Pop up intempestifs et possibilité de spyware

Fermé
Rorchas - 17 août 2009 à 15:59
 Nouky29 - 16 oct. 2009 à 23:29
Bonjour,

J'ai des pop up suite à une visite sur un site de streaming ou j'ai (malencontreusement?) cliqué sur un lien interdit,un autre pb, rien a voir, je soupçonne une personne aux intentions douteuses, en fait l'ex de ma mere, informaticien, d'avoir placé un logiciel de surveillance à distance sur ce pc, qui sert à toute la famille.

Je n'y connais pas grand chose en informatique (sans être un gros novice), j'aimerai donc savoir quelle est la batterie de softs à telecharger, pour nettoyer mon pc, et vérifier si il n'y a pas ce soft indésirable.
A voir également:

80 réponses

XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
17 août 2009 à 16:20
Bonjour ,

Fait ceci :

~~~~~~~~~~~~~~~> Hijack This <~~~~~~~~~~~~~~~~~~~

- Telecharger Hijack
>http://www.infos-du-net.com/telecharger/HijackThis.html

Une fois Hijack installer, exécuter le :
- Cliquer sur "Do a system scan and save a logfile"

- Un fichier texte s'ouvre, si ce n'est pas le cas celui-ci se trouve dans le même dossier que hijackthis.exe .
- Faire édition / sélectionner tout
- Clic droit / copier

- Poste moi le rapport entier
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:00, on 17/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\rkfree\rkfree.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Users\Benoit\AppData\Local\xhqbdu.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Benoit\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherchermalin.com/?t=Q0907283499&s=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\rkfree\rkfree.exe" /b
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [xhqbdu] "c:\users\benoit\appdata\local\xhqbdu.exe" xhqbdu
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O2FLASH (o2flash) - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
0
Salut,

désolé de te déranger. J'ai visiblement le même problème de pop up intempestifs, et en plus depuis mon ordi fonctionne franchement pas au top...
J'ai donc lancer le Hijack. Puis-je te soumettre le rapport et te damander ton aide?

peux-tu répondre par mail qbogaerts@hotmail.com?

merci d'avance.

voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:14, on 27/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\P2Pcontrol\p2control.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Philips\SA28XX Device Manager\main.exe
C:\Documents and Settings\user\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Documents and Settings\user\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6759A7D3-E8F9-478C-81B3-1697D1139A8D} - C:\WINDOWS\system32\xxyxVlKE.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\iiffEwwU.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: vnbptxlf - {E22B6A50-4AE1-42CC-90F7-6CB1086D3A2D} - C:\WINDOWS\vnbptxlf.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2Pcontrol] C:\Program Files\P2Pcontrol\p2control.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\free save.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Totocam] C:\PROGRA~1\ALLOCA~1\allocam.exe 1
O4 - HKCU\..\Run: [Ilda] "C:\WINDOWS\ICROSO~1\wuauclt.exe" -vt ndrv
O4 - HKCU\..\Run: [Bnoc] C:\WINDOWS\F?nts\??oolsv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [POPKIND] C:\DOCUME~1\user\APPLIC~1\EACHDR~1\dart mfcd rdr.exe
O4 - HKCU\..\Policies\Explorer\Run: [{C49CAAB9-089C-2060-0515-060422050020}] "C:\Program Files\Fichiers communs\{C49CAAB9-089C-2060-0515-060422050020}\Update.exe" mc-110-12-0000137
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{C49CAAB9-089D-2060-0515-060422050020}] "C:\Program Files\Fichiers communs\{C49CAAB9-089D-2060-0515-060422050020}\Update.exe" mc-110-12-0000137 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{C49CAAB9-089D-2060-0515-060422050020}] "C:\Program Files\Fichiers communs\{C49CAAB9-089D-2060-0515-060422050020}\Update.exe" mc-110-12-0000137 (User 'Default user')
O4 - Startup: .protected
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\user\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: .protected
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Philips Gestionnaire de périphériques.lnk = C:\Program Files\Philips\SA28XX Device Manager\main.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O20 - Winlogon Notify: iiffEwwU - iiffEwwU.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Outlook Express\propryprelo.html
0
merci au fait.
0
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
17 août 2009 à 16:45
Ok !

Fait ceci :

Désactive tout d'abord L'uac en suivant le tuto de ce lien

> https://forum.malekal.com/viewtopic.php?t=6517&start=

~~~~~~~~~~~~~~~> Lop S&D <~~~~~~~~~~~~~~~~~~

Téléchargez Lop S&D d'Eric 71 & Angeldark à partir de ce lien

> https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

- Cliquez sur Enregistrer et placez le sur le Bureau

- Une fois le Téléchargement terminé, cliquez sur Fermer
- Double-cliquez sur l'icône pour lancer l'installation

- Acceptez les termes d'utilisation et cliquez sur Suivant
- Cliquez sur Oui pour créer un répertoire

