[Virus] Help (Résultat Scan HijackThis 1.99)

Pharaoh -  
 Pharaoh -
Bonjour à la toute la communauté. C'est très simple, l'ordi est infesté de spywares, et IE se noie dans une flopée de pop-ups. Voila le hijackthislog :

Logfile of HijackThis v1.99.1
Scan saved at 14:52:55, on 15/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\msnet32.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: (no name) - {432D8C41-8586-11D8-997D-00C026232EB9} - C:\WINDOWS\2_0_2BrowserHelper2.dll (file missing)
O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll
O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll
O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>
O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge"&

46 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection par spyware provoque une avalanche de pop-ups et un changement de page d'accueil sous Windows XP et Internet Explorer, documentée par un rapport HijackThis.
Plusieurs réponses recommandent d'utiliser HijackThis pour repérer les entrées indésirables, de rétablir la page d'accueil et les paramètres proxy, puis de supprimer les clés de registre et les BHO suspects.
En cas de doute, la procédure peut nécessiter un nettoyage approfondi via modes sans échec et vérification des fichiers exécutables dans Program Files, avec une sauvegarde préalable.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    coucou

    Tu es enormement infecté

    telecharge ceci:
    2/ Ewido:
    http://download.ewido.net/ewido-setup.exe

    Installation puis mises à jour.

    commencons par ceci:

    Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O1 - Hosts: 127.0.0.0 localhost
    O1 - Hosts: 127.0.0.2 auditmypc.com
    O1 - Hosts: 127.0.0.3 boards.cexx.org
    O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    O1 - Hosts: 127.0.0.5 camtech2000.net
    O1 - Hosts: 127.0.0.6 cexx.org
    O1 - Hosts: 127.0.0.7 computercops.us
    O1 - Hosts: 127.0.0.8 ct7support.com
    O1 - Hosts: 127.0.0.9 doxdesk.com
    O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    O1 - Hosts: 127.0.0.21 kephyr.com
    O1 - Hosts: 127.0.0.22 lavasoft.de
    O1 - Hosts: 127.0.0.23 lavasoftusa.com
    O1 - Hosts: 127.0.0.24 lurkhere.com
    O1 - Hosts: 127.0.0.25 majorgeeks.com
    O1 - Hosts: 127.0.0.26 merijn.org
    O1 - Hosts: 127.0.0.27 mjc1.com
    O1 - Hosts: 127.0.0.28 moosoft.com
    O1 - Hosts: 127.0.0.29 mvps.org
    O1 - Hosts: 127.0.0.30 net-integration.net
    O1 - Hosts: 127.0.0.31 noadware.net
    O1 - Hosts: 127.0.0.32 no-spybot.com
    O1 - Hosts: 127.0.0.33 onlinepcfix.com
    O1 - Hosts: 127.0.0.34 pchell.com
    O1 - Hosts: 127.0.0.35 pestpatrol.com
    O1 - Hosts: 127.0.0.36 safer-networking.org
    O1 - Hosts: 127.0.0.37 secure.spykiller.com
    O1 - Hosts: 127.0.0.38 secureie.com
    O1 - Hosts: 127.0.0.39 security.kolla.de
    O1 - Hosts: 127.0.0.40 spybot.info
    O1 - Hosts: 127.0.0.41 spychecker.com
    O1 - Hosts: 127.0.0.42 spychecker.com
    O1 - Hosts: 127.0.0.43 spycop.com
    O1 - Hosts: 127.0.0.44 spyguard.com
    O1 - Hosts: 127.0.0.45 spykiller.com
    O1 - Hosts: 127.0.0.46 spyware.co.uk
    O1 - Hosts: 127.0.0.47 spyware-cop.com
    O1 - Hosts: 127.0.0.49 spywarenuker.com
    O1 - Hosts: 127.0.0.50 spywareremove.com
    O1 - Hosts: 127.0.0.51 spywareremove.com
    O1 - Hosts: 127.0.0.52 stopzillapro.com
    O1 - Hosts: 127.0.0.53 sunbelt-software.com
    O1 - Hosts: 127.0.0.54 thiefware.com
    O1 - Hosts: 127.0.0.55 tomcoyote.org
    O1 - Hosts: 127.0.0.56 unwantedlinks.com
    O1 - Hosts: 127.0.0.57 webattack.com
    O1 - Hosts: 127.0.0.58 wilders.org
    O1 - Hosts: 127.0.0.59 www.auditmypc.com
    O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    O1 - Hosts: 127.0.0.61 www.cexx.org
    O1 - Hosts: 127.0.0.62 www.computercops.us
    O1 - Hosts: 127.0.0.63 www.ct7support.com
    O1 - Hosts: 127.0.0.64 www.doxdesk.com
    O1 - Hosts: 127.0.0.65 www.eblocs.com
    O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    O1 - Hosts: 127.0.0.69 www.grc.com
    O1 - Hosts: 127.0.0.70 www.grisoft.com
    O1 - Hosts: 127.0.0.71 www.hackfaq.org
    O1 - Hosts: 127.0.0.72 www.hazeleger.net
    O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    O1 - Hosts: 127.0.0.75 www.kephyr.com
    O1 - Hosts: 127.0.0.76 www.lavasoft.de
    O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
    O1 - Hosts: 127.0.0.78 www.lurkhere.com
    O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    O1 - Hosts: 127.0.0.80 www.merijn.org
    O1 - Hosts: 127.0.0.81 www.mjc1.com
    O1 - Hosts: 127.0.0.82 www.moosoft.com
    O1 - Hosts: 127.0.0.83 www.mvps.org
    O1 - Hosts: 127.0.0.84 www.net-integration.net
    O1 - Hosts: 127.0.0.85 www.noadware.net
    O1 - Hosts: 127.0.0.86 www.no-spybot.com
    O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    O1 - Hosts: 127.0.0.88 www.pchell.com
    O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    O1 - Hosts: 127.0.0.90 www.safer-networking.org
    O1 - Hosts: 127.0.0.91 www.secureie.com
    O1 - Hosts: 127.0.0.92 www.security.kolla.de
    O1 - Hosts: 127.0.0.93 www.spybot.info
    O1 - Hosts: 127.0.0.94 www.spychecker.com
    O1 - Hosts: 127.0.0.95 www.spychecker.com
    O1 - Hosts: 127.0.0.96 www.spycop.com
    O1 - Hosts: 127.0.0.97 www.spyguard.com
    O1 - Hosts: 127.0.0.98 www.spykiller.com
    O1 - Hosts: 127.0.0.99 www.spyware.co.uk

    * Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.

    redemarre ton pc et remet un hijack this

    a+
    0
    1. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
       
      ahah t'as reg
      l'est pourri ce mec
      devrait mettre une capote pour surfer
      et son log pas entier......
      0
    2. Pharaoh
       
      Oué, un vrai masacre ce PC... Euh... j'ai AVG, mais doit pas être bien configuré. En tout cas merci pour l'aide, la communauté est super sympa/active ! Donc, au niveau des symptômes : ça redevient "vivable" après un scan Ewido, Hijack... Toujours quelques Popups... Voila la log, c'est toujours pas nickel nickel :

      Logfile of HijackThis v1.99.1
      Scan saved at 23:29:15, on 19/01/2006
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\ewido anti-malware\ewidoguard.exe
      C:\WINDOWS\msnet32.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\services.exe
      C:\WINDOWS\system32\cmd.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
      C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
      R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
      O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
      O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
      O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)
      O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
      O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll
      O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll (file missing)
      O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
      O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
      O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
      O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
      O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
      O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
      O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
      O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
      O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
      O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>
      O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,
      O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,
      O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>
      O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>
      O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">
      O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>
      O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKLM\..\Run: [mlp] c:\dinst.exe
      O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
      O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
      O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
      O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
      O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
      O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
      O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
      O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
      O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
      O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
      O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
      O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
      O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
      O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
      O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
      O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
      O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
      O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
      O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
      O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
      O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepa
      0
  2. Utilisateur anonyme
     
