Sujet Précédent Sujet Suivant

[Virus] Help (Résultat Scan HijackThis 1.99)

Pharaoh -  
 Pharaoh -
Bonjour à la toute la communauté. C'est très simple, l'ordi est infesté de spywares, et IE se noie dans une flopée de pop-ups. Voila le hijackthislog :

Logfile of HijackThis v1.99.1
Scan saved at 14:52:55, on 15/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\msnet32.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: (no name) - {432D8C41-8586-11D8-997D-00C026232EB9} - C:\WINDOWS\2_0_2BrowserHelper2.dll (file missing)
O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll
O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll
O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>
O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge"&
A voir également:

46 réponses

Précédent
Réponse 41 / 46
Utilisateur anonyme
 
Salut pharaoh

Reposte un rapport de lopxp pour voir.
Sinon, je vois plus rien de suspect dans ton hijack.

Tu as refais un scan av pour vérifier ?

a+
0
Réponse 42 / 46
Pharaoh
 
Ouais les scan AV donnent rien de méchant (ewido expiré), le lopxp par contre...

Rapport fait à 19:44:39,88 le 02/02/2006

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Default User\Application Data

21/08/2002 12:03 62 desktop.ini
21/08/2002 12:03 <REP> Microsoft
21/08/2002 12:03 <REP> ..
21/08/2002 12:03 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 1818181632 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\All Users\Application Data

05/05/2005 12:14 <REP> InstallShield
12/11/2004 19:54 <REP> AVG7
12/11/2004 19:53 <REP> Grisoft
02/06/2004 19:45 <REP> FaxCtr
05/05/2004 20:11 <REP> Spybot - Search & Destroy
14/12/2003 17:24 <REP> QuickTime
01/12/2003 21:26 <REP> nView_Profiles
21/08/2002 12:24 <REP> SYMANTEC
21/08/2002 12:03 62 desktop.ini
21/08/2002 12:03 <REP> Microsoft
21/08/2002 12:03 <REP> .
21/08/2002 12:03 <REP> ..
1 fichier(s) 62 octets
11 R‚p(s) 1818181632 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Pharaoh\Application Data

21/08/2002 12:24 <REP> Microsoft
21/08/2002 12:24 <REP> ..
21/08/2002 12:24 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 1818181632 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Papa\Application Data

16/01/2005 01:24 <REP> FUJIFILM
21/12/2004 11:15 <REP> Ahead
12/11/2004 23:31 <REP> AVG7
08/08/2004 11:20 <REP> FaxCtr
17/04/2004 10:50 <REP> Macromedia
30/07/2003 23:59 <REP> Real
28/01/2003 16:35 <REP> Help
24/08/2002 12:08 <REP> Identities
24/08/2002 12:08 62 desktop.ini
24/08/2002 12:08 <REP> ..
24/08/2002 12:08 <REP> .
24/08/2002 12:08 <REP> Microsoft
1 fichier(s) 62 octets
11 R‚p(s) 1818181632 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Invit‚\Application Data

21/09/2002 14:57 <REP> Identities
21/09/2002 14:57 62 desktop.ini
21/09/2002 14:57 <REP> Microsoft
21/09/2002 14:57 <REP> ..
21/09/2002 14:57 <REP> .
1 fichier(s) 62 octets
4 R‚p(s) 1818181632 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Pharaoh.X001530650\Application Data

22/01/2006 19:28 <REP> Lavasoft
16/12/2005 22:09 <REP> vlc
30/04/2005 14:30 <REP> Verbatim Software
12/11/2004 19:54 <REP> AVG7
30/07/2004 10:19 <REP> NeroVision
03/06/2004 12:34 <REP> FaxCtr
03/02/2004 20:43 <REP> Ahead
02/11/2003 17:15 <REP> Macromedia
29/07/2003 14:44 <REP> InstallShield Installation Information
27/07/2003 23:14 <REP> Real
07/12/2002 23:41 <REP> Help
02/11/2002 22:36 <REP> Identities
02/11/2002 22:35 62 desktop.ini
02/11/2002 22:35 <REP> ..
02/11/2002 22:35 <REP> .
02/11/2002 22:35 <REP> Microsoft
1 fichier(s) 62 octets
15 R‚p(s) 1818181632 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Ang‚lique\Application Data