- Double-cliquez sur le nouvel icône placé sur votre bureau pour lancer l'outil

- Choisissez votre langue : dans notre cas, ce sera Français, tapez F et pressez la touche Entrée de votre clavier
- Un rapport apparait automatiquement, Poste le dans ton prochain message
0
ok, apres le choix de la langue, j'ai:

1 recherche
2 suppression + hosts
3 suppression - hosts
4 Lopscript
Q quitter
/w whiye list

Je ne sais pas ce que je dois faire
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
17 août 2009 à 16:56
Option 1
0
Voici le rapport:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Benoit ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:220 Go (Free:112 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:115 Go (Free:34 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 17/08/2009|16:57 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[11/01/2009|04:08] C:\Users\Benoit\AppData\Local\ACD Systems
[16/01/2009|04:42] C:\Users\Benoit\AppData\Local\Adobe
[28/12/2008|03:48] C:\Users\Benoit\AppData\Local\Ahead
[21/01/2009|23:53] C:\Users\Benoit\AppData\Local\Apple
[25/01/2009|22:40] C:\Users\Benoit\AppData\Local\Apple Computer
[25/12/2008|02:13] C:\Users\Benoit\AppData\Local\Application Data
[28/12/2008|20:21] C:\Users\Benoit\AppData\Local\Apps
[25/12/2008|02:23] C:\Users\Benoit\AppData\Local\ATI
[31/03/2009|13:01] C:\Users\Benoit\AppData\Local\d3d9caps.dat
[01/08/2009|23:08] C:\Users\Benoit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[21/01/2009|00:44] C:\Users\Benoit\AppData\Local\DNA
[28/12/2008|18:37] C:\Users\Benoit\AppData\Local\GDIPFONTCACHEV1.DAT
[25/12/2008|02:23] C:\Users\Benoit\AppData\Local\Google
[25/12/2008|02:13] C:\Users\Benoit\AppData\Local\Historique
[09/08/2009|22:20] C:\Users\Benoit\AppData\Local\IconCache.db
[03/07/2009|10:28] C:\Users\Benoit\AppData\Local\Microsoft
[19/01/2009|04:51] C:\Users\Benoit\AppData\Local\Mozilla
[28/12/2008|00:07] C:\Users\Benoit\AppData\Local\Packard Bell
[17/08/2009|16:56] C:\Users\Benoit\AppData\Local\Temp
[25/12/2008|02:13] C:\Users\Benoit\AppData\Local\Temporary Internet Files
[19/01/2009|18:48] C:\Users\Benoit\AppData\Local\VirtualStore
[17/08/2009|11:14] C:\Users\Benoit\AppData\Local\xhqbdu.bat
[17/08/2009|16:56] C:\Users\Benoit\AppData\Local\xhqbdu.dat
[28/07/2009|13:25] C:\Users\Benoit\AppData\Local\xhqbdu.exe
[15/08/2009|11:16] C:\Users\Benoit\AppData\Local\xhqbdu_nav.dat
[17/08/2009|16:56] C:\Users\Benoit\AppData\Local\xhqbdu_navps.dat

