Pub intempestives
Résolu/Fermé
stefan06
Messages postés
6
Date d'inscription
dimanche 25 février 2007
Statut
Membre
Dernière intervention
25 février 2007
-
25 févr. 2007 à 09:37
chris99 Messages postés 12 Date d'inscription dimanche 3 septembre 2006 Statut Membre Dernière intervention 25 mai 2020 - 25 mars 2008 à 10:10
chris99 Messages postés 12 Date d'inscription dimanche 3 septembre 2006 Statut Membre Dernière intervention 25 mai 2020 - 25 mars 2008 à 10:10
A voir également:
- Pub intempestives
- Youtube sans pub - Accueil - Streaming
- Netflix avec pub avis - Accueil - Streaming
- Bloqueur de pub youtube - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Supprimer pub - Guide
8 réponses
Salut Stéphan06
Ton pc est infecté par lop.com
Télécharge ceci
Double clic sur Lopxp2_Test.exe.
Sur ton bureau un nouveau dossier va apparaitre, Lopxp2_Test.
A l'intérieur, lance le fichier MH3.bat.
Quant il aura fini son job, copie et colle le contenu du fichier lop.txt ici à la suite de ton message.
a+
Ton pc est infecté par lop.com
Télécharge ceci
Double clic sur Lopxp2_Test.exe.
Sur ton bureau un nouveau dossier va apparaitre, Lopxp2_Test.
A l'intérieur, lance le fichier MH3.bat.
Quant il aura fini son job, copie et colle le contenu du fichier lop.txt ici à la suite de ton message.
a+
stefan06
Messages postés
6
Date d'inscription
dimanche 25 février 2007
Statut
Membre
Dernière intervention
25 février 2007
25 févr. 2007 à 10:00
25 févr. 2007 à 10:00
merci zbr
voici le fichier lop txt
a+
Rapport Lopxp fait le 25/02/2007
-------------------------------------------
Exécuté dans C:\Documents and Settings\st‚phane\Bureau\Lopxp2_Test
/!\ Attention /!\
Les résultats de ce rapport sont sujets à interprétations,
Et ne démontrent pas systématiquement des dossiers infectés...
**************************************************
## Handles Internet Explorer suspects en cours
iexplore.exe pid: 1480 390: C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRIMFI~1\POLLCI~1.EXE
iexplore.exe pid: 1240 478: C:\Documents and Settings\All Users\Application Data\GrimFileTickFace\PollExtraBuild
iexplore.exe pid: 2096 C38: C:\Documents and Settings\All Users\Application Data\Google\Toolbar Dictionary\googledict_en2fr.dat
**************************************************
## Recherche prédéterminé dans C:\Program Files
C:\Program Files\BitDownload Présent !
Installé le: 02/02/2007
Recherche des dossiers crées le 02/02/2007 :
- Vérification de la possibilité de désinstaller le sponsor:
- Désinstallateur listé "CiD Help" dans Ajout/Supression de Programmes.
Ou
- Possibilité de désinstallation en invite de commande :
Menu Démarrer >> Exécuter et copier/coller :
C:\DOCUME~1\STPHAN~1\APPLIC~1\GLOBAL~1\dentownssixth.exe -uninstall
Puis valider et suivre la procédure indiqué.
******************************************
## Tâches planifiées cachées
(Panneau de configuration >> Tâches planifiées >> Menu "Avancé" >>Afficher les tâches masquées)
Suspect : C:\WINDOWS\Tasks\A878AF91918B2C1D.job
******************************************
## Répertoires Application Data
C:\Documents and Settings\All Users\Application Data
10/01/2007 15:26 <REP> Adobe
28/11/2005 16:45 <REP> Ahead
02/12/2005 12:46 <REP> Apple Computer
23/01/2006 17:46 <REP> CanonBJ
20/07/2004 00:24 <REP> CyberLink
07/02/2007 22:05 <REP> Google
16/02/2007 09:15 <REP> GrimFileTickFace
06/06/2006 23:49 <REP> Intraaimlovelong
22/01/2006 23:09 <REP> Microsoft
20/07/2004 00:49 <REP> MSN6
14/11/2006 22:56 <REP> MumboJumbo
09/05/2006 16:35 <REP> Oberongames
09/05/2006 15:40 <REP> Sandlot Games
20/07/2004 00:06 <REP> SBSI
01/09/2005 14:46 <REP> Skype
13/12/2004 17:06 <REP> Symantec
20/07/2004 00:16 <REP> Ulead Systems
22/11/2005 18:05 <REP> Windows Genuine Advantage
14/07/2005 21:59 <REP> Zylom
C:\Documents and Settings\jean-yves\Application Data
22/12/2006 10:06 <REP> Adobe
27/01/2007 11:37 <REP> AdobeUM
19/02/2006 15:50 <REP> Apple Computer
17/02/2007 22:23 <REP> Google
22/08/2004 09:38 <REP> Help
20/07/2004 00:02 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
03/02/2006 16:24 <REP> ispnews
22/08/2004 09:57 <REP> Macromedia
03/02/2006 16:28 <REP> Microsoft
13/08/2005 09:53 <REP> Real
C:\Documents and Settings\jean-yves\Local Settings\Application Data
27/01/2007 11:37 <REP> Adobe
17/02/2007 22:21 <REP> Google
22/08/2004 09:38 <REP> Help
05/02/2005 11:22 <REP> Identities
22/10/2006 12:05 <REP> IM
22/12/2006 10:09 <REP> Microsoft
C:\Documents and Settings\Propri‚taire\Application Data
20/07/2004 00:12 <REP> Adobe
20/07/2004 00:02 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
19/07/2004 23:52 <REP> Microsoft
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data
20/07/2004 00:02 <REP> Microsoft
C:\Documents and Settings\st‚phane\Application Data
18/10/2006 23:04 <REP> Adobe
10/01/2007 15:24 <REP> AdobeUM
05/12/2006 21:00 <REP> Ahead
02/12/2005 12:53 <REP> Apple Computer
02/02/2007 17:24 <REP> BitDownload
26/12/2006 17:19 <REP> DivX
05/02/2007 18:05 <REP> FlashFXP
15/05/2006 19:12 <REP> F-Secure
16/02/2007 09:15 <REP> GlobalFive
07/02/2007 22:07 <REP> Google
25/02/2005 00:37 <REP> Help
01/09/2005 15:25 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
01/02/2006 17:28 <REP> ispnews
18/10/2006 23:39 <REP> Leadertech
22/07/2004 15:18 <REP> Macromedia
