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  12. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
  13. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
  14. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  15. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  16. (ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
  17. (ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
  18. (ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
  19. (ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
  20. (ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
  21. Setting registry permissions:
  22. RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  23. Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  24. This program is Freeware, use it on your own risk!
  25. Denying C(CI) access for predefined group "Administrators"
  26. - adding new ACCESS DENY entry
  27. Registry Permissions set too:
  28. RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  29. Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  30. This program is Freeware, use it on your own risk!
  31. Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
  32. (CI)    DENY   --C-------    BUILTIN\Administrateurs
  33. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  34. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  35. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  36. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  37. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
  38. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
  39. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  40. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  41. (ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
  42. (ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
  43. (ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
  44. (ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
  45. (ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
  46. Setting up for Reboot
  47. Starting Reboot!
  48. Setting Directory
  49. C:\Documents and Settings\djedie\Bureau\HijackThis\l2mfix
  50. System Rebooted!
  51. Running From:
  52. C:\Documents and Settings\djedie\Bureau\HijackThis\l2mfix
  53. killing explorer and rundll32.exe
  54. Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
  55. Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
  56. Killing PID 1136 'explorer.exe'
  57. Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
  58. Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
  59. Killing PID 1336 'rundll32.exe'
  60. Killing PID 1440 'rundll32.exe'
  61. Scanning First Pass. Please Wait!
  62. First Pass Completed
  63. Second Pass Scanning
  64. Second pass Completed!
  65. Backing Up: C:\WINDOWS\system32\cLtsrvut.dll
  66.         1 fichier(s) copi‚(s).
  67. Backing Up: C:\WINDOWS\system32\cnyptdll.dll
  68.         1 fichier(s) copi‚(s).
  69. Backing Up: C:\WINDOWS\system32\dn2001fme.dll
  70.         1 fichier(s) copi‚(s).
  71. Backing Up: C:\WINDOWS\system32\e6jmlg1116.dll
  72.         1 fichier(s) copi‚(s).
  73. Backing Up: C:\WINDOWS\system32\gp80l3lm1.dll
  74.         1 fichier(s) copi‚(s).
  75. Backing Up: C:\WINDOWS\system32\ifrdbg32.dll
  76.         1 fichier(s) copi‚(s).
  77. Backing Up: C:\WINDOWS\system32\iisutil.dll
  78.         1 fichier(s) copi‚(s).
  79. Backing Up: C:\WINDOWS\system32\j0j60a1sed.dll
  80.         1 fichier(s) copi‚(s).
  81. Backing Up: C:\WINDOWS\system32\jtlu0739e.dll
  82.         1 fichier(s) copi‚(s).
  83. Backing Up: C:\WINDOWS\system32\l42s0ef7eh2.dll
  84.         1 fichier(s) copi‚(s).
  85. Backing Up: C:\WINDOWS\system32\lvls0937e.dll
  86.         1 fichier(s) copi‚(s).
  87. Backing Up: C:\WINDOWS\system32\m682lglo16qc.dll
  88.         1 fichier(s) copi‚(s).
  89. Backing Up: C:\WINDOWS\system32\mvr0l99m1.dll
  90.         1 fichier(s) copi‚(s).
  91. Backing Up: C:\WINDOWS\system32\pclmon.dll
  92.         1 fichier(s) copi‚(s).