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[17/08/2009 16:55][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{B3C68159-4B95-4CC9-AF77-7C74CF1E8047}.job
[17/08/2009 16:30][--a------] C:\Windows\tasks\Extension de garantie-Benoit.job
[17/08/2009 16:30][--a------] C:\Windows\tasks\Recovery DVD Creator-Benoit.job
[17/08/2009 11:10][--ah-----] C:\Windows\tasks\SA.DAT
[16/08/2009 23:18][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[22/06/2009|22:58] C:\ProgramData\ACD Systems
[05/09/2008|16:31] C:\ProgramData\Acer
[28/12/2008|19:00] C:\ProgramData\Adobe
[28/12/2008|18:49] C:\ProgramData\ALM
[21/01/2009|23:53] C:\ProgramData\Apple
[11/07/2009|11:51] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[05/09/2008|16:03] C:\ProgramData\ATI
[25/12/2008|02:09] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[25/12/2008|02:09] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[28/12/2008|06:54] C:\ProgramData\FLEXnet
[27/12/2008|23:47] C:\ProgramData\Google
[12/01/2009|03:11] C:\ProgramData\LogiShrd
[29/12/2008|22:27] C:\ProgramData\Logitech
[02/02/2009|23:56] C:\ProgramData\Malwarebytes
[25/12/2008|02:09] C:\ProgramData\Menu D‚marrer
[11/07/2009|14:50] C:\ProgramData\Messenger Plus!
[22/05/2009|16:50] C:\ProgramData\Microsoft
[27/12/2008|23:51] C:\ProgramData\Microsoft Help
[25/12/2008|02:09] C:\ProgramData\ModŠles
[28/12/2008|20:08] C:\ProgramData\Nero
[22/07/2009|20:53] C:\ProgramData\ntuser.pol
[31/07/2009|11:10] C:\ProgramData\rkfree
[02/11/2006|15:02] C:\ProgramData\Start Menu
[19/01/2009|05:34] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[19/01/2009|17:55] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[22/06/2009|22:58] C:\Program Files\ACD Systems
[28/12/2008|19:32] C:\Program Files\Adobe
[19/01/2009|05:43] C:\Program Files\Alwil Software
[21/01/2009|23:53] C:\Program Files\Apple Software Update
[02/02/2009|04:21] C:\Program Files\Atari
[05/09/2008|15:53] C:\Program Files\ATI
[05/09/2008|15:55] C:\Program Files\ATI Technologies
[07/03/2009|09:47] C:\Program Files\AviSynth 2.5
[21/01/2009|00:44] C:\Program Files\BitTorrent
[28/12/2008|18:24] C:\Program Files\Bonjour
[27/03/2009|19:27] C:\Program Files\CamStudio
[18/06/2009|14:17] C:\Program Files\Common Files
[17/08/2009|11:14] C:\Program Files\DNA
[07/03/2009|09:46] C:\Program Files\eRightSoft
[25/12/2008|02:09] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[28/12/2008|19:41] C:\Program Files\Fisher
[05/09/2008|16:06] C:\Program Files\HDReg
[02/02/2009|04:21] C:\Program Files\InstallShield Installation Information
[05/09/2008|15:57] C:\Program Files\Intel
[29/07/2009|13:42] C:\Program Files\Internet Explorer
[28/12/2008|19:43] C:\Program Files\IrfanView
[28/12/2008|19:51] C:\Program Files\LEGO Software
[28/07/2009|13:51] C:\Program Files\Live-Player
[29/12/2008|22:27] C:\Program Files\Logitech
[11/07/2009|12:58] C:\Program Files\Messenger Plus! Live
[14/03/2009|14:05] C:\Program Files\Microsoft
[19/01/2009|18:57] C:\Program Files\Microsoft Office
[31/07/2009|17:41] C:\Program Files\Microsoft Silverlight
[14/03/2009|14:07] C:\Program Files\Microsoft SQL Server Compact Edition
[14/03/2009|14:09] C:\Program Files\Microsoft Sync Framework
[27/12/2008|23:51] C:\Program Files\Microsoft Works
[06/09/2008|01:24] C:\Program Files\Movie Maker
[17/08/2009|16:20] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[19/01/2009|05:03] C:\Program Files\MSXML 4.0
[28/12/2008|20:07] C:\Program Files\Nero
[28/12/2008|20:10] C:\Program Files\NeroInstall.bak
[05/09/2008|16:01] C:\Program Files\O2Micro Flash Memory Card Driver
[23/01/2009|04:02] C:\Program Files\Packard Bell
[11/07/2009|11:52] C:\Program Files\QuickTime
[18/06/2009|14:17] C:\Program Files\Real
[05/09/2008|16:01] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[07/04/2009|15:16] C:\Program Files\Riva
[31/07/2009|11:10] C:\Program Files\rkfree
[05/09/2008|16:07] C:\Program Files\Seagate
[05/09/2008|15:59] C:\Program Files\Synaptics
[03/02/2009|16:10] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[28/12/2008|19:40] C:\Program Files\VideoLAN
[06/09/2008|01:24] C:\Program Files\Windows Calendar
[06/09/2008|01:24] C:\Program Files\Windows Collaboration
[06/09/2008|01:24] C:\Program Files\Windows Defender
[06/09/2008|01:24] C:\Program Files\Windows Journal
[03/07/2009|14:27] C:\Program Files\Windows Live
[14/03/2009|14:05] C:\Program Files\Windows Live SkyDrive
[16/08/2009|08:42] C:\Program Files\Windows Mail
[16/08/2009|08:42] C:\Program Files\Windows Media Player
[25/12/2008|02:09] C:\Program Files\Windows NT
[06/09/2008|01:24] C:\Program Files\Windows Photo Gallery
[06/09/2008|01:24] C:\Program Files\Windows Sidebar
[12/03/2009|18:36] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[22/06/2009|22:58] C:\Program Files\Common Files\ACD Systems
[26/01/2009|04:03] C:\Program Files\Common Files\Adobe
[28/12/2008|18:31] C:\Program Files\Common Files\Control Panels
[05/09/2008|15:59] C:\Program Files\Common Files\InstallShield
[12/01/2009|03:10] C:\Program Files\Common Files\Logishrd
[12/01/2009|03:10] C:\Program Files\Common Files\Logitech
[05/09/2008|15:53] C:\Program Files\Common Files\Macrovision Shared
[14/03/2009|14:05] C:\Program Files\Common Files\microsoft shared
[28/12/2008|20:09] C:\Program Files\Common Files\Nero
[18/06/2009|14:17] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[07/04/2009|15:16] C:\Program Files\Common Files\SWF Studio
[19/01/2009|05:36] C:\Program Files\Common Files\Symantec Shared
[06/09/2008|01:24] C:\Program Files\Common Files\System
[14/03/2009|14:00] C:\Program Files\Common Files\Windows Live
[19/01/2009|17:58] C:\Program Files\Common Files\WindowsLiveInstaller
[18/06/2009|14:17] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 66 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies\benoit@d2.advertserve[1].txt
C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies\benoit@advertising[1].txt
C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies\benoit@www.adultadvertising[2].txt
C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies\benoit@2xmoinscher[1].txt
C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies\benoit@cc.2xmoinscher[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 16:57:08
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