    Il ne faut jamais desesperer ni ce moquer, on ne sait jamais qui pourra un jour nous venir en aide !
    Et normal que son log ne soit pas entier, il est bloquer, il beug ...
    0
    1. Kristopher Messages postés 3752 Statut Contributeur 106
       
      Salut regis59,

      J'espère que tu vas bien, c'est le week-end ;)

      Il ne faut jamais désesperer ni ce moquer, on ne sait jamais qui pourra un jour nous venir en aide !

      oO quelle belle phrase ;)

      Bonne journée

      ++
      0
    2. ben13010 Messages postés 3369 Statut Contributeur 387
       
      salut a tous

      c'est vrai que c'est assez impressionnant comme rapport

      je me demande comment le pc peut encore demarrer ...

      encore une personne qui ne doit avoir ni av ni firewall ...
      0
  3. Utilisateur anonyme
     
    salut Topher
    ouai et toi?

    Jviens de l inventer a l instant, j aurais pu etre poete 8-)
    0
  4. Utilisateur anonyme
     
    salut ben

    ouai c est vrai qu on pourrait croire qu il ne demarre plus mais cela cause bcp de lenteurs et des pubs uniquement

    et l av:
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    a+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Salut les gars ;)

    C'est frappant de voir un log comme celui-là, d'autant plus qu'il n'est pas complet... on se demande à quoi pourrait ressembler la suite...
    Heureusement que le seul symptôme est :
    IE se noie dans une flopée de pop-ups (hormis les ralentissements).

    On va essayer de remettre un peu d'ordre dans tout ça ^^

    ++
    0
  7. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    hello
    qui se dévoue ?
    étonnant ce bout de log en effet
    0
  8. Pharaoh
     
    Up... Dernier log :

    Logfile of HijackThis v1.99.1
    Scan saved at 17:28:31, on 20/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\msnet32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\services.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
    C:\WINDOWS\system32\ftp.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
    O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
    O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
    O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)
    O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
    O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll
    O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll (file missing)
    O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
    O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
    O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
    O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
    O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
    O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
    O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
    O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
    O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
    O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>
    O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,
    O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,
    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>
    O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>
    O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">
    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>
    O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [mlp] c:\dinst.exe
    O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
    O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
    O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
    O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
    O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
    O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
    O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
    O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
    O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
    O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
    O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,
    0
  9. Utilisateur anonyme
     
    Salut

    Dernier log? euh non, pas maintenant...

    Tu as passé ewido comme jte le demande?

    a+
    0
  10. Pharaoh
     
    Ouais, ouais... Fichu ordi... j'vais refaire ça quand même. Une autre solution peut-être ?
    0
  11. Utilisateur anonyme
     
    Salut

    Commencons comme ceci:

    Méthode à suivre dans l'ordre...
    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4 <<nouvelle version.
    https://www.safer-networking.org/

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06 <<nouvelle version.
    https://www.adaware.com/
    -Une aide:
    http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf

    3/

    -Ccleaner
    http://www.filehippo.com/download_ccleaner.html
    Installe le dans un répertoire dédié.

    4/

    About Buster:
    https://www.malwarebytes.com

    Clique "Check for updates".
    Télécharge les mises à jour
    referme le
    on l‘utilisera plus tard.

    5/

    Télécharge lopxp ici:

    http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci Moe31 et Balltrap34)

    2) dezippe le (clic droit dessus > extraire tout)
    et lance lopxp.bat
    le bloc note va s'ouvrir, copie et colle le contenu sur le forum (puis continue la procédure)
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
    Coche uniquement ce que je t indiques !