  93. Backing Up: C:\WINDOWS\system32\guard.tmp
  94.         1 fichier(s) copi‚(s).
  95. deleting: C:\WINDOWS\system32\cLtsrvut.dll 
  96. Successfully Deleted: C:\WINDOWS\system32\cLtsrvut.dll
  97. deleting: C:\WINDOWS\system32\cnyptdll.dll 
  98. Successfully Deleted: C:\WINDOWS\system32\cnyptdll.dll
  99. deleting: C:\WINDOWS\system32\dn2001fme.dll 
  100. Successfully Deleted: C:\WINDOWS\system32\dn2001fme.dll
  101. deleting: C:\WINDOWS\system32\e6jmlg1116.dll 
  102. Successfully Deleted: C:\WINDOWS\system32\e6jmlg1116.dll
  103. deleting: C:\WINDOWS\system32\gp80l3lm1.dll 
  104. Successfully Deleted: C:\WINDOWS\system32\gp80l3lm1.dll
  105. deleting: C:\WINDOWS\system32\ifrdbg32.dll 
  106. Successfully Deleted: C:\WINDOWS\system32\ifrdbg32.dll
  107. deleting: C:\WINDOWS\system32\iisutil.dll 
  108. Successfully Deleted: C:\WINDOWS\system32\iisutil.dll
  109. deleting: C:\WINDOWS\system32\j0j60a1sed.dll 
  110. Successfully Deleted: C:\WINDOWS\system32\j0j60a1sed.dll
  111. deleting: C:\WINDOWS\system32\jtlu0739e.dll 
  112. Successfully Deleted: C:\WINDOWS\system32\jtlu0739e.dll
  113. deleting: C:\WINDOWS\system32\l42s0ef7eh2.dll 
  114. Successfully Deleted: C:\WINDOWS\system32\l42s0ef7eh2.dll
  115. deleting: C:\WINDOWS\system32\lvls0937e.dll 
  116. Successfully Deleted: C:\WINDOWS\system32\lvls0937e.dll
  117. deleting: C:\WINDOWS\system32\m682lglo16qc.dll 
  118. Successfully Deleted: C:\WINDOWS\system32\m682lglo16qc.dll
  119. deleting: C:\WINDOWS\system32\mvr0l99m1.dll 
  120. Successfully Deleted: C:\WINDOWS\system32\mvr0l99m1.dll
  121. deleting: C:\WINDOWS\system32\pclmon.dll 
  122. Successfully Deleted: C:\WINDOWS\system32\pclmon.dll
  123. deleting: C:\WINDOWS\system32\guard.tmp 
  124. Successfully Deleted: C:\WINDOWS\system32\guard.tmp
  125. Zipping up files for submission:
  126.   adding: cLtsrvut.dll (164 bytes security) (deflated 5%)
  127.   adding: cnyptdll.dll (164 bytes security) (deflated 5%)
  128.   adding: dn2001fme.dll (164 bytes security) (deflated 4%)
  129.   adding: e6jmlg1116.dll (164 bytes security) (deflated 5%)
  130.   adding: gp80l3lm1.dll (164 bytes security) (deflated 5%)
  131.   adding: ifrdbg32.dll (164 bytes security) (deflated 5%)
  132.   adding: iisutil.dll (164 bytes security) (deflated 5%)
  133.   adding: j0j60a1sed.dll (164 bytes security) (deflated 5%)
  134.   adding: jtlu0739e.dll (164 bytes security) (deflated 5%)
  135.   adding: l42s0ef7eh2.dll (164 bytes security) (deflated 5%)
  136.   adding: lvls0937e.dll (164 bytes security) (deflated 5%)
  137.   adding: m682lglo16qc.dll (164 bytes security) (deflated 4%)
  138.   adding: mvr0l99m1.dll (164 bytes security) (deflated 5%)
  139.   adding: pclmon.dll (164 bytes security) (deflated 5%)
  140.   adding: guard.tmp (164 bytes security) (deflated 5%)
  141.   adding: clear.reg (164 bytes security) (deflated 22%)
  142.   adding: echo.reg (164 bytes security) (deflated 12%)
  143.   adding: direct.txt (164 bytes security) (stored 0%)
  144.   adding: lo2.txt (164 bytes security) (deflated 82%)
  145.   adding: readme.txt (164 bytes security) (deflated 52%)
  146.   adding: report.txt (164 bytes security) (deflated 65%)
  147.   adding: test.txt (164 bytes security) (deflated 75%)
  148.   adding: test2.txt (164 bytes security) (deflated 2%)
  149.   adding: test3.txt (164 bytes security) (deflated 2%)
  150.   adding: test5.txt (164 bytes security) (deflated 2%)
  151.   adding: xfind.txt (164 bytes security) (deflated 68%)
  152.   adding: backregs/3C5CA255-90A4-4227-B994-AAA964FCBD3B.reg (164 bytes security) (deflated 70%)
  153.   adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
  154.   adding: backregs/shell.reg (164 bytes security) (deflated 73%)
  155. Restoring Registry Permissions:
  156. RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  157. Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  158. This program is Freeware, use it on your own risk!
  159. Revoking access for predefined group "Administrators"