01/01/2007 07:52 <REP> Microsoft
04/06/2006 12:27 <REP> Mozilla
22/07/2004 01:14 <REP> MSN6
09/11/2006 22:54 <REP> pixelStorm
21/07/2004 16:46 <REP> Real
03/10/2004 11:10 <REP> Shareaza
21/07/2004 00:17 <REP> Symantec
06/12/2006 21:10 <REP> U3
30/09/2004 14:13 <REP> Ulead Systems
12/09/2004 17:58 <REP> VERITAS
30/03/2006 09:34 <REP> vlc
02/12/2004 20:42 <REP> Webroot
01/09/2005 15:25 <REP> Zylom
C:\Documents and Settings\st‚phane\Local Settings\Application Data
18/10/2006 23:17 <REP> Adobe
26/11/2005 13:33 <REP> Ahead
02/12/2005 12:53 <REP> Apple Computer
07/02/2007 22:05 <REP> Google
21/07/2004 00:03 <REP> Help
21/07/2004 15:54 <REP> Identities
28/09/2006 08:36 <REP> IM
26/12/2006 05:34 <REP> Microsoft
04/06/2006 12:27 <REP> Mozilla
20/06/2006 00:21 <REP> WMTools Downloaded Files
******************************************
## Répertoires de Program files
18/10/2006 22:58 <REP> Adobe
22/12/2006 17:53 <REP> Ahead
06/06/2006 23:44 <REP> Alwil Software
10/05/2006 23:49 <REP> AtomixMP3
10/12/2006 15:18 <REP> AUREAS
10/12/2006 15:19 <REP> Aureas7
20/07/2004 00:13 <REP> BackWeb
02/02/2007 17:25 <REP> BitDownload
23/01/2006 17:49 <REP> Canon
28/09/2006 15:09 <REP> CASIO
05/08/2004 13:54 <REP> Common files
19/07/2004 23:56 <REP> ComPlus Applications
20/07/2004 00:24 <REP> CyberLink
20/11/2006 17:44 <REP> DesignPro 2000
20/02/2007 16:36 <REP> DivX
20/11/2006 17:44 <REP> Ensemble clavier et souris sans fil Labtec
22/06/2006 21:18 <REP> ErrorGuard
28/11/2005 16:45 <REP> Fichiers communs
14/02/2007 10:34 <REP> FlashFXP
03/02/2007 12:50 <REP> Free
26/06/2006 14:06 <REP> Fujifilm
04/11/2004 17:49 <REP> FunWebProducts
16/02/2007 09:15 <REP> GlobalFive
07/02/2007 22:05 <REP> Google
14/02/2007 10:57 <REP> Grisoft
20/07/2004 00:18 <REP> HandyBits
23/01/2006 23:46 <REP> Hewlett-Packard
18/11/2006 08:59 <REP> IncrediMail
26/12/2006 17:55 <REP> InterActual
17/02/2007 23:54 <REP> Internet Explorer
28/12/2006 15:57 <REP> K!TV
20/11/2006 17:44 <REP> KODAK
31/07/2004 11:04 <REP> Messager Wanadoo
20/11/2006 17:44 <REP> Messenger
19/07/2004 23:59 <REP> microsoft frontpage
20/07/2004 00:19 <REP> Microsoft Money
02/06/2006 15:18 <REP> Microsoft Office
20/07/2004 00:17 <REP> Microsoft Visual Studio
20/07/2004 00:03 <REP> MouseWare
20/11/2006 17:44 <REP> Movie Maker
07/06/2006 08:02 <REP> Mozilla Firefox
31/07/2004 10:50 <REP> MSN
19/07/2004 23:56 <REP> MSN Gaming Zone
09/08/2006 16:14 <REP> MSN Messenger
20/11/2006 17:44 <REP> NetMeeting
16/12/2006 23:04 <REP> Outlook Express
07/02/2007 15:04 <REP> Panicware
20/11/2006 17:44 <REP> QuickTime
20/07/2004 00:15 <REP> Real
18/01/2005 16:51 <REP> SAGEM
20/07/2004 00:13 <REP> SBApps
19/07/2004 23:56 <REP> Services en ligne
09/01/2007 23:44 <REP> Shareaza
20/11/2006 17:44 <REP> Surfairy
13/12/2004 17:05 <REP> Symantec
05/04/2006 16:46 <REP> VideoLAN
20/07/2004 00:19 <REP> Virtual CD v4 SDK
28/09/2004 14:52 <REP> vtplus
30/03/2006 15:59 <REP> Wanadoo
02/12/2004 20:42 <REP> Webroot
26/12/2006 17:55 <REP> Windows Media Connect 2
17/12/2006 09:29 <REP> Windows Media Player
19/02/2005 12:41 <REP> Windows NT
20/11/2006 17:44 <REP> WinRAR
15/05/2006 19:25 <REP> WinTV
19/07/2004 23:59 <REP> xerox
26/06/2006 22:30 <REP> Xi
28/12/2006 15:57 <REP> XviD
**************************************************
## Recherche dans le registre
# Startup :
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Love long third log REG_SZ C:\Documents and Settings\All Users\Application Data\Intraaimlovelong\Mode okay.exe
Tick Face Burn Amok REG_SZ C:\Documents and Settings\All Users\Application Data\GrimFileTickFace\POLL CITY.exe
* HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
face support REG_SZ C:\DOCUME~1\STPHAN~1\APPLIC~1\GLOBAL~1\dentownssixth.exe
# Clé suspecte:
* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MailMpegDead]
UninstallString REG_SZ C:\DOCUME~1\STPHAN~1\APPLIC~1\GLOBAL~1\dentownssixth.exe -uninstall
# Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.zylom.com REG_BINARY 00000000
dns-look-up.com REG_SZ
www.dns-look-up.com REG_SZ
netsearchsoft.com REG_SZ
www.netsearchsoft.com REG_SZ
* Mozilla Firefox (1 autorisé 2 interdit)
* Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
voici le fichier lop txt
a+
Rapport Lopxp fait le 25/02/2007
-------------------------------------------
Exécuté dans C:\Documents and Settings\st‚phane\Bureau\Lopxp2_Test
/!\ Attention /!\
Les résultats de ce rapport sont sujets à interprétations,
Et ne démontrent pas systématiquement des dossiers infectés...
**************************************************
## Handles Internet Explorer suspects en cours
iexplore.exe pid: 1480 390: C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRIMFI~1\POLLCI~1.EXE
iexplore.exe pid: 1240 478: C:\Documents and Settings\All Users\Application Data\GrimFileTickFace\PollExtraBuild
iexplore.exe pid: 2096 C38: C:\Documents and Settings\All Users\Application Data\Google\Toolbar Dictionary\googledict_en2fr.dat
**************************************************
## Recherche prédéterminé dans C:\Program Files
C:\Program Files\BitDownload Présent !
Installé le: 02/02/2007
Recherche des dossiers crées le 02/02/2007 :
- Vérification de la possibilité de désinstaller le sponsor:
- Désinstallateur listé "CiD Help" dans Ajout/Supression de Programmes.