C:\Program Files\Live-Player
C:\Program Files\Live-Player\AddBrowserSearchEngine.exe
C:\Program Files\Live-Player\ChangeBrowserStartingPage.exe
C:\Program Files\Live-Player\data
C:\Program Files\Live-Player\img
C:\Program Files\Live-Player\live-player.exe
C:\Program Files\Live-Player\live-player.log
C:\Program Files\Live-Player\OpenCongratPage.exe
C:\Program Files\Live-Player\SkinCrafterDll.dll
C:\Program Files\Live-Player\skins
C:\Program Files\Live-Player\sqlite3.dll
C:\Program Files\Live-Player\uninst.exe
C:\Users\Benoit\AppData\Roaming\live-player
C:\Users\Benoit\AppData\Roaming\live-player\liveplayer.s3db
C:\Users\Benoit\AppData\Roaming\live-player\flv.swf
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Live-Player.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Privacy Policy.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Terms and Conditions.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Uninstall.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Website.url

C:\Users\Benoit\AppData\Local\xhqbdu.bat
C:\Users\Benoit\AppData\Local\xhqbdu.dat
C:\Users\Benoit\AppData\Local\xhqbdu.exe
C:\Users\Benoit\AppData\Local\xhqbdu_nav.dat
C:\Users\Benoit\AppData\Local\xhqbdu_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\Benoit\Documents\- Banques\Textures\PhotosTexure\Metal\rusty_cracky_tube-fin[1].jpg
C:\Users\Benoit\Documents\- Bibliotheques\alienegra_crackcutter-back_img_0018-final.jpg
C:\Users\Benoit\Documents\- Bibliotheques\alienegra_crackcutter-front_img_0022-final.jpg
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\Crack-Babies-Normal.ttf
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\Crackhouse.pfb
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\Crackhouse.PFM
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\NEWCRACK.TTF
C:\Users\Benoit\Documents\- Polices\2000 Fonts\FONT\Lots of Dead Crack Babies.TTF
C:\Users\Benoit\Documents\- Polices\2000 True Type Fonts\C\CRACKFIR.TTF
C:\Users\Benoit\Documents\- Polices\2000 True Type Fonts\C\CRACKING.TTF
C:\Users\Benoit\Documents\- Polices\2000 True Type Fonts\C\CRACKLIN.TTF
C:\Users\Benoit\Documents\- Polices\3000 Polices Caracteres Fonts French\C\CRACKFIR.TXT
C:\Users\Benoit\Documents\- Polices\3000 Polices Caracteres Fonts French\C\CRACKING.TTF
C:\Users\Benoit\Documents\- Polices\3000 Polices Caracteres Fonts French\C\CRACKMAN.TTF
C:\Users\Benoit\Documents\- Sons\- Instrumentals\522 RnB & Hip Hop Instrumental Collection\Instrumental - Biggie - 10 Crack Commandments.mp3
C:\Users\Benoit\Downloads\Sega Megadrive emulator + loads of roms\Crack Down (UE) [!].zip


[F:310][D:43]-> C:\Users\Benoit\AppData\Local\Temp
[F:220][D:1]-> C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies
[F:3740][D:12]-> C:\Users\Benoit\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:27][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 17/08/2009|16:58 - Option : [1]