  160. Inherited ACE can not be revoked here!
  161. Inherited ACE can not be revoked here!
  162. Registry permissions set too:
  163. RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  164. Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  165. This program is Freeware, use it on your own risk!
  166. Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
  167. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  168. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  169. (NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
  170. (IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
  171. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
  172. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
  173. (ID-NI) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  174. (ID-IO) ALLOW  Read         BUILTIN\Utilisateurs avec pouvoir
  175. (ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
  176. (ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
  177. (ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
  178. (ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
  179. (ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
  180. Restoring Sedebugprivilege:
  181. Granting SeDebugPrivilege to Administrators   ... failed (GetAccountSid(Administrators)=1332
  182. Restoring Windows Update Certificates.:
  183. deleting local copy: cLtsrvut.dll 
  184. deleting local copy: cnyptdll.dll 
  185. deleting local copy: dn2001fme.dll 
  186. deleting local copy: e6jmlg1116.dll 
  187. deleting local copy: gp80l3lm1.dll 
  188. deleting local copy: ifrdbg32.dll 
  189. deleting local copy: iisutil.dll 
  190. deleting local copy: j0j60a1sed.dll 
  191. deleting local copy: jtlu0739e.dll 
  192. deleting local copy: l42s0ef7eh2.dll 
  193. deleting local copy: lvls0937e.dll 
  194. deleting local copy: m682lglo16qc.dll 
  195. deleting local copy: mvr0l99m1.dll 
  196. deleting local copy: pclmon.dll 
  197. deleting local copy: guard.tmp 
  198. The following Is the Current Export of the Winlogon notify key:
  199. ****************************************************************************
  200. Windows Registry Editor Version 5.00
  201. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
  202. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
  203. "DLLName"="Ati2evxx.dll"
  204. "Asynchronous"=dword:00000000
  205. "Impersonate"=dword:00000001
  206. "Lock"="AtiLockEvent"
  207. "Logoff"="AtiLogoffEvent"
  208. "Logon"="AtiLogonEvent"
  209. "Disconnect"="AtiDisConnectEvent"
  210. "Reconnect"="AtiReConnectEvent"
  211. "Safe"=dword:00000000
  212. "Shutdown"="AtiShutdownEvent"
  213. "StartScreenSaver"="AtiStartScreenSaverEvent"
  214. "StartShell"="AtiStartShellEvent"
  215. "Startup"="AtiStartupEvent"
  216. "StopScreenSaver"="AtiStopScreenSaverEvent"
  217. "Unlock"="AtiUnLockEvent"
  218. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  219. "Asynchronous"=dword:00000000
  220. "Impersonate"=dword:00000000
  221. "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  222.   6c,00,00,00
  223. "Logoff"="ChainWlxLogoffEvent"
  224. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  225. "Asynchronous"=dword:00000000
  226. "Impersonate"=dword:00000000
  227. "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  228.   6c,00,6c,00,00,00
  229. "Logoff"="CryptnetWlxLogoffEvent"
  230. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  231. "DLLName"="cscdll.dll"
  232. "Logon"="WinlogonLogonEvent"
  233. "Logoff"="WinlogonLogoffEvent"
  234. "ScreenSaver"="WinlogonScreenSaverEvent"
  235. "Startup"="WinlogonStartupEvent"
  236. "Shutdown"="WinlogonShutdownEvent"
  237. "StartShell"="WinlogonStartShellEvent"
  238. "Impersonate"=dword:00000000
  239. "Asynchronous"=dword:00000001
  240. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  241. "DLLName"="wlnotify.dll"
  242. "Logon"="SCardStartCertProp"
  243. "Logoff"="SCardStopCertProp"
  244. "Lock"="SCardSuspendCertProp"
  245. "Unlock"="SCardResumeCertProp"