30/12/2005 16:10 150888 GDIPFONTCACHEV1.DAT
22/12/2005 12:06 <REP> vlc
21/11/2004 09:34 <REP> AVG7
15/07/2004 11:54 <REP> FaxCtr
05/06/2004 10:25 <REP> Macromedia
14/09/2003 12:48 <REP> Help
13/09/2003 00:17 <REP> Real
23/12/2002 10:14 <REP> Identities
23/12/2002 10:14 62 desktop.ini
23/12/2002 10:14 <REP> Microsoft
23/12/2002 10:14 <REP> .
23/12/2002 10:14 <REP> ..
2 fichier(s) 150950 octets
10 R‚p(s) 1818181632 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\WINDOWS\TASKS

09/01/2006 19:59 278 A445D68591BA5135.job
09/01/2006 01:00 274 95BC814E93AB5392.job
01/06/2004 18:49 6 SA.DAT
21/08/2002 12:53 258 Rappel d'expiration de la d‚sinstallation.job
09/04/2002 20:50 384 Planificateur pour la collecte de donn‚es PCHealth.job
18/03/2002 18:26 414 Symantec NetDetect.job
01/01/1980 00:00 65 DESKTOP.INI
01/01/1980 00:00 <REP> ..
01/01/1980 00:00 <REP> .
01/01/1980 00:00 502 D‚marrage du programme de r‚glages.job
8 fichier(s) 2ÿ181 octets
2 R‚p(s) 1ÿ818ÿ181ÿ632 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************
0
Réponse 43 / 46
Utilisateur anonyme
 
Les deux taches planifiées sont toujours là apparement.
Essaye de les supprimer avec Chaoshredder:
http://www.safechaos.com/download/cs-fr.exe
et supprime les fichiers infectés comme ceci:
http://pageperso.aol.fr/balltrap34/demochaos.htm

C:\WINDOWS\TASKS\A445D68591BA5135.job
C:\WINDOWS\TASKS\95BC814E93AB5392.job

Ensuite reposte un lopxp

a+
0
Réponse 44 / 46
Pharaoh
 
Les deux .job sont supprimés, et un scan AVG donne rien... j'lance un Kaspersky online, mais jcrois que cette fois-ci c'est la bonne !

Rapport fait à 21:18:27,53 le 02/02/2006

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Default User\Application Data

21/08/2002 12:03 62 desktop.ini
21/08/2002 12:03 <REP> Microsoft
21/08/2002 12:03 <REP> ..
21/08/2002 12:03 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 1782284288 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\All Users\Application Data

05/05/2005 12:14 <REP> InstallShield
12/11/2004 19:54 <REP> AVG7
12/11/2004 19:53 <REP> Grisoft
02/06/2004 19:45 <REP> FaxCtr
05/05/2004 20:11 <REP> Spybot - Search & Destroy
14/12/2003 17:24 <REP> QuickTime
01/12/2003 21:26 <REP> nView_Profiles
21/08/2002 12:24 <REP> SYMANTEC
21/08/2002 12:03 62 desktop.ini
21/08/2002 12:03 <REP> Microsoft
21/08/2002 12:03 <REP> .
21/08/2002 12:03 <REP> ..
1 fichier(s) 62 octets
11 R‚p(s) 1782284288 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Pharaoh\Application Data

21/08/2002 12:24 <REP> Microsoft
21/08/2002 12:24 <REP> ..
21/08/2002 12:24 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 1782284288 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Papa\Application Data

16/01/2005 01:24 <REP> FUJIFILM
21/12/2004 11:15 <REP> Ahead
12/11/2004 23:31 <REP> AVG7
08/08/2004 11:20 <REP> FaxCtr
17/04/2004 10:50 <REP> Macromedia
30/07/2003 23:59 <REP> Real
28/01/2003 16:35 <REP> Help
24/08/2002 12:08 <REP> Identities
24/08/2002 12:08 62 desktop.ini
24/08/2002 12:08 <REP> ..
24/08/2002 12:08 <REP> .
24/08/2002 12:08 <REP> Microsoft
1 fichier(s) 62 octets
11 R‚p(s) 1782284288 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Invit‚\Application Data

21/09/2002 14:57 <REP> Identities
21/09/2002 14:57 62 desktop.ini
21/09/2002 14:57 <REP> Microsoft
21/09/2002 14:57 <REP> ..
21/09/2002 14:57 <REP> .
1 fichier(s) 62 octets
4 R‚p(s) 1782284288 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Pharaoh.X001530650\Application Data

22/01/2006 19:28 <REP> Lavasoft
16/12/2005 22:09 <REP> vlc
30/04/2005 14:30 <REP> Verbatim Software
12/11/2004 19:54 <REP> AVG7
30/07/2004 10:19 <REP> NeroVision
03/06/2004 12:34 <REP> FaxCtr
03/02/2004 20:43 <REP> Ahead
02/11/2003 17:15 <REP> Macromedia
29/07/2003 14:44 <REP> InstallShield Installation Information
27/07/2003 23:14 <REP> Real
07/12/2002 23:41 <REP> Help
02/11/2002 22:36 <REP> Identities
02/11/2002 22:35 62 desktop.ini
02/11/2002 22:35 <REP> ..
02/11/2002 22:35 <REP> .
02/11/2002 22:35 <REP> Microsoft
1 fichier(s) 62 octets
15 R‚p(s) 1782284288 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\Documents and Settings\Ang‚lique\Application Data

30/12/2005 16:10 150888 GDIPFONTCACHEV1.DAT
22/12/2005 12:06 <REP> vlc
21/11/2004 09:34 <REP> AVG7
15/07/2004 11:54 <REP> FaxCtr
05/06/2004 10:25 <REP> Macromedia
14/09/2003 12:48 <REP> Help
13/09/2003 00:17 <REP> Real
23/12/2002 10:14 <REP> Identities
23/12/2002 10:14 62 desktop.ini
23/12/2002 10:14 <REP> Microsoft
23/12/2002 10:14 <REP> .
23/12/2002 10:14 <REP> ..
2 fichier(s) 150950 octets
10 R‚p(s) 1782284288 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE

R‚pertoire de C:\WINDOWS\TASKS

01/06/2004 18:49 6 SA.DAT
21/08/2002 12:53 258 Rappel d'expiration de la d‚sinstallation.job
09/04/2002 20:50 384 Planificateur pour la collecte de donn‚es PCHealth.job
18/03/2002 18:26 414 Symantec NetDetect.job
01/01/1980 00:00 502 D‚marrage du programme de r‚glages.job
01/01/1980 00:00 65 DESKTOP.INI
01/01/1980 00:00 <REP> ..
01/01/1980 00:00 <REP> .
6 fichier(s) 1ÿ629 octets
2 R‚p(s) 1ÿ782ÿ284ÿ288 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 46
aranjuez31 Messages postés 8069 Statut Contributeur 354
 
bsr Moe & co

atn phara
ewido expiré!
non ! au-delà des 14 jours, seules la fonction résidente & la màj auto ne fonctionnent plus - il te faut te le faire " à la main" comme Spybot ou Ad-aware
0
Réponse 46 / 46
Pharaoh
 
+1 arranjuez !
0

Discussions similaires

télécharger router scan v2.6 ou v3.6
naf_2019 -
brucine -

2 réponses
comment lire des bd gratuitement en ligne sur internet ?
theodu13480 -
Ereka -

2 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Trouver application résultat loterie Azerb Bulgarie Autriche
PoussinRassurant87 -
georges97 -

3 réponses