--------------------\\ Fin du rapport a 16:58:50
[ UAC => 1 ]
0
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
17 août 2009 à 17:03
Bien !

~~~~~~~~~~~~~~~> Lop S&D <~~~~~~~~~~~~~~~~~~

- Relancer Lop S&D
- Dans le menu principal, tapez 2 puis validez par entrée.

- Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal.
- Le nettoyage va prendre quelques minutes...
- Une fois l'opération terminée, le rapport de nettoyage s'ouvre.

- Poste ce rapport dans ton prochain message






Et supprime moi tout cela , les cracks sont des nids a infection
--------------------\\ Cracks & Keygens ..

C:\Users\Benoit\Documents\- Banques\Textures\PhotosTexure\Metal\rusty_cracky_tube-fin[1].jpg
C:\Users\Benoit\Documents\- Bibliotheques\alienegra_crackcutter-back_img_0018-final.jpg
C:\Users\Benoit\Documents\- Bibliotheques\alienegra_crackcutter-front_img_0022-final.jpg
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\Crack-Babies-Normal.ttf
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\Crackhouse.pfb
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\Crackhouse.PFM
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\NEWCRACK.TTF
C:\Users\Benoit\Documents\- Polices\2000 Fonts\FONT\Lots of Dead Crack Babies.TTF
C:\Users\Benoit\Documents\- Polices\2000 True Type Fonts\C\CRACKFIR.TTF
C:\Users\Benoit\Documents\- Polices\2000 True Type Fonts\C\CRACKING.TTF
C:\Users\Benoit\Documents\- Polices\2000 True Type Fonts\C\CRACKLIN.TTF
C:\Users\Benoit\Documents\- Polices\3000 Polices Caracteres Fonts French\C\CRACKFIR.TXT
C:\Users\Benoit\Documents\- Polices\3000 Polices Caracteres Fonts French\C\CRACKING.TTF
C:\Users\Benoit\Documents\- Polices\3000 Polices Caracteres Fonts French\C\CRACKMAN.TTF
C:\Users\Benoit\Documents\- Sons\- Instrumentals\522 RnB & Hip Hop Instrumental Collection\Instrumental - Biggie - 10 Crack Commandments.mp3
C:\Users\Benoit\Downloads\Sega Megadrive emulator + loads of roms\Crack Down (UE) [!].zip 


0
faut que je retrouve le dossier craks and keygens, sinon, voici le rapport:



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Benoit ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:220 Go (Free:112 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:115 Go (Free:34 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 17/08/2009|17:06 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies\benoit@d2.advertserve[1].txt
Supprime! - C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies\benoit@advertising[1].txt
Supprime! - C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies\benoit@www.adultadvertising[2].txt
Supprime! - C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies\benoit@2xmoinscher[1].txt
Supprime! - C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies\benoit@cc.2xmoinscher[2].txt
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[11/01/2009|04:08] C:\Users\Benoit\AppData\Local\ACD Systems
[16/01/2009|04:42] C:\Users\Benoit\AppData\Local\Adobe
[28/12/2008|03:48] C:\Users\Benoit\AppData\Local\Ahead
[21/01/2009|23:53] C:\Users\Benoit\AppData\Local\Apple
[25/01/2009|22:40] C:\Users\Benoit\AppData\Local\Apple Computer
[25/12/2008|02:13] C:\Users\Benoit\AppData\Local\Application Data
[28/12/2008|20:21] C:\Users\Benoit\AppData\Local\Apps
[25/12/2008|02:23] C:\Users\Benoit\AppData\Local\ATI
[31/03/2009|13:01] C:\Users\Benoit\AppData\Local\d3d9caps.dat
[01/08/2009|23:08] C:\Users\Benoit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[21/01/2009|00:44] C:\Users\Benoit\AppData\Local\DNA
[28/12/2008|18:37] C:\Users\Benoit\AppData\Local\GDIPFONTCACHEV1.DAT
[25/12/2008|02:23] C:\Users\Benoit\AppData\Local\Google
[25/12/2008|02:13] C:\Users\Benoit\AppData\Local\Historique
[09/08/2009|22:20] C:\Users\Benoit\AppData\Local\IconCache.db
[03/07/2009|10:28] C:\Users\Benoit\AppData\Local\Microsoft
[19/01/2009|04:51] C:\Users\Benoit\AppData\Local\Mozilla
[28/12/2008|00:07] C:\Users\Benoit\AppData\Local\Packard Bell
[17/08/2009|17:06] C:\Users\Benoit\AppData\Local\Temp
[25/12/2008|02:13] C:\Users\Benoit\AppData\Local\Temporary Internet Files
[19/01/2009|18:48] C:\Users\Benoit\AppData\Local\VirtualStore
[17/08/2009|11:14] C:\Users\Benoit\AppData\Local\xhqbdu.bat
[17/08/2009|17:05] C:\Users\Benoit\AppData\Local\xhqbdu.dat
[28/07/2009|13:25] C:\Users\Benoit\AppData\Local\xhqbdu.exe
[15/08/2009|11:16] C:\Users\Benoit\AppData\Local\xhqbdu_nav.dat
[17/08/2009|17:06] C:\Users\Benoit\AppData\Local\xhqbdu_navps.dat

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[17/08/2009 17:05][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{B3C68159-4B95-4CC9-AF77-7C74CF1E8047}.job
