Sujet Précédent Sujet Suivant

Cid virus

fred 85 Messages postés 21 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
bonsoir j'ai un probleme avec cid qui m'envoie des pubs toutes les minutes
A voir également:

15 réponses

Réponse 1 / 15
fred 85 Messages postés 21 Statut Membre
 
etant debutant je ne voudrais pas faire n'inporte quoi
1
Réponse 2 / 15
fred 85 Messages postés 21 Statut Membre
 
bonsoir je vous envoie le resultat du scan

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Locks Plus Link Memo] C:\Documents and Settings\All Users\Application Data\downloadroadlocksplus\team mp3.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Gram meta] C:\DOCUME~1\PROPRI~1\APPLIC~1\CHINSI~1\PartEnc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Alice ADSL - {FA703267-2411-411F-971F-0E6A6CCF5577} - https://portail.free.fr/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://portail.free.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/sp3.02r/spyspottercabinstall.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0
Réponse 3 / 15
zBr
 
Salut Fred

Télécharge Lopxpv3 ici
Double clic sur Lopxpv3.exe.
Sur ton bureau un nouveau dossier va apparaitre, Lopxpv3.
A l'intérieur, lance le fichier Lopxp.bat.
Choisis l'option 1 Rechercher/générer un rapport
Quant il aura fini son job, copie et colle le contenu du fichier lop.txt ici à la suite de ton message.

a++
0
fred 85 Messages postés 21 Statut Membre
 
salut j'ai bien ouvert le dossier lopxp3 mais je ne trouve pas lopxp.bat
-1
fred 85 Messages postés 21 Statut Membre
 
si excuse moi je viens de l trouver
-1
fred 85 Messages postés 21 Statut Membre
 
Rapport Lopxp fait le 15/03/2007 à 22:51:43,37
------------------------------------------------

Exécuté dans C:\Documents and Settings\Propri‚taire\Bureau\Lopxpv3


/!\ Attention /!\

Les résultats de ce rapport sont sujets à interprétations,
Et ne démontrent pas systématiquement des dossiers infectés...



_________________________________________________________________

## Processus


/!\ Utilisation suspecte par un processus, d'Internet Explorer :

iexplore.exe pid: 4016 308: C:\DOCUME~1\ALLUSE~1\APPLIC~1\DOWNLO~1\TEAMMP~1.EXE


/!\ Utilisation suspecte par un processus, d'Internet Explorer:

iexplore.exe pid: 3468 478: C:\Documents and Settings\All Users\Application Data\downloadroadlocksplus\Log platform axis


_________________________________________________________________

## Recherche prédéterminé dans C:\Program Files




C:\Program Files\Adverts Présent !
C:\Program Files\Adverts
C:\Documents and Settings\All Users\Application Data\downloadroadlocksplus
C:\Documents and Settings\Propri‚taire\Application Data\chin site



[X] C:\Program Files\BitDownload Présent ! Installé le: 26/02/2007

Recherche des dossiers crées le 26/02/2007 :


C:\Program Files\chin site



[X] C:\Program Files\MessengerPlus! 3 Présent ! Installé le: 23/03/2006

Recherche des dossiers crées le 23/03/2006 :




/!\ Sponsor accepté lors de la dernière installation.

Impossibilité de désinstaller le sponsor dans Ajout/Suppression de programme.
Le fichier C:\Program Files\Adverts\uninst.exe est manquant.


_________________________________________________________________

## Tâches planifiées cachées

(Panneau de configuration > Tâches planifiées > Menu "Avancé" > Afficher les tâches masquées)

Suspect : C:\WINDOWS\Tasks\B04E3EFE93F5B2D6.job



_________________________________________________________________

## Détection des paramètres de désinstallation du sponsor P2P:
(BitDownload,BitGrabber,BitRoll,NetPumper,TorrentQ,Torrent101...)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\firsttoolhold]

DisplayName REG_SZ CiD Help
UninstallString REG_SZ C:\DOCUME~1\PROPRI~1\APPLIC~1\CHINSI~1\PartEnc.exe -uninstall

- Label de désinstallation listé "CiD Help" dans Ajout/Supression de Programmes.




_________________________________________________________________

## Listing des dossiers des répertoires Application Data


C:\Documents and Settings\All Users\Application Data

26/01/2007 18:29 <REP> ACD Systems
26/01/2007 18:40 <REP> Adobe
08/09/2006 13:53 <REP> Ahead
29/03/2006 10:05 <REP> Apple Computer
29/07/2006 23:55 <REP> Avg7
28/02/2006 11:37 <REP> Broderbund Software
29/03/2006 10:16 <REP> CyberLink
26/02/2007 21:51 <REP> downloadroadlocksplus
31/01/2007 11:19 <REP> DVD Shrink
16/01/2007 15:48 <REP> Google
23/03/2006 14:17 <REP> Messenger Plus!
10/07/2006 13:23 <REP> Microsoft
30/10/2005 19:50 <REP> MSN6
21/11/2005 00:58 <REP> QuickTime
15/06/2006 17:56 <REP> Real
02/01/2003 05:41 <REP> SBSI
03/08/2006 12:45 <REP> Spybot - Search & Destroy
06/02/2006 17:00 <REP> Symantec
23/06/2006 14:24 <REP> Windows Genuine Advantage
23/08/2006 19:52 <REP> Windows Live Toolbar



C:\Documents and Settings\Default User\Application Data

02/01/2003 06:29 <REP> Adobe
02/01/2003 05:36 <REP> Identities
02/01/2003 06:29 <REP> InterTrust
01/01/2003 17:54 <REP> Microsoft
02/01/2003 06:33 <REP> SampleView
02/01/2003 06:28 <REP> Sonic
02/01/2003 08:27 <REP> Symantec


C:\Documents and Settings\Default User\Local Settings\Application Data

21/04/2006 13:56 <REP> ApplicationHistory
01/01/2003 17:51 <REP> Microsoft



C:\Documents and Settings\LocalService\Application Data

18/02/2007 00:19 <REP> Google
18/02/2007 00:19 <REP> Microsoft


C:\Documents and Settings\LocalService\Local Settings\Application Data

18/02/2007 00:19 <REP> Google
29/07/2006 23:55 <REP> Microsoft



C:\Documents and Settings\NetworkService\Application Data

29/07/2006 23:55 <REP> Microsoft


C:\Documents and Settings\NetworkService\Local Settings\Application Data

29/07/2006 23:55 <REP> Microsoft



C:\Documents and Settings\Propri‚taire\Application Data

26/01/2007 18:33 <REP> ACD Systems
02/03/2006 21:00 <REP> Adobe
31/03/2006 10:21 <REP> AdobeUM
27/10/2006 21:43 <REP> Ahead
29/03/2006 10:10 <REP> Apple Computer
16/11/2005 19:44 <REP> ArcSoft
26/02/2007 21:51 <REP> chin site
12/07/2006 08:36 <REP> CopyToDvd
30/03/2006 19:52 <REP> CyberLink
07/02/2006 15:20 <REP> EFF
03/08/2006 20:49 <REP> Google
31/10/2005 10:56 <REP> Help
12/03/2006 00:29 <REP> Identities
19/06/2006 14:23 <REP> InterTrust
30/10/2005 18:12 <REP> InterVideo
21/11/2005 00:57 <REP> iScreensaver
16/04/2006 16:28 <REP> Leadertech
31/10/2005 10:32 <REP> Macromedia
26/05/2006 21:47 <REP> Media Player Classic
08/11/2006 20:58 <REP> Microsoft
30/08/2006 11:10 <REP> MSN6
18/09/2006 18:56 <REP> PC Tools
15/02/2006 23:22 <REP> PEX
22/06/2006 13:37 <REP> Real
02/01/2003 06:33 <REP> SampleView
23/11/2006 09:49 <REP> SlySoft
02/01/2003 06:28 <REP> Sonic
09/12/2006 13:39 <REP> Sun
02/01/2003 08:27 <REP> Symantec
09/05/2006 12:23 <REP> VERITAS
14/03/2007 21:03 <REP> Vso
11/06/2006 14:45 <REP> WholeSecurity
02/07/2006 21:30 <REP> WinPatrol


C:\Documents and Settings\Propri‚taire\Local Settings\Application Data

11/02/2007 17:20 <REP> Adobe
12/06/2006 16:17 <REP> Ahead
04/05/2006 09:53 <REP> Apple Computer
23/08/2006 23:50 <REP> Ashampoo AudioCD MP3 Studio 3
29/07/2006 08:24 <REP> Google
24/06/2006 07:58 <REP> Help
23/04/2006 21:48 <REP> Identities
06/01/2007 23:43 <REP> Microsoft