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

    R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)

    O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll

    O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)

    O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll

    O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll (file missing)

    O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe

    O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}

    O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0"
    src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>

    O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>

    O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">

    O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>

    O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">

    O4 - HKLM\..\Run: [ <img border="0"
    src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>

    O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">

    O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>

    O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>

    O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0"
    src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>

    O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,

    O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,

    O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>

    O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>

    O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">

    O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>

    O4 - HKLM\..\Run: [mlp] c:\dinst.exe

    O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}

    O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}

    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>

    O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">

    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>

    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>

    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>

    O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">

    O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>

    O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">

    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>

    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>

    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>

    O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">

    O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>

    O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>

    O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>

    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>

    O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,

    O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,

    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et temporary internet file:

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Windows\Temp

    :: Le contenu du dossier prefetch ::

    * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

    * Ne pas oublier de vider la corbeille !
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    c:\dinst.exe

    ----------------------------------------------------------------------------
    ¤ Passe About Buster autant de fois qu’il trouve quelque chose (5/10/
    0
  12. Pharaoh
     
    Bonsoir, j'ai suivi la manip' (en gros). Pas de dinst.exe observable et suprimable, même si ewido me le signale au démarage. Signalé aussi : xbtj.dll . Un "msconfig" me donne ca au démarage : NvCpl.dll Voila la log Hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:08:52, on 22/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\msnet32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winrar301.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
    C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
    O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
    O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
    O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
    O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = J14258.tjar.com
    O17 - HKLM\Software\..\Telephony: DomainName = J14258.tjar.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{69A45A90-0334-45A7-A087-533DE6FF774A}: Domain = J14258.tjar.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = J14258.tjar.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = J14258.tjar.com
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_13.dll
    O21 - SSODL: DdAlOatVslf - {111A18EF-BBB0-B245-FEA4-520E52230F49} - C:\WINDOWS\System32\xbtj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)
    O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
    O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
    O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)

    Les choses vont beaucoup mieux, merci encore ! ;-)
    0
  13. Utilisateur anonyme
     
    Bonjour,

    Méthode à suivre dans l'ordre...

    Commence par mettre ton antivirus au demarrage de ton pc
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ---------------------------------------------------------------------------
    Déconnecte toi d'internet c'est important

    puis vérifie ceci:
    demarrer > connection > clic droit sur ta connection > propriétés
    gestion de reseau
    assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses des serveurs automatiquement"
    valide avec ok
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = J14258.tjar.com

    O17 - HKLM\Software\..\Telephony: DomainName = J14258.tjar.com

    O17 - HKLM\System\CCS\Services\Tcpip\..\{69A45A90-0334-45A7-A087-533DE6FF774A}: Domain = J14258.tjar.com

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = J14258.tjar.com

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = J14258.tjar.com

    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_13.dll

    O21 - SSODL: DdAlOatVslf - {111A18EF-BBB0-B245-FEA4-520E52230F49} - C:\WINDOWS\System32\xbtj.dll

    O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)

    O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

    O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)

    O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et temporary internet file:

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Windows\Temp

    :: Le contenu du dossier prefetch ::

    * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

    * Ne pas oublier de vider la corbeille !
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    C:\WINDOWS\mswinpad.exe
    C:\WINDOWS\System32\perfont.exe
    C:\WINDOWS\services.exe
    C:\WINDOWS\win32ssr.exe

    ----------------------------------------------------------------------------
    ¤Arrête ces services :

    Clique sur Démarrer->exécuter->tape: services.msc

    Double-clique: Service: Word Process

    Règle-le sur "Arrêté" et "Désactivé".

    Fais de meme avec:
    Performance True Type Fonts
    Win32Sr
    Microsoft Windows HelpFile
    ----------------------------------------------------------------------------
    ¤ Passe ewido et sauvegarde le rapport et donne le moi
    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+
    0
  14. Pharaoh
     
    Merci pour ta dévotion regis59 ! J'ai pas pu tout faire... Quand j'essaye de déconecter la freebox dans connexions réseau : "erreur désactivant la connexion" (protocole ne prenant pas en charge le plug & play, autre utilisateur, compte système, blablabla...). Le service.msc, et bien, j'ai touché à rien, je peux seulement activer les 4 "trucs" (Word Process, Performance True Type Fonts, Win32sr, MS Windows HelpFile). Même en mode sans échec, je ne peux pas supprimer services.exe (yen avait 2, j'ai supprimé l'autre, "bourrin mode"...) Au démarage, j'ai toujours dinst.exe, des LSA Shell. J'ai pas pu trouver pefont.exe, ni win32.ssr. Voila en gros... Et les deux rapports :

    ---------------------------------------------------------
    ewido anti-malware - Rapport de scan
    ---------------------------------------------------------

    + Créé le: 23:58:09, 22/01/2006
    + Somme de contrôle: 6F725A65

    + Résultats du scan:

    HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Nettoyer et sauvegarder
    C:\WINDOWS\SYSTEM32\axdcfasb.exe -> Backdoor.SdBot.aad : Nettoyer et sauvegarder
    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\05CJ47ON\tds[1].exe -> Trojan.Small.ev : Nettoyer et sauvegarder
    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WP6VQXY7\rp5[1].exe -> Trojan.Pakes : Nettoyer et sauvegarder
    C:\WINDOWS\SYSTEM32\a.exe -> Trojan.Pakes : Nettoyer et sauvegarder
    C:\WINDOWS\SYSTEM32\xbtj.dll -> Proxy.Agent.df : Nettoyer et sauvegarder
    C:\drupdate.exe -> Downloader.Adload.j : Nettoyer et sauvegarder
    C:\Documents and Settings\All Users\Documents\update32.exe -> Trojan.Boxed.t : Nettoyer et sauvegarder
    C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
    C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
    C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
    C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@2o7[2].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
    C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
    C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@wreport.weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
    C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@www.smartadserver[2].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
    C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
    C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0198446.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199458.dll -> Spyware.WindowEnhancer : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199459.sys -> Not-A-Virus.Monitor.Win32.NetMon.a : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199460.dll -> Spyware.iSearch : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199461.dll -> Trojan.Goldid : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199462.dll -> Spyware.iLookup : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199463.exe -> Backdoor.Rbot.aju : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199464.exe -> Spyware.BiSpy : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199465.dll -> Spyware.iSearch : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0200495.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201525.exe -> Proxy.Small.dv : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201530.exe -> Proxy.Small.dv : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201534.exe -> Proxy.Small.dv : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201545.exe -> Trojan.Small.ev : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201682.exe -> Proxy.Small.dv : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201683.EXE -> Trojan.Pakes : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0202679.exe -> Backdoor.Rbot.ann : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0202682.exe -> Trojan.Small.ev : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0202687.exe -> Proxy.Small.dv : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0202688.exe -> Trojan.Pakes : Nettoyer et sauvegarder
    C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0202702.exe -> Proxy.Small.dv : Nettoyer et sauvegarder

    ::Fin du rapport

    Logfile of HijackThis v1.99.1
    Scan saved at 00:40:27, on 23/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\msnet32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\ftp.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
    O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
    O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
    O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
    O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
    O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O21 - SSODL: DdAlOatVslf - {111A18EF-BBB0-B245-FEA4-520E52230F49} - C:\WINDOWS\System32\xbtj.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)
    O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
    O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
    0
  15. Utilisateur anonyme
     
    Salut

    Il en reste encore pas mal...Avant de s occuper des services, peux tu faire ceci stp

    1/HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.

    2/Pour les services:

    Double clik sur un nom que je t ai donné
    Puis type de demarrage, tu peux changer?

    a+
    0
  16. Pharaoh
     
    Voila pour la uninstall list (j'ai viré qq trucs qui étaient là depuis un bail...), et j'ai capté, et reglé le démarage des services en Désactivé (et Arrêté). Sinon au démarage, toujours ce dinst.exe, un ptit LSA Shell une fois sur deux, un dumpred 0 -u dans le msconfig, et aussi, fait bizare, à l'ouverture de session, si j'attends trop longtemps avant de l'ouvrir, j'ai un message d'erreur d'ouverture de session (0xC00000BB).

    Ad-Aware SE Personal
    Advanced MP3/WMA Recorder 3.9
    AdWare & SpyWare
    Archiveur WinRAR
    Audacity 1.2.1
    AutoNom 2000
    AutoREALM Version 2.1
    AVG Free Edition
    BSPlayer
    Bureau Médias de Kazaa 2.0.2
    CCleaner (remove only)
    C-Dilla Licence Management System
    Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
    Correctif Windows XP - Article Base de Connaissances 834707
    Correctif Windows XP - KB823559
    Correctif Windows XP - KB824141
    Correctif Windows XP - KB824146
    Correctif Windows XP - KB825119
    Correctif Windows XP - KB828028
    Correctif Windows XP - KB828035
    Correctif Windows XP - KB828741
    Correctif Windows XP - KB833987
    Correctif Windows XP - KB835732
    Correctif Windows XP - KB837001
    Correctif Windows XP - KB840987
    Correctif Windows XP - KB841356
    Correctif Windows XP - KB841533
    Correctif Windows XP - KB842773
    Correctif Windows XP - KB873376
    Correctif Windows XP - KB887822
    DAEMON Tools
    dBpowerAMP Monkeys Audio Codec
    dBpowerAMP Musepack Codec
    dBpowerAMP Music Converter
    dBpowerAMP Ogg Vorbis Codec
    dBpowerAMP Real Audio Codec
    dBPowerAMP Real Audio Encoder R3
    dBpowerAMP WMA V9 Codec
    dBpowerAMP WSP Codec
    D-Fend v2
    Dungeon And Magic
    eMule
    Encounter Creator
    EvilLyrics
    ewido anti-malware
    FinePixViewer Ver.4.2
    Free - Kit de connexion
    FUJIFILM USB Driver
    Guitar Pro 4.0.7
    HijackThis 1.99.1
    HP Scan-to-Web Wizard
    ImageMixer VCD2 for FinePix
    Kaspersky On-line Scanner
    Language pack for Ad-Aware SE
    Lecteur Windows Media 10
    Lexmark 2200 Series
    Logitech ImageStudio
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    MDL ISIS Draw 2.5 Standalone
    Micro Application - CV et Lettres de motivation
    Microsoft Internet Explorer 6 SP1
    Microsoft Office XP Professional avec FrontPage
    Microsoft Picture It! Express 2001
    MixVibes PRO 5 uninstall
    Monkey's Audio
    MSN Messenger 7.5
    NVIDIA Drivers
    Outlook Express Q837009
    Package du correctif Windows XP [voir Q329115 pour plus de détails]
    Pandora
    Power Tab Editor 1.7
    QuickTime
    Solutions de télécopie Lexmark
    Spybot - Search & Destroy 1.4
    Utilitaires Sierra
    VideoLAN VLC media player 0.8.4a
    Winamp (remove only)
    Windows Media Format Runtime
    Windows SR 2.0
    Windows XP Application Compatibility Update[Q319580]
    Windows XP Hotfix - KB821557
    Windows XP Hotfix - KB823182
    Windows XP Hotfix - KB823980
    Windows XP Hotfix - KB824105
    Windows XP Hotfix (SP1) [See Q309521 for more information]
    Windows XP Hotfix (SP1) [See Q311889 for more information]
    Windows XP Hotfix (SP1) [See Q311967 for more information]
    Windows XP Hotfix (SP1) [See Q313450 for more information]
    Windows XP Hotfix (SP1) [See Q314862 for more information]
    Windows XP Hotfix (SP1) [See Q315000 for more information]
    Windows XP Hotfix (SP1) [See Q315403 for more information]
    Windows XP Hotfix (SP1) [See Q317277 for more information]
    Windows XP Hotfix (SP1) [See Q318138 for more information]
    Windows XP Hotfix (SP1) [See Q321178 for more information]
    Windows XP Hotfix (SP1) [See Q323172 for more information]
    Windows XP Hotfix (SP1) [See Q324096 for more information]
    Windows XP Hotfix (SP1) [See Q324380 for more information]
    Windows XP Hotfix (SP1) [See Q326830 for more information]
    Windows XP Hotfix (SP1) [See Q328940 for more information]
    Windows XP Hotfix (SP1) [See Q329048 for more information]
    Windows XP Hotfix (SP1) [See Q329390 for more information]
    Windows XP Hotfix (SP1) [See Q329441 for more information]
    Windows XP Hotfix (SP1) [See Q329834 for more information]
    Windows XP Hotfix (SP1) Q328310
    Windows XP Hotfix (SP1) Q329170
    Windows XP Hotfix (SP1) Q331953
    Windows XP Hotfix (SP1) Q810577
    Windows XP Hotfix (SP1) Q810833
    0
  17. Pharaoh
     