[17/08/2009 17:00][--a------] C:\Windows\tasks\Extension de garantie-Benoit.job
[17/08/2009 17:00][--a------] C:\Windows\tasks\Recovery DVD Creator-Benoit.job
[17/08/2009 11:10][--ah-----] C:\Windows\tasks\SA.DAT
[16/08/2009 23:18][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[22/06/2009|22:58] C:\ProgramData\ACD Systems
[05/09/2008|16:31] C:\ProgramData\Acer
[28/12/2008|19:00] C:\ProgramData\Adobe
[28/12/2008|18:49] C:\ProgramData\ALM
[21/01/2009|23:53] C:\ProgramData\Apple
[11/07/2009|11:51] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[05/09/2008|16:03] C:\ProgramData\ATI
[25/12/2008|02:09] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[25/12/2008|02:09] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[28/12/2008|06:54] C:\ProgramData\FLEXnet
[27/12/2008|23:47] C:\ProgramData\Google
[12/01/2009|03:11] C:\ProgramData\LogiShrd
[29/12/2008|22:27] C:\ProgramData\Logitech
[02/02/2009|23:56] C:\ProgramData\Malwarebytes
[25/12/2008|02:09] C:\ProgramData\Menu D‚marrer
[11/07/2009|14:50] C:\ProgramData\Messenger Plus!
[22/05/2009|16:50] C:\ProgramData\Microsoft
[27/12/2008|23:51] C:\ProgramData\Microsoft Help
[25/12/2008|02:09] C:\ProgramData\ModŠles
[28/12/2008|20:08] C:\ProgramData\Nero
[22/07/2009|20:53] C:\ProgramData\ntuser.pol
[31/07/2009|11:10] C:\ProgramData\rkfree
[02/11/2006|15:02] C:\ProgramData\Start Menu
[19/01/2009|05:34] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[19/01/2009|17:55] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[22/06/2009|22:58] C:\Program Files\ACD Systems
[28/12/2008|19:32] C:\Program Files\Adobe
[19/01/2009|05:43] C:\Program Files\Alwil Software
[21/01/2009|23:53] C:\Program Files\Apple Software Update
[02/02/2009|04:21] C:\Program Files\Atari
[05/09/2008|15:53] C:\Program Files\ATI
[05/09/2008|15:55] C:\Program Files\ATI Technologies
[07/03/2009|09:47] C:\Program Files\AviSynth 2.5
[21/01/2009|00:44] C:\Program Files\BitTorrent
[28/12/2008|18:24] C:\Program Files\Bonjour
[27/03/2009|19:27] C:\Program Files\CamStudio
[18/06/2009|14:17] C:\Program Files\Common Files
[17/08/2009|11:14] C:\Program Files\DNA
[07/03/2009|09:46] C:\Program Files\eRightSoft
[25/12/2008|02:09] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[28/12/2008|19:41] C:\Program Files\Fisher
[05/09/2008|16:06] C:\Program Files\HDReg
[02/02/2009|04:21] C:\Program Files\InstallShield Installation Information
[05/09/2008|15:57] C:\Program Files\Intel
[29/07/2009|13:42] C:\Program Files\Internet Explorer
[28/12/2008|19:43] C:\Program Files\IrfanView
[28/12/2008|19:51] C:\Program Files\LEGO Software
[28/07/2009|13:51] C:\Program Files\Live-Player
[29/12/2008|22:27] C:\Program Files\Logitech
[11/07/2009|12:58] C:\Program Files\Messenger Plus! Live
[14/03/2009|14:05] C:\Program Files\Microsoft
[19/01/2009|18:57] C:\Program Files\Microsoft Office
[31/07/2009|17:41] C:\Program Files\Microsoft Silverlight
[14/03/2009|14:07] C:\Program Files\Microsoft SQL Server Compact Edition
[14/03/2009|14:09] C:\Program Files\Microsoft Sync Framework
[27/12/2008|23:51] C:\Program Files\Microsoft Works
[06/09/2008|01:24] C:\Program Files\Movie Maker
[17/08/2009|16:20] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[19/01/2009|05:03] C:\Program Files\MSXML 4.0
[28/12/2008|20:07] C:\Program Files\Nero
[28/12/2008|20:10] C:\Program Files\NeroInstall.bak
[05/09/2008|16:01] C:\Program Files\O2Micro Flash Memory Card Driver
[23/01/2009|04:02] C:\Program Files\Packard Bell
[11/07/2009|11:52] C:\Program Files\QuickTime
[18/06/2009|14:17] C:\Program Files\Real
[05/09/2008|16:01] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[07/04/2009|15:16] C:\Program Files\Riva
[31/07/2009|11:10] C:\Program Files\rkfree
[05/09/2008|16:07] C:\Program Files\Seagate
[05/09/2008|15:59] C:\Program Files\Synaptics
[03/02/2009|16:10] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[28/12/2008|19:40] C:\Program Files\VideoLAN
[06/09/2008|01:24] C:\Program Files\Windows Calendar
[06/09/2008|01:24] C:\Program Files\Windows Collaboration
[06/09/2008|01:24] C:\Program Files\Windows Defender
[06/09/2008|01:24] C:\Program Files\Windows Journal
[03/07/2009|14:27] C:\Program Files\Windows Live
[14/03/2009|14:05] C:\Program Files\Windows Live SkyDrive
[16/08/2009|08:42] C:\Program Files\Windows Mail
[16/08/2009|08:42] C:\Program Files\Windows Media Player
[25/12/2008|02:09] C:\Program Files\Windows NT
[06/09/2008|01:24] C:\Program Files\Windows Photo Gallery
