[Virus] Help (Résultat Scan HijackThis 1.99)

Pharaoh -
Pharaoh - 3 févr. 2006 à 17:39

Bonjour à la toute la communauté. C'est très simple, l'ordi est infesté de spywares, et IE se noie dans une flopée de pop-ups. Voila le hijackthislog :

Logfile of HijackThis v1.99.1
Scan saved at 14:52:55, on 15/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\msnet32.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: (no name) - {432D8C41-8586-11D8-997D-00C026232EB9} - C:\WINDOWS\2_0_2BrowserHelper2.dll (file missing)
O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll
O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll
O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>
O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge"&

Afficher la suite

A voir également:

[Virus] Help (Résultat Scan HijackThis 1.99)
Hijackthis - Télécharger - Antivirus & Antimalwares
Scan qr code pc - Guide
Resultat foot - Télécharger - Vie quotidienne
Virus mcafee - Accueil - Piratage
Sfc scan - Guide

46 réponses

Réponse 1 / 46

Utilisateur anonyme

coucou

Tu es enormement infecté

telecharge ceci:
2/ Ewido:
http://download.ewido.net/ewido-setup.exe

Installation puis mises à jour.

commencons par ceci:

Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk

* Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.

redemarre ton pc et remet un hijack this

a+

aranjuez31 Messages postés 8069 Statut Contributeur 354

ahah t'as reg
l'est pourri ce mec
devrait mettre une capote pour surfer
et son log pas entier......

Pharaoh

Oué, un vrai masacre ce PC... Euh... j'ai AVG, mais doit pas être bien configuré. En tout cas merci pour l'aide, la communauté est super sympa/active ! Donc, au niveau des symptômes : ça redevient "vivable" après un scan Ewido, Hijack... Toujours quelques Popups... Voila la log, c'est toujours pas nickel nickel :

Logfile of HijackThis v1.99.1
Scan saved at 23:29:15, on 19/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\msnet32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll
O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll (file missing)
O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>
O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mlp] c:\dinst.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepa

Réponse 2 / 46

Utilisateur anonyme

Il ne faut jamais desesperer ni ce moquer, on ne sait jamais qui pourra un jour nous venir en aide !
Et normal que son log ne soit pas entier, il est bloquer, il beug ...

Kristopher Messages postés 3752 Statut Contributeur 106

Salut regis59,

J'espère que tu vas bien, c'est le week-end ;)

Il ne faut jamais désesperer ni ce moquer, on ne sait jamais qui pourra un jour nous venir en aide !
oO quelle belle phrase ;)

Bonne journée

++

ben13010 Messages postés 3369 Statut Contributeur 387

salut a tous

c'est vrai que c'est assez impressionnant comme rapport

je me demande comment le pc peut encore demarrer ...

encore une personne qui ne doit avoir ni av ni firewall ...

Réponse 3 / 46

Utilisateur anonyme

salut Topher
ouai et toi?

Jviens de l inventer a l instant, j aurais pu etre poete 8-)

Réponse 4 / 46

Utilisateur anonyme

salut ben

ouai c est vrai qu on pourrait croire qu il ne demarre plus mais cela cause bcp de lenteurs et des pubs uniquement

et l av:
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

a+

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 46

Kristopher Messages postés 3752 Statut Contributeur 106

Salut les gars ;)

C'est frappant de voir un log comme celui-là, d'autant plus qu'il n'est pas complet... on se demande à quoi pourrait ressembler la suite...
Heureusement que le seul symptôme est :
IE se noie dans une flopée de pop-ups (hormis les ralentissements).

On va essayer de remettre un peu d'ordre dans tout ça ^^

++

Réponse 6 / 46

aranjuez31 Messages postés 8069 Statut Contributeur 354

hello
qui se dévoue ?
étonnant ce bout de log en effet

Réponse 7 / 46

Pharaoh

Up... Dernier log :

Logfile of HijackThis v1.99.1
Scan saved at 17:28:31, on 20/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\msnet32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll
O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll (file missing)
O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>
O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mlp] c:\dinst.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,

Réponse 8 / 46

Utilisateur anonyme

Salut

Dernier log? euh non, pas maintenant...

Tu as passé ewido comme jte le demande?

a+

Réponse 9 / 46

Pharaoh

Ouais, ouais... Fichu ordi... j'vais refaire ça quand même. Une autre solution peut-être ?

Réponse 10 / 46

Utilisateur anonyme

Salut

Commencons comme ceci:

Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

1/

Spybot S&D 1.4 <<nouvelle version.
https://www.safer-networking.org/

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/

Ad-Aware SE 1.06 <<nouvelle version.
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf

3/

-Ccleaner
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

4/

About Buster:
https://www.malwarebytes.com

Clique "Check for updates".
Télécharge les mises à jour
referme le
on l‘utilisera plus tard.