  246. "Enabled"=dword:00000001
  247. "Impersonate"=dword:00000001
  248. "Asynchronous"=dword:00000001
  249. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  250. "Asynchronous"=dword:00000000
  251. "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  252.   6c,00,6c,00,00,00
  253. "Impersonate"=dword:00000000
  254. "StartShell"="SchedStartShell"
  255. "Logoff"="SchedEventLogOff"
  256. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  257. "Logoff"="WLEventLogoff"
  258. "Impersonate"=dword:00000000
  259. "Asynchronous"=dword:00000001
  260. "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  261.   6c,00,6c,00,00,00
  262. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  263. "DLLName"="WlNotify.dll"
  264. "Lock"="SensLockEvent"
  265. "Logon"="SensLogonEvent"
  266. "Logoff"="SensLogoffEvent"
  267. "Safe"=dword:00000001
  268. "MaxWait"=dword:00000258
  269. "StartScreenSaver"="SensStartScreenSaverEvent"
  270. "StopScreenSaver"="SensStopScreenSaverEvent"
  271. "Startup"="SensStartupEvent"
  272. "Shutdown"="SensShutdownEvent"
  273. "StartShell"="SensStartShellEvent"
  274. "PostShell"="SensPostShellEvent"
  275. "Disconnect"="SensDisconnectEvent"
  276. "Reconnect"="SensReconnectEvent"
  277. "Unlock"="SensUnlockEvent"
  278. "Impersonate"=dword:00000001
  279. "Asynchronous"=dword:00000001
  280. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  281. "Asynchronous"=dword:00000000
  282. "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  283.   6c,00,6c,00,00,00
  284. "Impersonate"=dword:00000000
  285. "Logoff"="TSEventLogoff"
  286. "Logon"="TSEventLogon"
  287. "PostShell"="TSEventPostShell"
  288. "Shutdown"="TSEventShutdown"
  289. "StartShell"="TSEventStartShell"
  290. "Startup"="TSEventStartup"
  291. "MaxWait"=dword:00000258
  292. "Reconnect"="TSEventReconnect"
  293. "Disconnect"="TSEventDisconnect"
  294. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  295. "DLLName"="wlnotify.dll"
  296. "Logon"="RegisterTicketExpiredNotificationEvent"
  297. "Logoff"="UnregisterTicketExpiredNotificationEvent"
  298. "Impersonate"=dword:00000001
  299. "Asynchronous"=dword:00000001
  300. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
  301. "DLLName"="wzcdlg.dll"
  302. "Logon"="WZCEventLogon"
  303. "Logoff"="WZCEventLogoff"
  304. "Impersonate"=dword:00000000
  305. "Asynchronous"=dword:00000000
  306. The following are the files found:
  307. ****************************************************************************
  308. C:\WINDOWS\system32\cLtsrvut.dll
  309. C:\WINDOWS\system32\cnyptdll.dll
  310. C:\WINDOWS\system32\dn2001fme.dll
  311. C:\WINDOWS\system32\e6jmlg1116.dll
  312. C:\WINDOWS\system32\gp80l3lm1.dll
  313. C:\WINDOWS\system32\ifrdbg32.dll
  314. C:\WINDOWS\system32\iisutil.dll
  315. C:\WINDOWS\system32\j0j60a1sed.dll
  316. C:\WINDOWS\system32\jtlu0739e.dll
  317. C:\WINDOWS\system32\l42s0ef7eh2.dll
  318. C:\WINDOWS\system32\lvls0937e.dll
  319. C:\WINDOWS\system32\m682lglo16qc.dll
  320. C:\WINDOWS\system32\mvr0l99m1.dll
  321. C:\WINDOWS\system32\pclmon.dll
  322. C:\WINDOWS\system32\guard.tmp
  323. Registry Entries that were Deleted:
  324. Please verify that the listing looks ok. 
  325. If there was something deleted wrongly there are backups in the backreg folder.
  326. ****************************************************************************
  327. REGEDIT4
  328. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
  329. "{3C5CA255-90A4-4227-B994-AAA964FCBD3B}"=-
  330. [-HKEY_CLASSES_ROOT\CLSID\{3C5CA255-90A4-4227-B994-AAA964FCBD3B}]
  331. REGEDIT4
  332. [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  333. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  334. "SV1"=""
  335. ****************************************************************************
  336. Desktop.ini Contents:
  337. ****************************************************************************
  338. ****************************************************************************
  339. 