[06/09/2008|01:24] C:\Program Files\Windows Sidebar
[12/03/2009|18:36] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[22/06/2009|22:58] C:\Program Files\Common Files\ACD Systems
[26/01/2009|04:03] C:\Program Files\Common Files\Adobe
[28/12/2008|18:31] C:\Program Files\Common Files\Control Panels
[05/09/2008|15:59] C:\Program Files\Common Files\InstallShield
[12/01/2009|03:10] C:\Program Files\Common Files\Logishrd
[12/01/2009|03:10] C:\Program Files\Common Files\Logitech
[05/09/2008|15:53] C:\Program Files\Common Files\Macrovision Shared
[14/03/2009|14:05] C:\Program Files\Common Files\microsoft shared
[28/12/2008|20:09] C:\Program Files\Common Files\Nero
[18/06/2009|14:17] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[07/04/2009|15:16] C:\Program Files\Common Files\SWF Studio
[19/01/2009|05:36] C:\Program Files\Common Files\Symantec Shared
[06/09/2008|01:24] C:\Program Files\Common Files\System
[14/03/2009|14:00] C:\Program Files\Common Files\Windows Live
[19/01/2009|17:58] C:\Program Files\Common Files\WindowsLiveInstaller
[18/06/2009|14:17] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 66 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 17:06:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

C:\Program Files\Live-Player
C:\Program Files\Live-Player\AddBrowserSearchEngine.exe
C:\Program Files\Live-Player\ChangeBrowserStartingPage.exe
C:\Program Files\Live-Player\data
C:\Program Files\Live-Player\img
C:\Program Files\Live-Player\live-player.exe
C:\Program Files\Live-Player\live-player.log
C:\Program Files\Live-Player\OpenCongratPage.exe
C:\Program Files\Live-Player\SkinCrafterDll.dll
C:\Program Files\Live-Player\skins
C:\Program Files\Live-Player\sqlite3.dll
C:\Program Files\Live-Player\uninst.exe
C:\Users\Benoit\AppData\Roaming\live-player
C:\Users\Benoit\AppData\Roaming\live-player\liveplayer.s3db
C:\Users\Benoit\AppData\Roaming\live-player\flv.swf
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Live-Player.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Privacy Policy.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Terms and Conditions.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Uninstall.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Website.url

C:\Users\Benoit\AppData\Local\xhqbdu.bat
C:\Users\Benoit\AppData\Local\xhqbdu.dat
C:\Users\Benoit\AppData\Local\xhqbdu.exe
C:\Users\Benoit\AppData\Local\xhqbdu_nav.dat
C:\Users\Benoit\AppData\Local\xhqbdu_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\Benoit\Documents\- Banques\Textures\PhotosTexure\Metal\rusty_cracky_tube-fin[1].jpg
C:\Users\Benoit\Documents\- Bibliotheques\alienegra_crackcutter-back_img_0018-final.jpg
C:\Users\Benoit\Documents\- Bibliotheques\alienegra_crackcutter-front_img_0022-final.jpg
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\Crack-Babies-Normal.ttf
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\Crackhouse.pfb
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\Crackhouse.PFM
C:\Users\Benoit\Documents\- Polices\200 commercial-Fonts By Font-Typo By Zorg\NEWCRACK.TTF
C:\Users\Benoit\Documents\- Polices\2000 Fonts\FONT\Lots of Dead Crack Babies.TTF
C:\Users\Benoit\Documents\- Polices\2000 True Type Fonts\C\CRACKFIR.TTF
C:\Users\Benoit\Documents\- Polices\2000 True Type Fonts\C\CRACKING.TTF
C:\Users\Benoit\Documents\- Polices\2000 True Type Fonts\C\CRACKLIN.TTF
C:\Users\Benoit\Documents\- Polices\3000 Polices Caracteres Fonts French\C\CRACKFIR.TXT
C:\Users\Benoit\Documents\- Polices\3000 Polices Caracteres Fonts French\C\CRACKING.TTF
C:\Users\Benoit\Documents\- Polices\3000 Polices Caracteres Fonts French\C\CRACKMAN.TTF
C:\Users\Benoit\Documents\- Sons\- Instrumentals\522 RnB & Hip Hop Instrumental Collection\Instrumental - Biggie - 10 Crack Commandments.mp3
C:\Users\Benoit\Downloads\Sega Megadrive emulator + loads of roms\Crack Down (UE) [!].zip


[F:310][D:43]-> C:\Users\Benoit\AppData\Local\Temp
[F:215][D:1]-> C:\Users\Benoit\AppData\Roaming\MICROS~1\Windows\Cookies
[F:3740][D:12]-> C:\Users\Benoit\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:28][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 17/08/2009|16:58 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 17/08/2009|17:07 - Option : [2]

--------------------\\ Fin du rapport a 17:07:58
[ UAC => 1 ]
0
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
17 août 2009 à 17:15
Tu as désactive l'uac ?
0
oui
0
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
17 août 2009 à 17:25
~~~~~~~~~~~~~~~> OTM <~~~~~~~~~~~~~~~~~~