5/

Télécharge lopxp ici:

http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci Moe31 et Balltrap34)

2) dezippe le (clic droit dessus > extraire tout)
et lance lopxp.bat
le bloc note va s'ouvrir, copie et colle le contenu sur le forum (puis continue la procédure)
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
Coche uniquement ce que je t indiques !

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)

O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll

O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)

O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll

O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll (file missing)

O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe

O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}

O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0"
src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>

O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>

O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">

O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>

O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">

O4 - HKLM\..\Run: [ <img border="0"
src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>

O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">

O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>

O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>

O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0"
src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>

O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,

O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,

O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>

O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>

O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">

O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>

O4 - HKLM\..\Run: [mlp] c:\dinst.exe

O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}

O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}

O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>

O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">

O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>

O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>

O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>

O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">

O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>

O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">

O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>

O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>

O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>

O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">

O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>

O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>

O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>

O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>

O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,

O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,

----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Vide tes fichiers temps et temporary internet file:

:: Supprimer les fichiers temporaires ::
vider tout le contenu de ces dossiers.

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

c:\dinst.exe

----------------------------------------------------------------------------
¤ Passe About Buster autant de fois qu’il trouve quelque chose (5/10/

Réponse 11 / 46

Pharaoh

Bonsoir, j'ai suivi la manip' (en gros). Pas de dinst.exe observable et suprimable, même si ewido me le signale au démarage. Signalé aussi : xbtj.dll . Un "msconfig" me donne ca au démarage : NvCpl.dll Voila la log Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 20:08:52, on 22/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\msnet32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winrar301.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = J14258.tjar.com
O17 - HKLM\Software\..\Telephony: DomainName = J14258.tjar.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{69A45A90-0334-45A7-A087-533DE6FF774A}: Domain = J14258.tjar.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = J14258.tjar.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = J14258.tjar.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_13.dll
O21 - SSODL: DdAlOatVslf - {111A18EF-BBB0-B245-FEA4-520E52230F49} - C:\WINDOWS\System32\xbtj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)
O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)

Les choses vont beaucoup mieux, merci encore ! ;-)

Réponse 12 / 46

Utilisateur anonyme

Bonjour,

Méthode à suivre dans l'ordre...

Commence par mettre ton antivirus au demarrage de ton pc
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
---------------------------------------------------------------------------
Déconnecte toi d'internet c'est important

puis vérifie ceci:
demarrer > connection > clic droit sur ta connection > propriétés
gestion de reseau
assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses des serveurs automatiquement"
valide avec ok
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = J14258.tjar.com

O17 - HKLM\Software\..\Telephony: DomainName = J14258.tjar.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{69A45A90-0334-45A7-A087-533DE6FF774A}: Domain = J14258.tjar.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = J14258.tjar.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = J14258.tjar.com

O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_13.dll

O21 - SSODL: DdAlOatVslf - {111A18EF-BBB0-B245-FEA4-520E52230F49} - C:\WINDOWS\System32\xbtj.dll

O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)

O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)

O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Vide tes fichiers temps et temporary internet file:

:: Supprimer les fichiers temporaires ::
vider tout le contenu de ces dossiers.

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

C:\WINDOWS\mswinpad.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\services.exe
C:\WINDOWS\win32ssr.exe

----------------------------------------------------------------------------
¤Arrête ces services :

Clique sur Démarrer->exécuter->tape: services.msc

Double-clique: Service: Word Process

Règle-le sur "Arrêté" et "Désactivé".

Fais de meme avec:
Performance True Type Fonts
Win32Sr
Microsoft Windows HelpFile
----------------------------------------------------------------------------
¤ Passe ewido et sauvegarde le rapport et donne le moi
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Précise tes soucis s’il en reste....