 
et le nouveau rapport Hijack :
 

Code :
  1. Logfile of HijackThis v1.99.1
  2. Scan saved at 16:56:17, on 1/11/2005
  3. Platform: Windows XP SP1 (WinNT 5.01.2600)
  4. MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  5. Running processes:
  6. C:\WINDOWS\System32\smss.exe
  7. C:\WINDOWS\system32\winlogon.exe
  8. C:\WINDOWS\system32\services.exe
  9. C:\WINDOWS\system32\lsass.exe
  10. C:\WINDOWS\System32\Ati2evxx.exe
  11. C:\WINDOWS\system32\svchost.exe
  12. C:\WINDOWS\System32\svchost.exe
  13. C:\WINDOWS\system32\spoolsv.exe
  14. C:\WINDOWS\system32\Ati2evxx.exe
  15. C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  16. C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  17. C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  18. C:\WINDOWS\System32\ctfmon.exe
  19. C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
  20. C:\clavier\Clavier.exe
  21. C:\Program Files\eMule\emule.exe
  22. C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  23. C:\Program Files\Alwil Software\Avast4\ashServ.exe
  24. C:\yzdock\YzDock.exe
  25. C:\WINDOWS\System32\svchost.exe
  26. C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  27. C:\Program Files\Mozilla Firefox\firefox.exe
  28. C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  29. C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  30. C:\Program Files\Webteh\BSplayer\bsplayer.exe
  31. C:\WINDOWS\explorer.exe
  32. C:\Program Files\Notepad++\notepad++.exe
  33. C:\Documents and Settings\djedie\Bureau\HijackThis\HijackThis.exe
  34. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
  35. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
  36. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  37. O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  38. O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  39. O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  40. O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
  41. O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  42. O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  43. O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  44. O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
  45. O4 - HKCU\..\Run: [Clavier+] C:\clavier\Clavier.exe
  46. O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
  47. O4 - Startup: YzDock.lnk = C:\yzdock\YzDock.exe
  48. O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  49. O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
  50. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  51. O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  52. O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  53. O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  54. O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  55. O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
  56. O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
  57. O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
  58. O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
  59. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6747254828
  60. O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
  61. O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  62. O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
  63. O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  64. O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
  65. O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  66. O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  67. O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  68. O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  69. O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
  70. O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
  71. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
  72. O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


 
Si quelqu'un peut m'aider ...

Reply

Marsh Posté le 01-11-2005 à 16:56:50    

Essaye l'uninstaller Look2me !
 
Il y a le lien sur le post que je t'ai cité !

Reply

Marsh Posté le 01-11-2005 à 17:01:00    

C'est OK. Ton log HijackThis est propre.  
 

Reply

Marsh Posté le 01-11-2005 à 17:12:24    

Ben ecoute ca va faire 20 mns que je n'ai plus de fenetres intempestives qui s'ouvrent !
 
Tout ça grâce à l'uninstaller look2me !
 
Essaye le ca devrait bien bien t'aider !

Reply

Marsh Posté le 01-11-2005 à 17:17:10    

c'est koi l'uninstaller ?
j 'ai l2mfix
mais je vois pas d' uninstall ...
 
en tout cas il ne se passe plus rien pour l'instant donc c'est cool !

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed