Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
1848 connectés 

  FORUM HardWare.fr
  Windows & Software
  Sécurité

  "Adware.look2Me" impossible à retirer...

 
 


 Mot :   Pseudo :  
 
Bas de page
Auteur Sujet :

"Adware.look2Me" impossible à retirer...

n°2407542
zoglu
Posté le 10-05-2006 à 20:20:46  profilanswer
 

Bonjour,
Depuis quelques temps des pages web avec de la pub s'affichent régulièrement. Mon antivirus (AntiVir) trouve bien des fichiers, les met en quarantaine, mais ils réapparaissent. Parfois même un programme (msconfigup.exe) se lance et coupe Antivir, m'empêche de faire Ctrl+Alt+Suppr et de lancer HijackThis.
J'ai donc fait un scan avec Spybot S&D et a² qui ont trouvé quelques spywares (retirables uniquement en mode sans échec), et j'ai fait de même avec Ad-Aware, qui lui trouve "Adware.Look2Me", un processus qui même en mode sans échec n'est pas supprimable (C:\Windows\system32\Glp2l33o1.dll n'a pas pau être effacé) De plus, pendant le scan avec Ad-Aware, explorer.exe se redémarre.
Je joins une partie du log Ad-Aware et un log HijackThis :
 
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
#:2 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 556
    ThreadCreationTime : 10-05-2006 11:06:42
    BasePriority       : High
 
 
 Adware.Look2Me Object Recognized!
    Type               : Process
    Data               : gpl2l33o1.dll
    TAC Rating         : 7
    Category           : Adware
    Comment            : iieshare.dll.dmp
    Object             : C:\WINDOWS\system32\
 
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\gpl2l33o1.dll)
 
 
#:8 [rundll32.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1164
    ThreadCreationTime : 10-05-2006 11:06:45
    BasePriority       : Normal
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion     : 5.1.2600.0
    ProductName        : Système d'exploitation Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Exécuter une DLL en tant qu'application
    InternalName       : rundll
    LegalCopyright     : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename   : RUNDLL.EXE
 
 Adware.Look2Me Object Recognized!
    Type               : Process
    Data               : mdc42u.dll
    TAC Rating         : 7
    Category           : Adware
    Comment            : iieshare.dll.dmp
    Object             : C:\WINDOWS\system32\
 
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\mdc42u.dll)
 
 
#:12 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 1500
    ThreadCreationTime : 10-05-2006 11:06:50
    BasePriority       : Normal
    FileVersion        : 6.00.2600.0000 (xpclient.010817-1148)
    ProductVersion     : 6.00.2600.0000
    ProductName        : Système d'exploitation Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Explorateur Windows
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename   : EXPLORER.EXE
 
 Adware.Look2Me Object Recognized!
    Type               : Process
    Data               : mdc42u.dll
    TAC Rating         : 7
    Category           : Adware
    Comment            : iieshare.dll.dmp
    Object             : C:\WINDOWS\system32\
 
-------------------------------------------
 
Logfile of HijackThis v1.98.2
Scan saved at 14:00:40, on 10/05/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\System32\dragdiag.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\bgcm\Mes documents\hijackthis\Hijack This.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1145F7A8-1A31-40EF-62A1-3346E19089CA} - C:\WINDOWS\System32\ugtogqhq.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [dragdiag] C:\WINDOWS\System32\dragdiag.exe /icon
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] G:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/671 [...] taller.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52B39154-FD85-453D-98C4-DA26BC83C555}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D3DFF8F-1BCA-4571-9012-A1395623E4F6}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll

 
Enfin, dans le dossier Windows/System32, quelques fichiers datant d'aujourd'hui (alors que presque tous les fichiers de ce dossier datent de 2001) sont apparus et semblent correspondre à ce que trouve Ad-Aware, mais je ne sais pas si je peux les supprimer sans problème
 
Donc qu'est-ce-que je peux faire pour me débarasser de ça?
Merci d'avance  :)


Message édité par zoglu le 10-05-2006 à 20:21:32
mood
Publicité
Posté le 10-05-2006 à 20:20:46  profilanswer
 

n°2407547
Anthony10
Posté le 10-05-2006 à 20:24:09  profilanswer
 

Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
 
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt dans ta prochaine réponse.
 
#Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.

n°2407553
sebbes
Hé Ho
Posté le 10-05-2006 à 20:31:41  profilanswer
 

Utiliser un antivirus pourrait etre une solution


---------------
pluralitas non est ponenda sine necessitate
n°2407554
zoglu
Posté le 10-05-2006 à 20:31:56  profilanswer
 

Merci, je vais essayer.  :)

n°2407604
zoglu
Posté le 10-05-2006 à 21:00:34  profilanswer
 

Voilà le log L2M-Destroyer :
 
 
Look2Me-Destroyer V1.0.12
 
Scanning for infected files.....
Scan started at 10/05/2006 14:45:08
 
Infected! C:\WINDOWS\system32\gpl2l33o1.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134522.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134540.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134563.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134585.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134618.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134651.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134664.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134764.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134777.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134796.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134821.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134834.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135832.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135837.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135852.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135858.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135866.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135880.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135892.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135895.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135907.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135914.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135926.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135941.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135954.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135958.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135959.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135978.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135992.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135996.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0136009.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137028.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137040.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137156.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137169.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137219.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137240.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137306.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137319.dll
Infected! C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP660\A0137325.dll
Infected! C:\WINDOWS\system32\aoi2edxx.dll
Infected! C:\WINDOWS\system32\djnetlib.dll
Infected! C:\WINDOWS\system32\dn6401jqe.dll
Infected! C:\WINDOWS\system32\fp6u03j9e.dll
Infected! C:\WINDOWS\system32\gpl2l33o1.dll
Infected! C:\WINDOWS\system32\j4l4le3q1h.dll
Infected! C:\WINDOWS\system32\k2no0c53ef.dll
Infected! C:\WINDOWS\system32\lTngwrbk.dll
Infected! C:\WINDOWS\system32\mfcshext.dll
Infected! C:\WINDOWS\system32\mnexch40.dll
Infected! C:\WINDOWS\system32\mwidntld.dll
Infected! C:\WINDOWS\system32\nxwmsdrm.dll
Infected! C:\WINDOWS\system32\oauninst.dll
Infected! C:\WINDOWS\system32\vwrcodec.dll
Infected! C:\WINDOWS\system32\WKDRMdev.dll
Infected! C:\WINDOWS\system32\wwcsvc.dll
Infected! C:\WINDOWS\system32\xCctsrv.dll
 
Attempting to delete infected files...
 
Attempting to delete: C:\WINDOWS\system32\gpl2l33o1.dll
C:\WINDOWS\system32\gpl2l33o1.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134522.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134522.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134540.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134540.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134563.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134563.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134585.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP654\A0134585.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134618.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134618.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134651.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134651.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134664.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP655\A0134664.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134764.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134764.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134777.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134777.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134796.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP656\A0134796.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134821.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134821.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134834.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0134834.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135832.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135832.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135837.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135837.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135852.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135852.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135858.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135858.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135866.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135866.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135880.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135880.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135892.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135892.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135895.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135895.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135907.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135907.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135914.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135914.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135926.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP657\A0135926.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135941.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135941.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135954.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135954.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135958.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135958.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135959.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135959.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135978.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135978.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135992.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135992.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135996.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0135996.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0136009.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0136009.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137028.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137028.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137040.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137040.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137156.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137156.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137169.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP658\A0137169.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137219.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137219.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137240.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137240.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137306.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137306.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137319.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP659\A0137319.dll Deleted successfully!
 
Attempting to delete: C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP660\A0137325.dll
C:\System Volume Information\_restore{F408E3B8-DB80-4DDB-8EFA-F327ADC87FDB}\RP660\A0137325.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\aoi2edxx.dll
C:\WINDOWS\system32\aoi2edxx.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\djnetlib.dll
C:\WINDOWS\system32\djnetlib.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\dn6401jqe.dll
C:\WINDOWS\system32\dn6401jqe.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\fp6u03j9e.dll
C:\WINDOWS\system32\fp6u03j9e.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\gpl2l33o1.dll
C:\WINDOWS\system32\gpl2l33o1.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\j4l4le3q1h.dll
C:\WINDOWS\system32\j4l4le3q1h.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\k2no0c53ef.dll
C:\WINDOWS\system32\k2no0c53ef.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\lTngwrbk.dll
C:\WINDOWS\system32\lTngwrbk.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\mfcshext.dll
C:\WINDOWS\system32\mfcshext.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\mnexch40.dll
C:\WINDOWS\system32\mnexch40.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\mwidntld.dll
C:\WINDOWS\system32\mwidntld.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\nxwmsdrm.dll
C:\WINDOWS\system32\nxwmsdrm.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\oauninst.dll
C:\WINDOWS\system32\oauninst.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\vwrcodec.dll
C:\WINDOWS\system32\vwrcodec.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\WKDRMdev.dll
C:\WINDOWS\system32\WKDRMdev.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\wwcsvc.dll
C:\WINDOWS\system32\wwcsvc.dll Deleted successfully!
 
Attempting to delete: C:\WINDOWS\system32\xCctsrv.dll
C:\WINDOWS\system32\xCctsrv.dll Deleted successfully!
 
Making registry repairs.
 
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions
 
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6B2EA2D5-D4BF-424A-BF77-813C2138E14E}"
HKCR\Clsid\{6B2EA2D5-D4BF-424A-BF77-813C2138E14E}
 
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{941AA292-E02B-4C05-8152-87063330468F}"
HKCR\Clsid\{941AA292-E02B-4C05-8152-87063330468F}
 
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EB61AC6C-6E39-4495-8B7F-D27436C5284B}"
HKCR\Clsid\{EB61AC6C-6E39-4495-8B7F-D27436C5284B}
 
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D7BAEE8D-3DE1-4DA0-B7A2-5F0BE3AFDC40}"
HKCR\Clsid\{D7BAEE8D-3DE1-4DA0-B7A2-5F0BE3AFDC40}
 
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1FD92BAB-06BB-40AD-B777-859D041E7832}"
HKCR\Clsid\{1FD92BAB-06BB-40AD-B777-859D041E7832}
 
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{92680BE9-F094-489B-9BF9-F2D061E3F58E}"
HKCR\Clsid\{92680BE9-F094-489B-9BF9-F2D061E3F58E}
 
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8A2BAE45-E238-42B4-82A2-1CE7C4C2E3F6}"
HKCR\Clsid\{8A2BAE45-E238-42B4-82A2-1CE7C4C2E3F6}
 
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{36DE8E04-3483-4E83-A683-8352E778752E}"
HKCR\Clsid\{36DE8E04-3483-4E83-A683-8352E778752E}
 
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C19D525C-1C2E-414D-9CF9-DF8DD1D2DEE3}"
HKCR\Clsid\{C19D525C-1C2E-414D-9CF9-DF8DD1D2DEE3}
 
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0354360C-6416-475A-AC70-420040671A3C}"
HKCR\Clsid\{0354360C-6416-475A-AC70-420040671A3C}
 
Restoring Windows certificates.
 
Replaced hosts file with default windows hosts file
 
 

n°2407618
zoglu
Posté le 10-05-2006 à 21:13:55  profilanswer
 

Voici aussi un autre log HijackThis :
 
Logfile of HijackThis v1.98.2
Scan saved at 15:19:41, on 10/05/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\System32\dragdiag.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\bgcm\Mes documents\hijackthis\Hijack This.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1145F7A8-1A31-40EF-62A1-3346E19089CA} - C:\WINDOWS\System32\ugtogqhq.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [dragdiag] C:\WINDOWS\System32\dragdiag.exe /icon
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] G:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/671 [...] taller.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D3DFF8F-1BCA-4571-9012-A1395623E4F6}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll

n°2408254
Anthony10
Posté le 11-05-2006 à 16:33:02  profilanswer
 

Bonjour a tous,
 
* Télécharge et installe ATF-Cleaner (Attribune) :  http://www.atribune.org/ccount/click.php?id=1
 
* Télécharger et installer :
 
- Ewido http://www.ewido.net/fr/download/
* Durant l'installation
* Sur la page Additional Options
* Décoche Install background guardet et Install scan via context menu
* Lance Ewido Security Suite. Clique sur Mise à jour mais ne t'en serts pas tout de suite.
 
* Imprime ou enregistre ceci dans un fichier texte.
 
* S'assurer que tout les fichiers soient la :
 
 - Autorise l'affichage des fichiers et dossiers cachés
 - Clique sur Démarrer - Panneau de configuration - Outils - Option des dossiers onglet Affichage
 - Cocher Afficher les Fichiers et dossiers cachés
 - Décocher Masquer les fichiers protégés du système d'exploitation (recommandé)
 - Décocher Masquer les extensions dont le type est connu
 - Clique sur Appliquer et Ok pour valider les changements
 
*  Redémarrez votre PC en mode sans échec [ http://www.sosordi.net/Faq/Faq.2.html ] [color=red] Impératif [/color] !!!
 
* Enlevez les applications nocives :
 
Verifiez si ce programme est present via Panneau de configuration / Ajout et suppresion de programmes :
 
FlashGet
 
 
S'il est present, le desinstaller.
 
* Enlever les lignes nefastes :
 
 Relancez  HijackThis et cliquez sur Scan only  puis cochez les lignes [ si presentes ] en gras ci-dessous :  
 
R3 - URLSearchHook: (no name) - {1145F7A8-1A31-40EF-62A1-3346E19089CA} - C:\WINDOWS\System32\ugtogqhq.dll  
 
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll  
 
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm  
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm  
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe  
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe  
 
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab  
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab  
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab  
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab  
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab  
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/671 [...] taller.exe  
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab  
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab  
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab  
 
 
 
Fermez toutes les applications en cours sauf HijackThis et faites Fixed checked .
 
* Supprimez les mauvais fichiers :
 
Supprimez les fichiers/dossiers incriminés en gras ci dessous [ s'ils sont presents ] en suivant le chemin d'acces.
 
C:\WINDOWS\System32\ ugtogqhq.dll <= Le fichier
C:\PROGRAM FILES\ FlashGet <= Le dossier
 
* Démarre ATF-Cleaner :
Coche ceci :
 
    * Windows Temp
    * Current User Temp
    * All Users Temp
    * Cookies
    * Temporary Internet Files
    * Prefetch
    * Java Cache
    * Recycle Bin
 
Clique sur Empty Selected et au message "Done Cleaning" sur Ok
 
* Faire un scan avec Ewido
* Clique sur Scanner et choisir Scan complet du système
* Si des fichiers infectés sont trouvés, toujours les supprimer
* Le scan fini, sauver le rapport et le postez ici.
 
* Voir les resultats de la manipulation :
 
Redémarrez l'ordinateur en mode normal et postez un nouveau rapport HijackThis à titre vérificatif ainsi que le rapport d'Ewido


Aller à :
Ajouter une réponse
  FORUM HardWare.fr
  Windows & Software
  Sécurité

  "Adware.look2Me" impossible à retirer...

 

Sujets relatifs
restauration impossible avec NERO BACKUP?[résolu]Ad-Aware maj du 09.05.06 impossible
probleme avec freebox connection internet impossibleImpossible d'ouvrir une session
Connexion internet impossible avec pare feu AVK[resolu]Win2003: impossible d'ajouter un groupe comme membre
Impossible de lire qques videos sur le web + videos aux couleurs bizarreconnection impossible
Impossible d'ouvrir une session car il y a une limitation des comptesImpossible de créer un répertoire sys
Plus de sujets relatifs à : "Adware.look2Me" impossible à retirer...

Forum MesDiscussions.Net, Version 2010.2
(c) 2000-2011 Doctissimo
Page générée en 0.084 secondes

Copyright © 1997-2022 Hardware.fr SARL (Signaler un contenu illicite / Données personnelles) / Groupe LDLC / Shop HFR