Tiens-moi au courant

A+

Réponse 13 / 46

Pharaoh

Merci pour ta dévotion regis59 ! J'ai pas pu tout faire... Quand j'essaye de déconecter la freebox dans connexions réseau : "erreur désactivant la connexion" (protocole ne prenant pas en charge le plug & play, autre utilisateur, compte système, blablabla...). Le service.msc, et bien, j'ai touché à rien, je peux seulement activer les 4 "trucs" (Word Process, Performance True Type Fonts, Win32sr, MS Windows HelpFile). Même en mode sans échec, je ne peux pas supprimer services.exe (yen avait 2, j'ai supprimé l'autre, "bourrin mode"...) Au démarage, j'ai toujours dinst.exe, des LSA Shell. J'ai pas pu trouver pefont.exe, ni win32.ssr. Voila en gros... Et les deux rapports :

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 23:58:09, 22/01/2006
+ Somme de contrôle: 6F725A65

+ Résultats du scan:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Nettoyer et sauvegarder
C:\WINDOWS\SYSTEM32\axdcfasb.exe -> Backdoor.SdBot.aad : Nettoyer et sauvegarder
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\05CJ47ON\tds[1].exe -> Trojan.Small.ev : Nettoyer et sauvegarder
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WP6VQXY7\rp5[1].exe -> Trojan.Pakes : Nettoyer et sauvegarder
C:\WINDOWS\SYSTEM32\a.exe -> Trojan.Pakes : Nettoyer et sauvegarder
C:\WINDOWS\SYSTEM32\xbtj.dll -> Proxy.Agent.df : Nettoyer et sauvegarder
C:\drupdate.exe -> Downloader.Adload.j : Nettoyer et sauvegarder
C:\Documents and Settings\All Users\Documents\update32.exe -> Trojan.Boxed.t : Nettoyer et sauvegarder
C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@2o7[2].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@wreport.weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@www.smartadserver[2].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Pharaoh.X001530650\Cookies\pharaoh@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0198446.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199458.dll -> Spyware.WindowEnhancer : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199459.sys -> Not-A-Virus.Monitor.Win32.NetMon.a : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199460.dll -> Spyware.iSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199461.dll -> Trojan.Goldid : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199462.dll -> Spyware.iLookup : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199463.exe -> Backdoor.Rbot.aju : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199464.exe -> Spyware.BiSpy : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0199465.dll -> Spyware.iSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP500\A0200495.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201525.exe -> Proxy.Small.dv : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201530.exe -> Proxy.Small.dv : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201534.exe -> Proxy.Small.dv : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201545.exe -> Trojan.Small.ev : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201682.exe -> Proxy.Small.dv : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0201683.EXE -> Trojan.Pakes : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0202679.exe -> Backdoor.Rbot.ann : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0202682.exe -> Trojan.Small.ev : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0202687.exe -> Proxy.Small.dv : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0202688.exe -> Trojan.Pakes : Nettoyer et sauvegarder
C:\System Volume Information\_restore{D8CB6DD0-71E5-45E1-9678-6D52545E617C}\RP501\A0202702.exe -> Proxy.Small.dv : Nettoyer et sauvegarder

::Fin du rapport

Logfile of HijackThis v1.99.1
Scan saved at 00:40:27, on 23/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\msnet32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: DdAlOatVslf - {111A18EF-BBB0-B245-FEA4-520E52230F49} - C:\WINDOWS\System32\xbtj.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)
O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)

Réponse 14 / 46

Utilisateur anonyme

Salut

Il en reste encore pas mal...Avant de s occuper des services, peux tu faire ceci stp

1/HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.

2/Pour les services:

Double clik sur un nom que je t ai donné
Puis type de demarrage, tu peux changer?

a+

Réponse 15 / 46

Pharaoh

Voila pour la uninstall list (j'ai viré qq trucs qui étaient là depuis un bail...), et j'ai capté, et reglé le démarage des services en Désactivé (et Arrêté). Sinon au démarage, toujours ce dinst.exe, un ptit LSA Shell une fois sur deux, un dumpred 0 -u dans le msconfig, et aussi, fait bizare, à l'ouverture de session, si j'attends trop longtemps avant de l'ouvrir, j'ai un message d'erreur d'ouverture de session (0xC00000BB).

Ad-Aware SE Personal
Advanced MP3/WMA Recorder 3.9
AdWare & SpyWare
Archiveur WinRAR
Audacity 1.2.1
AutoNom 2000
AutoREALM Version 2.1
AVG Free Edition
BSPlayer
Bureau Médias de Kazaa 2.0.2
CCleaner (remove only)
C-Dilla Licence Management System
Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
Correctif Windows XP - Article Base de Connaissances 834707
Correctif Windows XP - KB823559
Correctif Windows XP - KB824141
Correctif Windows XP - KB824146
Correctif Windows XP - KB825119
Correctif Windows XP - KB828028
Correctif Windows XP - KB828035
Correctif Windows XP - KB828741
Correctif Windows XP - KB833987
Correctif Windows XP - KB835732
Correctif Windows XP - KB837001
Correctif Windows XP - KB840987
Correctif Windows XP - KB841356
Correctif Windows XP - KB841533
Correctif Windows XP - KB842773
Correctif Windows XP - KB873376
Correctif Windows XP - KB887822
DAEMON Tools
dBpowerAMP Monkeys Audio Codec
dBpowerAMP Musepack Codec
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP Real Audio Codec
dBPowerAMP Real Audio Encoder R3
dBpowerAMP WMA V9 Codec
dBpowerAMP WSP Codec
D-Fend v2
Dungeon And Magic
eMule
Encounter Creator
EvilLyrics
ewido anti-malware
FinePixViewer Ver.4.2
Free - Kit de connexion
FUJIFILM USB Driver
Guitar Pro 4.0.7
HijackThis 1.99.1
HP Scan-to-Web Wizard
ImageMixer VCD2 for FinePix
Kaspersky On-line Scanner
Language pack for Ad-Aware SE
Lecteur Windows Media 10
Lexmark 2200 Series
Logitech ImageStudio
Macromedia Flash Player 8
Macromedia Shockwave Player
MDL ISIS Draw 2.5 Standalone
Micro Application - CV et Lettres de motivation
Microsoft Internet Explorer 6 SP1
Microsoft Office XP Professional avec FrontPage
Microsoft Picture It! Express 2001
MixVibes PRO 5 uninstall
Monkey's Audio
MSN Messenger 7.5
NVIDIA Drivers
Outlook Express Q837009
Package du correctif Windows XP [voir Q329115 pour plus de détails]
Pandora
Power Tab Editor 1.7
QuickTime
Solutions de télécopie Lexmark
Spybot - Search & Destroy 1.4
Utilitaires Sierra
VideoLAN VLC media player 0.8.4a
Winamp (remove only)
Windows Media Format Runtime
Windows SR 2.0
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q321178 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q331953
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833

Réponse 16 / 46

Utilisateur anonyme

re,

remet un hijack this

a+

Réponse 17 / 46

Pharaoh

XD Dsl... Le msnet32.exe me parait suspect, le Kangaroo pourrait être viré aussi je crois, mais rien de dangereux nan ?

Logfile of HijackThis v1.99.1
Scan saved at 19:36:45, on 23/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\msnet32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: DdAlOatVslf - {111A18EF-BBB0-B245-FEA4-520E52230F49} - C:\WINDOWS\System32\xbtj.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Réponse 18 / 46

Utilisateur anonyme

salut

En attendant regis, fais analyser ce fichier ici:
C:\WINDOWS\msnet32.exe
http://www.virustotal.com/xhtml/virustotal_en.html

et poste le rapport.

a+

Réponse 19 / 46

aranjuez31 Messages postés 8069 Statut Contributeur 354

bsr
fixe ttes les 016
ce sera moins long à lire

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

et remets hijac

Réponse 20 / 46

Pharaoh

moe31, voila le rapport Virus Total :

Antivirus Version Update Result
AntiVir 6.33.0.77 01.24.2006 no virus found
Avast 4.6.695.0 01.23.2006 no virus found
AVG 718 01.23.2006 no virus found
Avira 6.33.0.77 01.24.2006 no virus found
BitDefender 7.2 01.24.2006 Backdoor.SDBot.11F59B1D
CAT-QuickHeal 8.00 01.23.2006 (Suspicious) - DNAScan
ClamAV devel-20051123 01.24.2006 no virus found
DrWeb 4.33 01.24.2006 Win32.HLLW.MyBot
eTrust-InoculateIT 23.71.58 01.23.2006 no virus found
eTrust-Vet 12.4.2054 01.24.2006 no virus found
Ewido 3.5 01.24.2006 no virus found
Fortinet 2.54.0.0 01.24.2006 no virus found
F-Prot 3.16c 01.23.2006 no virus found
Ikarus 0.2.59.0 01.24.2006 no virus found
Kaspersky 4.0.2.24 01.24.2006 Backdoor.Win32.SdBot.aad
McAfee 4680 01.23.2006 no virus found
NOD32v2 1.1376 01.23.2006 a variant of IRC/SdBot
Norman 5.70.10 01.23.2006 no virus found
Panda 9.0.0.4 01.23.2006 W32/Sdbot.GDQ.worm
Sophos 4.01.0 01.24.2006 W32/Tilebot-Gen
Symantec 8.0 01.24.2006 no virus found
TheHacker 5.9.2.079 01.23.2006 no virus found
UNA 1.83 01.21.2006 no virus found
VBA32 3.10.5 01.23.2006 no virus found

Sinon aranjuez31, j'vais en virer quelques uns (tous les msn blah-blah déjà...)

[Virus] Help (Résultat Scan HijackThis 1.99)

46 réponses

Votre réponse

Discussions similaires

Newsletters