- Télécharge OTM (de Old_Timer) sur ton Bureau

> http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

- Double-clique sur OTM.exe pour le lancer.

- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

- Copie la liste qui se trouve dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste instructions for item to be moved.


:Processes
explorer.exe

:files
C:\Users\Benoit\AppData\Local\xhqbdu.bat
C:\Users\Benoit\AppData\Local\xhqbdu.dat
C:\Users\Benoit\AppData\Local\xhqbdu.exe
C:\Users\Benoit\AppData\Local\xhqbdu_nav.dat
C:\Users\Benoit\AppData\Local\xhqbdu_navps.dat 
C:\Program Files\rkfree\rkfree.exe

:Commands
[purity]
[emptytemp]
[Reboot]



- Clique sur MoveIt! pour lancer la suppression.

- Le résultat apparaitra dans le cadre Results.

- Clique sur Exit pour fermer.

- Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

? Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
gros Pb, me suis mis sur le pc de ma soeur, OTM, a planté, ecran noir avec seule l'icone de la souris qui marche, plus rien.
0
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
17 août 2009 à 17:44
Redemmarre
0
J'ai la fenetre d'acceuil, ou je peux choisir l'utilisateur, et ensuite ecran noir.
0
ah si ok, ca redemarre
0
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
17 août 2009 à 17:51
Alors ?
0
suis a nouveau sur le bon pc, je relance otm? Ce truc m'a fait une bonne frayeur.
0
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
17 août 2009 à 17:57
Tape plutôt cela

:Processes

:files
C:\Users\Benoit\AppData\Local\xhqbdu.bat
C:\Users\Benoit\AppData\Local\xhqbdu.dat
C:\Users\Benoit\AppData\Local\xhqbdu.exe
C:\Users\Benoit\AppData\Local\xhqbdu_nav.dat
C:\Users\Benoit\AppData\Local\xhqbdu_navps.dat 
C:\Program Files\rkfree\rkfree.exe

:Commands
[purity]
[emptytemp]
[Reboot]

0
Tout s'est bien passé, voici:


All processes killed
========== PROCESSES ==========
========== FILES ==========
File/Folder C:\Users\Benoit\AppData\Local\xhqbdu.bat not found.
File/Folder C:\Users\Benoit\AppData\Local\xhqbdu.dat not found.
File/Folder C:\Users\Benoit\AppData\Local\xhqbdu.exe not found.
File/Folder C:\Users\Benoit\AppData\Local\xhqbdu_nav.dat not found.
File/Folder C:\Users\Benoit\AppData\Local\xhqbdu_navps.dat not found.
File/Folder C:\Program Files\rkfree\rkfree.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Benoit
->Temp folder emptied: 49778640 bytes
->Temporary Internet Files folder emptied: 94460254 bytes
->FireFox cache emptied: 56976834 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 9056 bytes

Total Files Cleaned = 191,90 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08172009_175820

Files moved on Reboot...

Registry entries deleted on Reboot...
0
bonjour moi aussi j'ai le même probleme de fenetres publicitaires qui s ouvrent je suis sur internet explorer 8 merci de vos reponces



____________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:53, on 16/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\user\AppData\Local\oogho.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5TIA154C\hijackthis-2.0.2[1].exe
C:\Users\user\AppData\Local\Temp\hijackthis-2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\Windows\system32\BhoECart.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000313.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [oogho] "c:\users\user\appdata\local\oogho.exe" oogho
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\user\AppData\Local\Temp\cceF31D.html
O8 - Extra context menu item: Ouvrir dans WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O8 - Extra context menu item: traduire la page - C:\Users\user\AppData\Local\Temp\cceF30B.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\user\AppData\Local\Temp\cceF30C.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000313.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000313.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: https://applications-et-logiciels.orange.fr/
O16 - DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} (OrangeInstaller_ModuleIE Control) - http://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
0
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
17 août 2009 à 18:04
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]

Relance OTM

Tape cela

:Processes

:files
C:\Users\Benoit\AppData\Local\xhqbdu.bat
C:\Users\Benoit\AppData\Local\xhqbdu.dat
C:\Users\Benoit\AppData\Local\xhqbdu.exe
C:\Users\Benoit\AppData\Local\xhqbdu_nav.dat
C:\Users\Benoit\AppData\Local\xhqbdu_navps.dat 
C:\Program Files\rkfree\rkfree.exe

:Commands
[purity]
[emptytemp]
[Reboot]



0