Ou
- Possibilité de désinstallation en invite de commande :
Menu Démarrer >> Exécuter et copier/coller :
C:\DOCUME~1\STPHAN~1\APPLIC~1\GLOBAL~1\dentownssixth.exe -uninstall
Puis valider et suivre la procédure indiqué.
******************************************
## Tâches planifiées cachées
(Panneau de configuration >> Tâches planifiées >> Menu "Avancé" >>Afficher les tâches masquées)
Suspect : C:\WINDOWS\Tasks\A878AF91918B2C1D.job
******************************************
## Répertoires Application Data
C:\Documents and Settings\All Users\Application Data
10/01/2007 15:26 <REP> Adobe
28/11/2005 16:45 <REP> Ahead
02/12/2005 12:46 <REP> Apple Computer
23/01/2006 17:46 <REP> CanonBJ
20/07/2004 00:24 <REP> CyberLink
07/02/2007 22:05 <REP> Google
16/02/2007 09:15 <REP> GrimFileTickFace
06/06/2006 23:49 <REP> Intraaimlovelong
22/01/2006 23:09 <REP> Microsoft
20/07/2004 00:49 <REP> MSN6
14/11/2006 22:56 <REP> MumboJumbo
09/05/2006 16:35 <REP> Oberongames
09/05/2006 15:40 <REP> Sandlot Games
20/07/2004 00:06 <REP> SBSI
01/09/2005 14:46 <REP> Skype
13/12/2004 17:06 <REP> Symantec
20/07/2004 00:16 <REP> Ulead Systems
22/11/2005 18:05 <REP> Windows Genuine Advantage
14/07/2005 21:59 <REP> Zylom
C:\Documents and Settings\jean-yves\Application Data
22/12/2006 10:06 <REP> Adobe
27/01/2007 11:37 <REP> AdobeUM
19/02/2006 15:50 <REP> Apple Computer
17/02/2007 22:23 <REP> Google
22/08/2004 09:38 <REP> Help
20/07/2004 00:02 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
03/02/2006 16:24 <REP> ispnews
22/08/2004 09:57 <REP> Macromedia
03/02/2006 16:28 <REP> Microsoft
13/08/2005 09:53 <REP> Real
C:\Documents and Settings\jean-yves\Local Settings\Application Data
27/01/2007 11:37 <REP> Adobe
17/02/2007 22:21 <REP> Google
22/08/2004 09:38 <REP> Help
05/02/2005 11:22 <REP> Identities
22/10/2006 12:05 <REP> IM
22/12/2006 10:09 <REP> Microsoft
C:\Documents and Settings\Propri‚taire\Application Data
20/07/2004 00:12 <REP> Adobe
20/07/2004 00:02 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
19/07/2004 23:52 <REP> Microsoft
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data
20/07/2004 00:02 <REP> Microsoft
C:\Documents and Settings\st‚phane\Application Data
18/10/2006 23:04 <REP> Adobe
10/01/2007 15:24 <REP> AdobeUM
05/12/2006 21:00 <REP> Ahead
02/12/2005 12:53 <REP> Apple Computer
02/02/2007 17:24 <REP> BitDownload
26/12/2006 17:19 <REP> DivX
05/02/2007 18:05 <REP> FlashFXP
15/05/2006 19:12 <REP> F-Secure
16/02/2007 09:15 <REP> GlobalFive
07/02/2007 22:07 <REP> Google
25/02/2005 00:37 <REP> Help
01/09/2005 15:25 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
01/02/2006 17:28 <REP> ispnews
18/10/2006 23:39 <REP> Leadertech
22/07/2004 15:18 <REP> Macromedia
01/01/2007 07:52 <REP> Microsoft
04/06/2006 12:27 <REP> Mozilla
22/07/2004 01:14 <REP> MSN6
09/11/2006 22:54 <REP> pixelStorm
21/07/2004 16:46 <REP> Real
03/10/2004 11:10 <REP> Shareaza
21/07/2004 00:17 <REP> Symantec
06/12/2006 21:10 <REP> U3
30/09/2004 14:13 <REP> Ulead Systems
12/09/2004 17:58 <REP> VERITAS
30/03/2006 09:34 <REP> vlc
02/12/2004 20:42 <REP> Webroot
01/09/2005 15:25 <REP> Zylom
C:\Documents and Settings\st‚phane\Local Settings\Application Data
18/10/2006 23:17 <REP> Adobe
26/11/2005 13:33 <REP> Ahead
02/12/2005 12:53 <REP> Apple Computer
07/02/2007 22:05 <REP> Google
21/07/2004 00:03 <REP> Help
21/07/2004 15:54 <REP> Identities
28/09/2006 08:36 <REP> IM
26/12/2006 05:34 <REP> Microsoft
04/06/2006 12:27 <REP> Mozilla
20/06/2006 00:21 <REP> WMTools Downloaded Files
******************************************
## Répertoires de Program files
18/10/2006 22:58 <REP> Adobe
22/12/2006 17:53 <REP> Ahead
06/06/2006 23:44 <REP> Alwil Software
10/05/2006 23:49 <REP> AtomixMP3
10/12/2006 15:18 <REP> AUREAS
10/12/2006 15:19 <REP> Aureas7
20/07/2004 00:13 <REP> BackWeb
02/02/2007 17:25 <REP> BitDownload
23/01/2006 17:49 <REP> Canon
28/09/2006 15:09 <REP> CASIO
05/08/2004 13:54 <REP> Common files
19/07/2004 23:56 <REP> ComPlus Applications
20/07/2004 00:24 <REP> CyberLink
20/11/2006 17:44 <REP> DesignPro 2000
20/02/2007 16:36 <REP> DivX
20/11/2006 17:44 <REP> Ensemble clavier et souris sans fil Labtec
22/06/2006 21:18 <REP> ErrorGuard
28/11/2005 16:45 <REP> Fichiers communs
14/02/2007 10:34 <REP> FlashFXP
03/02/2007 12:50 <REP> Free
26/06/2006 14:06 <REP> Fujifilm
04/11/2004 17:49 <REP> FunWebProducts
16/02/2007 09:15 <REP> GlobalFive
07/02/2007 22:05 <REP> Google
14/02/2007 10:57 <REP> Grisoft
20/07/2004 00:18 <REP> HandyBits
23/01/2006 23:46 <REP> Hewlett-Packard
18/11/2006 08:59 <REP> IncrediMail
26/12/2006 17:55 <REP> InterActual
17/02/2007 23:54 <REP> Internet Explorer
28/12/2006 15:57 <REP> K!TV
20/11/2006 17:44 <REP> KODAK
31/07/2004 11:04 <REP> Messager Wanadoo
20/11/2006 17:44 <REP> Messenger
19/07/2004 23:59 <REP> microsoft frontpage
20/07/2004 00:19 <REP> Microsoft Money
02/06/2006 15:18 <REP> Microsoft Office
20/07/2004 00:17 <REP> Microsoft Visual Studio
20/07/2004 00:03 <REP> MouseWare
20/11/2006 17:44 <REP> Movie Maker
07/06/2006 08:02 <REP> Mozilla Firefox
31/07/2004 10:50 <REP> MSN
19/07/2004 23:56 <REP> MSN Gaming Zone
09/08/2006 16:14 <REP> MSN Messenger
20/11/2006 17:44 <REP> NetMeeting
16/12/2006 23:04 <REP> Outlook Express
07/02/2007 15:04 <REP> Panicware
20/11/2006 17:44 <REP> QuickTime
20/07/2004 00:15 <REP> Real
18/01/2005 16:51 <REP> SAGEM
20/07/2004 00:13 <REP> SBApps
19/07/2004 23:56 <REP> Services en ligne
09/01/2007 23:44 <REP> Shareaza
20/11/2006 17:44 <REP> Surfairy
13/12/2004 17:05 <REP> Symantec
05/04/2006 16:46 <REP> VideoLAN
20/07/2004 00:19 <REP> Virtual CD v4 SDK
28/09/2004 14:52 <REP> vtplus
30/03/2006 15:59 <REP> Wanadoo
02/12/2004 20:42 <REP> Webroot
26/12/2006 17:55 <REP> Windows Media Connect 2
17/12/2006 09:29 <REP> Windows Media Player
19/02/2005 12:41 <REP> Windows NT
20/11/2006 17:44 <REP> WinRAR
15/05/2006 19:25 <REP> WinTV
19/07/2004 23:59 <REP> xerox
26/06/2006 22:30 <REP> Xi
28/12/2006 15:57 <REP> XviD
**************************************************
## Recherche dans le registre
# Startup :
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Love long third log REG_SZ C:\Documents and Settings\All Users\Application Data\Intraaimlovelong\Mode okay.exe
Tick Face Burn Amok REG_SZ C:\Documents and Settings\All Users\Application Data\GrimFileTickFace\POLL CITY.exe
* HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
face support REG_SZ C:\DOCUME~1\STPHAN~1\APPLIC~1\GLOBAL~1\dentownssixth.exe
# Clé suspecte:
* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MailMpegDead]
UninstallString REG_SZ C:\DOCUME~1\STPHAN~1\APPLIC~1\GLOBAL~1\dentownssixth.exe -uninstall
# Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.zylom.com REG_BINARY 00000000
dns-look-up.com REG_SZ
www.dns-look-up.com REG_SZ
netsearchsoft.com REG_SZ
www.netsearchsoft.com REG_SZ
* Mozilla Firefox (1 autorisé 2 interdit)
* Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
Salut Stephan
Si tu n'as pas de nettoyeur de fichiers inutiles comme Ccleaner ou Atf-Cleaner, télécharge en un.
Atf-cleaner fera parfaitement l'affaire, il est totalement gratuit, téléchargeable ici et ne nécessite aucune installation:
http://www.atribune.org/ccount/click.php?id=1
L'aide pour l'utiliser:
http://mickael.barroux.free.fr/securite/tutoatfcleaner.html
ou là
Ensuite:
Lance hijackthis et clic sur [Do a system scan only]
cocher la case au début des lignes suivantes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.hubwqkgthznhagynpyvsyih.us/...
O2 - BHO: (no name) - {D867178D-36F6-9E81-816C-9785ACEF3F46} - C:\DOCUME~1\STPHAN~1\APPLIC~1\SLOWPL~1\Okaypoll.exe (file missing)
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
valider en cliquant sur le bouton [Fix checked]
Ouvre le panneau de configuration et dans ajout/suppression de programme désinstalle:
FunWebProducts
et
CiDhelp
Puis:
Lance ATF-Cleaner, clic sur "Select All" et valide.
Redemarre le pc et reposte un rapport hijackthis+lopxp2
a++
Si tu n'as pas de nettoyeur de fichiers inutiles comme Ccleaner ou Atf-Cleaner, télécharge en un.
Atf-cleaner fera parfaitement l'affaire, il est totalement gratuit, téléchargeable ici et ne nécessite aucune installation:
http://www.atribune.org/ccount/click.php?id=1
L'aide pour l'utiliser:
http://mickael.barroux.free.fr/securite/tutoatfcleaner.html
ou là
Ensuite:
Lance hijackthis et clic sur [Do a system scan only]
cocher la case au début des lignes suivantes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.hubwqkgthznhagynpyvsyih.us/...
O2 - BHO: (no name) - {D867178D-36F6-9E81-816C-9785ACEF3F46} - C:\DOCUME~1\STPHAN~1\APPLIC~1\SLOWPL~1\Okaypoll.exe (file missing)
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
valider en cliquant sur le bouton [Fix checked]
Ouvre le panneau de configuration et dans ajout/suppression de programme désinstalle:
FunWebProducts
et
CiDhelp
Puis:
Lance ATF-Cleaner, clic sur "Select All" et valide.
Redemarre le pc et reposte un rapport hijackthis+lopxp2
a++
stefan06
Messages postés
6
Date d'inscription
dimanche 25 février 2007
Statut
Membre
Dernière intervention
25 février 2007
25 févr. 2007 à 11:12
25 févr. 2007 à 11:12
merci
voici les rapports
a+
Logfile of HijackThis v1.99.1
Scan saved at 10:57:23, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Documents and Settings\stéphane\Mes documents\Mes fichiers reçus\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - C:\Program Files\Surfairy\SurfairyHlp.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [Love long third log] C:\Documents and Settings\All Users\Application Data\Intraaimlovelong\Mode okay.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\System32\mstask.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stefmaf.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2102fc54897b44a95a15/netzip/RdxIE601_fr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/chainz_2/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://hotelforumrome.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/bejeweled2/Oberongamesloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
----------------------
Rapport Lopxp fait le 25/02/2007
-------------------------------------------
Exécuté dans C:\Documents and Settings\st‚phane\Bureau\Lopxp2_Test
/!\ Attention /!\
Les résultats de ce rapport sont sujets à interprétations,
Et ne démontrent pas systématiquement des dossiers infectés...
**************************************************
## Handles Internet Explorer suspects en cours
**************************************************
## Recherche prédéterminé dans C:\Program Files
C:\Program Files\BitDownload Présent !