    XD Dsl... Le msnet32.exe me parait suspect, le Kangaroo pourrait être viré aussi je crois, mais rien de dangereux nan ?

    Logfile of HijackThis v1.99.1
    Scan saved at 19:36:45, on 23/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\msnet32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
    O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
    O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
    O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
    O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
    O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O21 - SSODL: DdAlOatVslf - {111A18EF-BBB0-B245-FEA4-520E52230F49} - C:\WINDOWS\System32\xbtj.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  18. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    bsr
    fixe ttes les 016
    ce sera moins long à lire

    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    et remets hijac
    0
  19. Pharaoh
     
    moe31, voila le rapport Virus Total :

    Antivirus Version Update Result
    AntiVir 6.33.0.77 01.24.2006 no virus found
    Avast 4.6.695.0 01.23.2006 no virus found
    AVG 718 01.23.2006 no virus found
    Avira 6.33.0.77 01.24.2006 no virus found
    BitDefender 7.2 01.24.2006 Backdoor.SDBot.11F59B1D
    CAT-QuickHeal 8.00 01.23.2006 (Suspicious) - DNAScan
    ClamAV devel-20051123 01.24.2006 no virus found
    DrWeb 4.33 01.24.2006 Win32.HLLW.MyBot
    eTrust-InoculateIT 23.71.58 01.23.2006 no virus found
    eTrust-Vet 12.4.2054 01.24.2006 no virus found
    Ewido 3.5 01.24.2006 no virus found
    Fortinet 2.54.0.0 01.24.2006 no virus found
    F-Prot 3.16c 01.23.2006 no virus found
    Ikarus 0.2.59.0 01.24.2006 no virus found
    Kaspersky 4.0.2.24 01.24.2006 Backdoor.Win32.SdBot.aad
    McAfee 4680 01.23.2006 no virus found
    NOD32v2 1.1376 01.23.2006 a variant of IRC/SdBot
    Norman 5.70.10 01.23.2006 no virus found
    Panda 9.0.0.4 01.23.2006 W32/Sdbot.GDQ.worm
    Sophos 4.01.0 01.24.2006 W32/Tilebot-Gen
    Symantec 8.0 01.24.2006 no virus found
    TheHacker 5.9.2.079 01.23.2006 no virus found
    UNA 1.83 01.21.2006 no virus found
    VBA32 3.10.5 01.23.2006 no virus found

    Sinon aranjuez31, j'vais en virer quelques uns (tous les msn blah-blah déjà...)
    0
  • 1
  • 2
  • 3