Installé le: 02/02/2007
Recherche des dossiers crées le 02/02/2007 :
- Vérification de la possibilité de désinstaller le sponsor:
******************************************
## Tâches planifiées cachées
(Panneau de configuration >> Tâches planifiées >> Menu "Avancé" >>Afficher les tâches masquées)
******************************************
## Répertoires Application Data
C:\Documents and Settings\All Users\Application Data
10/01/2007 15:26 <REP> Adobe
28/11/2005 16:45 <REP> Ahead
02/12/2005 12:46 <REP> Apple Computer
23/01/2006 17:46 <REP> CanonBJ
20/07/2004 00:24 <REP> CyberLink
07/02/2007 22:05 <REP> Google
06/06/2006 23:49 <REP> Intraaimlovelong
22/01/2006 23:09 <REP> Microsoft
20/07/2004 00:49 <REP> MSN6
14/11/2006 22:56 <REP> MumboJumbo
09/05/2006 16:35 <REP> Oberongames
09/05/2006 15:40 <REP> Sandlot Games
20/07/2004 00:06 <REP> SBSI
01/09/2005 14:46 <REP> Skype
13/12/2004 17:06 <REP> Symantec
20/07/2004 00:16 <REP> Ulead Systems
22/11/2005 18:05 <REP> Windows Genuine Advantage
14/07/2005 21:59 <REP> Zylom
C:\Documents and Settings\jean-yves\Application Data
22/12/2006 10:06 <REP> Adobe
27/01/2007 11:37 <REP> AdobeUM
19/02/2006 15:50 <REP> Apple Computer
17/02/2007 22:23 <REP> Google
22/08/2004 09:38 <REP> Help
20/07/2004 00:02 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
03/02/2006 16:24 <REP> ispnews
22/08/2004 09:57 <REP> Macromedia
03/02/2006 16:28 <REP> Microsoft
13/08/2005 09:53 <REP> Real
C:\Documents and Settings\jean-yves\Local Settings\Application Data
27/01/2007 11:37 <REP> Adobe
17/02/2007 22:21 <REP> Google
22/08/2004 09:38 <REP> Help
05/02/2005 11:22 <REP> Identities
22/10/2006 12:05 <REP> IM
22/12/2006 10:09 <REP> Microsoft
C:\Documents and Settings\Propri‚taire\Application Data
20/07/2004 00:12 <REP> Adobe
20/07/2004 00:02 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
19/07/2004 23:52 <REP> Microsoft
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data
20/07/2004 00:02 <REP> Microsoft
C:\Documents and Settings\st‚phane\Application Data
18/10/2006 23:04 <REP> Adobe
10/01/2007 15:24 <REP> AdobeUM
05/12/2006 21:00 <REP> Ahead
02/12/2005 12:53 <REP> Apple Computer
02/02/2007 17:24 <REP> BitDownload
26/12/2006 17:19 <REP> DivX
05/02/2007 18:05 <REP> FlashFXP
15/05/2006 19:12 <REP> F-Secure
07/02/2007 22:07 <REP> Google
25/02/2005 00:37 <REP> Help
01/09/2005 15:25 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
01/02/2006 17:28 <REP> ispnews
18/10/2006 23:39 <REP> Leadertech
22/07/2004 15:18 <REP> Macromedia
01/01/2007 07:52 <REP> Microsoft
04/06/2006 12:27 <REP> Mozilla
22/07/2004 01:14 <REP> MSN6
09/11/2006 22:54 <REP> pixelStorm
21/07/2004 16:46 <REP> Real
03/10/2004 11:10 <REP> Shareaza
21/07/2004 00:17 <REP> Symantec
06/12/2006 21:10 <REP> U3
30/09/2004 14:13 <REP> Ulead Systems
12/09/2004 17:58 <REP> VERITAS
30/03/2006 09:34 <REP> vlc
02/12/2004 20:42 <REP> Webroot
01/09/2005 15:25 <REP> Zylom
C:\Documents and Settings\st‚phane\Local Settings\Application Data
18/10/2006 23:17 <REP> Adobe
26/11/2005 13:33 <REP> Ahead
02/12/2005 12:53 <REP> Apple Computer
07/02/2007 22:05 <REP> Google
21/07/2004 00:03 <REP> Help
21/07/2004 15:54 <REP> Identities
28/09/2006 08:36 <REP> IM
26/12/2006 05:34 <REP> Microsoft
04/06/2006 12:27 <REP> Mozilla
20/06/2006 00:21 <REP> WMTools Downloaded Files
******************************************
## Répertoires de Program files
18/10/2006 22:58 <REP> Adobe
22/12/2006 17:53 <REP> Ahead
06/06/2006 23:44 <REP> Alwil Software
10/05/2006 23:49 <REP> AtomixMP3
10/12/2006 15:18 <REP> AUREAS
10/12/2006 15:19 <REP> Aureas7
20/07/2004 00:13 <REP> BackWeb
02/02/2007 17:25 <REP> BitDownload
23/01/2006 17:49 <REP> Canon
28/09/2006 15:09 <REP> CASIO
05/08/2004 13:54 <REP> Common files
19/07/2004 23:56 <REP> ComPlus Applications
20/07/2004 00:24 <REP> CyberLink
20/11/2006 17:44 <REP> DesignPro 2000
20/02/2007 16:36 <REP> DivX
20/11/2006 17:44 <REP> Ensemble clavier et souris sans fil Labtec
22/06/2006 21:18 <REP> ErrorGuard
28/11/2005 16:45 <REP> Fichiers communs
14/02/2007 10:34 <REP> FlashFXP
03/02/2007 12:50 <REP> Free
26/06/2006 14:06 <REP> Fujifilm
07/02/2007 22:05 <REP> Google
14/02/2007 10:57 <REP> Grisoft
20/07/2004 00:18 <REP> HandyBits
23/01/2006 23:46 <REP> Hewlett-Packard
18/11/2006 08:59 <REP> IncrediMail
26/12/2006 17:55 <REP> InterActual
17/02/2007 23:54 <REP> Internet Explorer
28/12/2006 15:57 <REP> K!TV
20/11/2006 17:44 <REP> KODAK
31/07/2004 11:04 <REP> Messager Wanadoo
20/11/2006 17:44 <REP> Messenger
19/07/2004 23:59 <REP> microsoft frontpage
20/07/2004 00:19 <REP> Microsoft Money
02/06/2006 15:18 <REP> Microsoft Office
20/07/2004 00:17 <REP> Microsoft Visual Studio
20/07/2004 00:03 <REP> MouseWare
20/11/2006 17:44 <REP> Movie Maker
07/06/2006 08:02 <REP> Mozilla Firefox
31/07/2004 10:50 <REP> MSN
19/07/2004 23:56 <REP> MSN Gaming Zone
09/08/2006 16:14 <REP> MSN Messenger
20/11/2006 17:44 <REP> NetMeeting
16/12/2006 23:04 <REP> Outlook Express
07/02/2007 15:04 <REP> Panicware
20/11/2006 17:44 <REP> QuickTime
20/07/2004 00:15 <REP> Real
18/01/2005 16:51 <REP> SAGEM
20/07/2004 00:13 <REP> SBApps
19/07/2004 23:56 <REP> Services en ligne
09/01/2007 23:44 <REP> Shareaza
20/11/2006 17:44 <REP> Surfairy
13/12/2004 17:05 <REP> Symantec
05/04/2006 16:46 <REP> VideoLAN
20/07/2004 00:19 <REP> Virtual CD v4 SDK
28/09/2004 14:52 <REP> vtplus
30/03/2006 15:59 <REP> Wanadoo
02/12/2004 20:42 <REP> Webroot
26/12/2006 17:55 <REP> Windows Media Connect 2
17/12/2006 09:29 <REP> Windows Media Player
19/02/2005 12:41 <REP> Windows NT
20/11/2006 17:44 <REP> WinRAR
15/05/2006 19:25 <REP> WinTV
19/07/2004 23:59 <REP> xerox
26/06/2006 22:30 <REP> Xi
28/12/2006 15:57 <REP> XviD
**************************************************
## Recherche dans le registre
# Startup :
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Love long third log REG_SZ C:\Documents and Settings\All Users\Application Data\Intraaimlovelong\Mode okay.exe
# Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.zylom.com REG_BINARY 00000000
* Mozilla Firefox (1 autorisé 2 interdit)
* Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
voici les rapports
a+
Logfile of HijackThis v1.99.1
Scan saved at 10:57:23, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Documents and Settings\stéphane\Mes documents\Mes fichiers reçus\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - C:\Program Files\Surfairy\SurfairyHlp.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [Love long third log] C:\Documents and Settings\All Users\Application Data\Intraaimlovelong\Mode okay.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\System32\mstask.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stefmaf.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2102fc54897b44a95a15/netzip/RdxIE601_fr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/chainz_2/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://hotelforumrome.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/bejeweled2/Oberongamesloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
----------------------
Rapport Lopxp fait le 25/02/2007
-------------------------------------------
Exécuté dans C:\Documents and Settings\st‚phane\Bureau\Lopxp2_Test
/!\ Attention /!\
Les résultats de ce rapport sont sujets à interprétations,
Et ne démontrent pas systématiquement des dossiers infectés...
**************************************************
## Handles Internet Explorer suspects en cours
**************************************************
## Recherche prédéterminé dans C:\Program Files
C:\Program Files\BitDownload Présent !
Installé le: 02/02/2007
Recherche des dossiers crées le 02/02/2007 :
- Vérification de la possibilité de désinstaller le sponsor:
******************************************
## Tâches planifiées cachées
(Panneau de configuration >> Tâches planifiées >> Menu "Avancé" >>Afficher les tâches masquées)
******************************************
## Répertoires Application Data
C:\Documents and Settings\All Users\Application Data
10/01/2007 15:26 <REP> Adobe
28/11/2005 16:45 <REP> Ahead
02/12/2005 12:46 <REP> Apple Computer
23/01/2006 17:46 <REP> CanonBJ
20/07/2004 00:24 <REP> CyberLink
07/02/2007 22:05 <REP> Google
06/06/2006 23:49 <REP> Intraaimlovelong
22/01/2006 23:09 <REP> Microsoft
20/07/2004 00:49 <REP> MSN6
14/11/2006 22:56 <REP> MumboJumbo
09/05/2006 16:35 <REP> Oberongames
09/05/2006 15:40 <REP> Sandlot Games
20/07/2004 00:06 <REP> SBSI
01/09/2005 14:46 <REP> Skype
13/12/2004 17:06 <REP> Symantec
20/07/2004 00:16 <REP> Ulead Systems
22/11/2005 18:05 <REP> Windows Genuine Advantage
14/07/2005 21:59 <REP> Zylom
C:\Documents and Settings\jean-yves\Application Data
22/12/2006 10:06 <REP> Adobe
27/01/2007 11:37 <REP> AdobeUM
19/02/2006 15:50 <REP> Apple Computer
17/02/2007 22:23 <REP> Google
22/08/2004 09:38 <REP> Help
20/07/2004 00:02 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
03/02/2006 16:24 <REP> ispnews
22/08/2004 09:57 <REP> Macromedia
03/02/2006 16:28 <REP> Microsoft
13/08/2005 09:53 <REP> Real
C:\Documents and Settings\jean-yves\Local Settings\Application Data
27/01/2007 11:37 <REP> Adobe
17/02/2007 22:21 <REP> Google
22/08/2004 09:38 <REP> Help
05/02/2005 11:22 <REP> Identities
22/10/2006 12:05 <REP> IM
22/12/2006 10:09 <REP> Microsoft
C:\Documents and Settings\Propri‚taire\Application Data
20/07/2004 00:12 <REP> Adobe
20/07/2004 00:02 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
19/07/2004 23:52 <REP> Microsoft
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data
20/07/2004 00:02 <REP> Microsoft
C:\Documents and Settings\st‚phane\Application Data
18/10/2006 23:04 <REP> Adobe
10/01/2007 15:24 <REP> AdobeUM
05/12/2006 21:00 <REP> Ahead
02/12/2005 12:53 <REP> Apple Computer
02/02/2007 17:24 <REP> BitDownload
26/12/2006 17:19 <REP> DivX
05/02/2007 18:05 <REP> FlashFXP
15/05/2006 19:12 <REP> F-Secure
07/02/2007 22:07 <REP> Google
25/02/2005 00:37 <REP> Help
01/09/2005 15:25 <REP> Identities
20/07/2004 00:12 <REP> InterTrust
01/02/2006 17:28 <REP> ispnews
18/10/2006 23:39 <REP> Leadertech
22/07/2004 15:18 <REP> Macromedia
01/01/2007 07:52 <REP> Microsoft
04/06/2006 12:27 <REP> Mozilla
22/07/2004 01:14 <REP> MSN6
09/11/2006 22:54 <REP> pixelStorm
21/07/2004 16:46 <REP> Real
03/10/2004 11:10 <REP> Shareaza
21/07/2004 00:17 <REP> Symantec
06/12/2006 21:10 <REP> U3
30/09/2004 14:13 <REP> Ulead Systems
12/09/2004 17:58 <REP> VERITAS
30/03/2006 09:34 <REP> vlc
02/12/2004 20:42 <REP> Webroot
01/09/2005 15:25 <REP> Zylom
C:\Documents and Settings\st‚phane\Local Settings\Application Data
18/10/2006 23:17 <REP> Adobe
26/11/2005 13:33 <REP> Ahead
02/12/2005 12:53 <REP> Apple Computer
07/02/2007 22:05 <REP> Google
21/07/2004 00:03 <REP> Help
21/07/2004 15:54 <REP> Identities
28/09/2006 08:36 <REP> IM
26/12/2006 05:34 <REP> Microsoft
04/06/2006 12:27 <REP> Mozilla
20/06/2006 00:21 <REP> WMTools Downloaded Files
******************************************
## Répertoires de Program files
18/10/2006 22:58 <REP> Adobe
22/12/2006 17:53 <REP> Ahead
06/06/2006 23:44 <REP> Alwil Software
10/05/2006 23:49 <REP> AtomixMP3
10/12/2006 15:18 <REP> AUREAS
10/12/2006 15:19 <REP> Aureas7
20/07/2004 00:13 <REP> BackWeb
02/02/2007 17:25 <REP> BitDownload
23/01/2006 17:49 <REP> Canon
28/09/2006 15:09 <REP> CASIO
05/08/2004 13:54 <REP> Common files
19/07/2004 23:56 <REP> ComPlus Applications
20/07/2004 00:24 <REP> CyberLink
20/11/2006 17:44 <REP> DesignPro 2000
20/02/2007 16:36 <REP> DivX
20/11/2006 17:44 <REP> Ensemble clavier et souris sans fil Labtec
22/06/2006 21:18 <REP> ErrorGuard
28/11/2005 16:45 <REP> Fichiers communs
14/02/2007 10:34 <REP> FlashFXP
03/02/2007 12:50 <REP> Free
26/06/2006 14:06 <REP> Fujifilm
07/02/2007 22:05 <REP> Google
14/02/2007 10:57 <REP> Grisoft
20/07/2004 00:18 <REP> HandyBits
23/01/2006 23:46 <REP> Hewlett-Packard
18/11/2006 08:59 <REP> IncrediMail
26/12/2006 17:55 <REP> InterActual
17/02/2007 23:54 <REP> Internet Explorer
28/12/2006 15:57 <REP> K!TV
20/11/2006 17:44 <REP> KODAK
31/07/2004 11:04 <REP> Messager Wanadoo
20/11/2006 17:44 <REP> Messenger
19/07/2004 23:59 <REP> microsoft frontpage
20/07/2004 00:19 <REP> Microsoft Money
02/06/2006 15:18 <REP> Microsoft Office
20/07/2004 00:17 <REP> Microsoft Visual Studio
20/07/2004 00:03 <REP> MouseWare
20/11/2006 17:44 <REP> Movie Maker
07/06/2006 08:02 <REP> Mozilla Firefox
31/07/2004 10:50 <REP> MSN
19/07/2004 23:56 <REP> MSN Gaming Zone
09/08/2006 16:14 <REP> MSN Messenger
20/11/2006 17:44 <REP> NetMeeting
16/12/2006 23:04 <REP> Outlook Express
07/02/2007 15:04 <REP> Panicware
20/11/2006 17:44 <REP> QuickTime
20/07/2004 00:15 <REP> Real
18/01/2005 16:51 <REP> SAGEM
20/07/2004 00:13 <REP> SBApps
19/07/2004 23:56 <REP> Services en ligne
09/01/2007 23:44 <REP> Shareaza
20/11/2006 17:44 <REP> Surfairy
13/12/2004 17:05 <REP> Symantec
05/04/2006 16:46 <REP> VideoLAN
20/07/2004 00:19 <REP> Virtual CD v4 SDK
28/09/2004 14:52 <REP> vtplus
30/03/2006 15:59 <REP> Wanadoo
02/12/2004 20:42 <REP> Webroot
26/12/2006 17:55 <REP> Windows Media Connect 2
17/12/2006 09:29 <REP> Windows Media Player
19/02/2005 12:41 <REP> Windows NT
20/11/2006 17:44 <REP> WinRAR
15/05/2006 19:25 <REP> WinTV
19/07/2004 23:59 <REP> xerox
26/06/2006 22:30 <REP> Xi
28/12/2006 15:57 <REP> XviD
**************************************************
## Recherche dans le registre
# Startup :
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Love long third log REG_SZ C:\Documents and Settings\All Users\Application Data\Intraaimlovelong\Mode okay.exe
# Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.zylom.com REG_BINARY 00000000
* Mozilla Firefox (1 autorisé 2 interdit)
* Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
Excellent.
Maintenant, rends visibles fichier cachés et système:
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extentions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider
/!\ Ne pas oublier une fois le nettoyage terminé de faire l'inverse pour recacher les fichiers.
Pour être sur de savoir sur quel type de fichier tu cliques, je te conseille de laisser visible les extentions des fichiers en laissant la case correspondante décochée.
Recherche et supprime:
C:\Documents and Settings\All Users\Application Data\Intraaimlovelong <- le dossier
Lance hijackthis et clic sur [Do a system scan only]
cocher la case au début des lignes suivantes:
O4 - HKLM\..\Run: [Love long third log] C:\Documents and Settings\All Users\Application Data\Intraaimlovelong\Mode okay.exe
valider en cliquant sur le bouton [Fix checked]
A y être, je te conseille aussi de désinstaller Surfairy, ce programme préinstallé sur certains Packard bell est considéré comme un spyware et génère quelquefois de sérieux problèmes, notamment pour l'impression de pages web.
Ensuite, reposte un rapport hijackthis
a++
Maintenant, rends visibles fichier cachés et système:
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extentions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider
/!\ Ne pas oublier une fois le nettoyage terminé de faire l'inverse pour recacher les fichiers.
Pour être sur de savoir sur quel type de fichier tu cliques, je te conseille de laisser visible les extentions des fichiers en laissant la case correspondante décochée.
Recherche et supprime:
C:\Documents and Settings\All Users\Application Data\Intraaimlovelong <- le dossier
Lance hijackthis et clic sur [Do a system scan only]
cocher la case au début des lignes suivantes:
O4 - HKLM\..\Run: [Love long third log] C:\Documents and Settings\All Users\Application Data\Intraaimlovelong\Mode okay.exe
valider en cliquant sur le bouton [Fix checked]
A y être, je te conseille aussi de désinstaller Surfairy, ce programme préinstallé sur certains Packard bell est considéré comme un spyware et génère quelquefois de sérieux problèmes, notamment pour l'impression de pages web.
Ensuite, reposte un rapport hijackthis
a++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
stefan06
Messages postés
6
Date d'inscription
dimanche 25 février 2007
Statut
Membre
Dernière intervention
25 février 2007
25 févr. 2007 à 15:03
25 févr. 2007 à 15:03
salut !
voilà le nouveau rapport
merci
a+
Logfile of HijackThis v1.99.1
Scan saved at 14:58:37, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\stéphane\Mes documents\Mes fichiers reçus\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\System32\mstask.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stefmaf.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2102fc54897b44a95a15/netzip/RdxIE601_fr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/chainz_2/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://hotelforumrome.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/bejeweled2/Oberongamesloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
voilà le nouveau rapport
merci
a+
Logfile of HijackThis v1.99.1
Scan saved at 14:58:37, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\stéphane\Mes documents\Mes fichiers reçus\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\System32\mstask.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stefmaf.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2102fc54897b44a95a15/netzip/RdxIE601_fr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/chainz_2/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://hotelforumrome.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/bejeweled2/Oberongamesloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Salut :-)
Le rapport à l'air clean maintenant.
Dernière chose, est-ce que tu peux faire analyser ce fichier ici:
http://www.virustotal.com/xhtml/virustotal_en.html
C:\WINDOWS\System32\mstask.exe
Sur le site, clic sur parcourir et selectionne:
C:\WINDOWS\System32\mstask.exe
et clic sur send.
Le fichier va être analysé par plusieurs av, une fois fini, copie et colle le rapport d'analyse.
Tu peux aussi mettre à jour AVG AntiSpyware et scanner ton pc avec.
Poste aussi le rapport si AVG détecte quelque chose.
a+
Le rapport à l'air clean maintenant.
Dernière chose, est-ce que tu peux faire analyser ce fichier ici:
http://www.virustotal.com/xhtml/virustotal_en.html
C:\WINDOWS\System32\mstask.exe
Sur le site, clic sur parcourir et selectionne:
C:\WINDOWS\System32\mstask.exe
et clic sur send.
Le fichier va être analysé par plusieurs av, une fois fini, copie et colle le rapport d'analyse.
Tu peux aussi mettre à jour AVG AntiSpyware et scanner ton pc avec.
Poste aussi le rapport si AVG détecte quelque chose.
a+
stefan06
Messages postés
6
Date d'inscription
dimanche 25 février 2007
Statut
Membre
Dernière intervention
25 février 2007
25 févr. 2007 à 15:58
25 févr. 2007 à 15:58
merciii
voila le rapport d analyse
a +
Antivirus Version Update Result
AntiVir 7.3.1.38 02.25.2007 no virus found
Authentium 4.93.8 02.25.2007 no virus found
Avast 4.7.936.0 02.23.2007 no virus found
AVG 386 02.24.2007 no virus found
BitDefender 7.2 02.25.2007 no virus found
CAT-QuickHeal 9.00 02.24.2007 no virus found
ClamAV devel-20060426 02.25.2007 no virus found
DrWeb 4.33 02.25.2007 no virus found
eSafe 7.0.14.0 02.23.2007 no virus found
eTrust-Vet 30.4.3424 02.23.2007 no virus found
Ewido 4.0 02.24.2007 no virus found
FileAdvisor 1 02.25.2007 No threat detected
Fortinet 2.85.0.0 02.25.2007 no virus found
F-Prot 4.3.1.45 02.22.2007 no virus found
F-Secure 6.70.13030.0 02.25.2007 no virus found
Ikarus T3.1.0.31 02.25.2007 no virus found
Kaspersky 4.0.2.24 02.25.2007 no virus found
McAfee 4970 02.23.2007 no virus found
Microsoft 1.2204 02.25.2007 no virus found
NOD32v2 2080 02.25.2007 no virus found
Norman 5.80.02 02.23.2007 no virus found
Panda 9.0.0.4 02.25.2007 no virus found
Prevx1 V2 02.25.2007 no virus found
Sophos 4.14.0 02.24.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 02.25.2007 no virus found
TheHacker 6.1.6.064 02.25.2007 no virus found
UNA 1.83 02.23.2007 no virus found
VBA32 3.11.2 02.24.2007 no virus found
VirusBuster 4.3.19:9 02.25.2007 no virus found
Aditional Information
File size: 281600 bytes
MD5: a8081009f0cd81bb1beb601d9c854249
SHA1: 50fad18e2a75e66c312ff39a6e04efdb6e448ec4
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=a8081009f0cd81bb1beb601d9c854249
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Ir a: Inicio Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail i
voila le rapport d analyse
a +
Antivirus Version Update Result
AntiVir 7.3.1.38 02.25.2007 no virus found
Authentium 4.93.8 02.25.2007 no virus found
Avast 4.7.936.0 02.23.2007 no virus found
AVG 386 02.24.2007 no virus found
BitDefender 7.2 02.25.2007 no virus found
CAT-QuickHeal 9.00 02.24.2007 no virus found
ClamAV devel-20060426 02.25.2007 no virus found
DrWeb 4.33 02.25.2007 no virus found
eSafe 7.0.14.0 02.23.2007 no virus found
eTrust-Vet 30.4.3424 02.23.2007 no virus found
Ewido 4.0 02.24.2007 no virus found
FileAdvisor 1 02.25.2007 No threat detected
Fortinet 2.85.0.0 02.25.2007 no virus found
F-Prot 4.3.1.45 02.22.2007 no virus found
F-Secure 6.70.13030.0 02.25.2007 no virus found
Ikarus T3.1.0.31 02.25.2007 no virus found
Kaspersky 4.0.2.24 02.25.2007 no virus found
McAfee 4970 02.23.2007 no virus found
Microsoft 1.2204 02.25.2007 no virus found
NOD32v2 2080 02.25.2007 no virus found
Norman 5.80.02 02.23.2007 no virus found
Panda 9.0.0.4 02.25.2007 no virus found
Prevx1 V2 02.25.2007 no virus found
Sophos 4.14.0 02.24.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 02.25.2007 no virus found
TheHacker 6.1.6.064 02.25.2007 no virus found
UNA 1.83 02.23.2007 no virus found
VBA32 3.11.2 02.24.2007 no virus found
VirusBuster 4.3.19:9 02.25.2007 no virus found
Aditional Information
File size: 281600 bytes
MD5: a8081009f0cd81bb1beb601d9c854249
SHA1: 50fad18e2a75e66c312ff39a6e04efdb6e448ec4
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=a8081009f0cd81bb1beb601d9c854249
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Ir a: Inicio Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail i
Ok, le fichier est clean.
Perso je ne vois plus rien d'infectieux à moins qu'AVG ne prétende le contraire :-)
Et de ton côté toujours des pubs ?
a++
Perso je ne vois plus rien d'infectieux à moins qu'AVG ne prétende le contraire :-)
Et de ton côté toujours des pubs ?
a++
stefan06
Messages postés
6
Date d'inscription
dimanche 25 février 2007
Statut
Membre
Dernière intervention
25 février 2007
25 févr. 2007 à 16:38
25 févr. 2007 à 16:38
super !!!
merci pour tout ...je n'ai plus de pubs tout est ok ;o)
avast scanne pour le moment ...
merci encore...
stef06
merci pour tout ...je n'ai plus de pubs tout est ok ;o)
avast scanne pour le moment ...
merci encore...
stef06
De rien :-)
a+
a+
chris99
Messages postés
12
Date d'inscription
dimanche 3 septembre 2006
Statut
Membre
Dernière intervention
25 mai 2020
25 mars 2008 à 10:10
25 mars 2008 à 10:10
oups pardon je me suis trompé de post
:/
:/