____________________________________________

## Listing des dossiers dans C:\Program Files

26/01/2007 18:29 <REP> ACD Systems
25/10/2006 20:35 <REP> ACE Mega CoDecS Pack
19/06/2006 14:23 <REP> Adobe
30/04/2006 20:25 <REP> Adverts
08/09/2006 13:57 <REP> Ahead
25/02/2007 09:18 <REP> Alcohol Soft
19/10/2006 15:49 <REP> Alice
12/09/2006 13:38 <REP> Alwil Software
16/11/2005 19:42 <REP> ArcSoft
25/02/2007 19:22 <REP> Atari
30/10/2005 17:57 <REP> ATI Technologies
26/02/2007 22:02 <REP> BitDownload
28/02/2006 11:33 <REP> Broderbund
19/09/2006 07:29 <REP> BulletProofSoft.com
23/06/2006 18:33 <REP> CCleaner
26/02/2007 21:51 <REP> chin site
06/10/2006 10:37 <REP> Coktel
31/10/2005 11:08 <REP> ColorClub
21/04/2006 19:27 <REP> Common Files
29/03/2006 10:16 <REP> CyberLink
08/02/2007 08:12 <REP> DaemonTools_WhenUSave_Installer
11/08/2006 08:50 <REP> denouvel
31/12/2005 00:15 <REP> directx
21/01/2007 13:12 <REP> Diskeeper Corporation
27/08/2006 21:22 <REP> DivX
25/08/2006 12:00 <REP> DivXCodec
22/03/2006 21:22 <REP> Duo
02/07/2006 07:40 <REP> DVD Shrink
11/02/2007 15:02 <REP> EA SPORTS
03/06/2006 15:07 <REP> Easy Internet signup
01/09/2006 15:08 <REP> EasyBurning
25/03/2006 13:26 <REP> eBay
13/02/2006 20:43 <REP> eChanblard
23/01/2007 22:28 <REP> Elaborate Bytes
15/03/2007 21:40 <REP> eMule
09/12/2006 08:27 <REP> EPSON
12/11/2006 18:50 <REP> ExtraFilm Digitorder
23/08/2006 20:10 <REP> Extrafilm FotoFacil
09/03/2006 18:22 <REP> Family Games
26/01/2007 18:28 <REP> Fichiers communs
16/01/2007 15:56 <REP> Google
30/10/2005 17:59 <REP> Home Media Networks Limited
29/12/2006 10:11 <REP> HP
14/02/2007 08:41 <REP> Internet Explorer
26/06/2006 08:15 <REP> InterVideo
09/12/2006 13:38 <REP> Java
25/10/2006 20:37 <REP> K-Lite Codec Pack
25/02/2007 10:15 <REP> Knowledge Adventure
26/01/2006 20:36 <REP> Logitech
16/08/2006 12:29 <REP> Magic Burning Studio
25/10/2006 20:31 <REP> Matroska Pack
24/06/2006 23:46 <REP> Maxicolor Screen Saver
15/06/2006 17:56 <REP> Media Player Classic
12/11/2006 18:50 <REP> Messenger
21/04/2006 21:26 <REP> MessengerPlus! 3
31/10/2005 11:26 <REP> MGI
28/06/2006 08:00 <REP> Micro Application
01/01/2003 17:54 <REP> Microsoft AutoRoute
01/01/2003 17:55 <REP> Microsoft Encarta
02/01/2003 05:36 <REP> microsoft frontpage
01/01/2003 17:54 <REP> Microsoft Money
12/03/2006 00:20 <REP> Microsoft Office
12/11/2006 18:50 <REP> Microsoft Picture It! 7
05/11/2005 20:54 <REP> Microsoft SQL Server
28/02/2006 16:50 <REP> Microsoft Works
01/01/2003 17:50 <REP> Microsoft Works Suite 2003
23/06/2006 19:32 <REP> Movie Collection
16/08/2006 14:29 <REP> Movie Maker
06/02/2006 20:28 <REP> MSN
02/01/2003 05:33 <REP> MSN Gaming Zone
23/08/2006 19:50 <REP> MSN Messenger
17/11/2006 05:30 <REP> MSXML 4.0
31/10/2005 10:54 <REP> MyPhotosNow
09/03/2006 18:14 <REP> Neoact
12/02/2006 14:46 <REP> NetMeeting
25/08/2006 12:00 <REP> NimoCodec Pack
27/08/2006 21:28 <REP> Oberon Media
14/12/2006 03:11 <REP> Outlook Express
25/02/2007 10:16 <REP> QuickTime
20/06/2006 14:32 <REP> Real Alternative
09/03/2007 22:30 <REP> RealVNC
09/05/2006 12:30 <REP> RecordNow
28/12/2005 21:47 <REP> ReflexiveArcade
10/03/2007 08:25 <REP> Satsuki Decoder Pack
16/11/2005 19:53 <REP> SEIKO EPSON Corp
02/01/2003 06:40 <REP> Services en ligne
23/01/2007 22:26 <REP> SlySoft
23/12/2006 15:23 <REP> vso
26/01/2007 21:00 <REP> Wanadoo Edition
07/11/2006 21:00 <REP> Windows Live Toolbar
24/12/2006 09:41 <REP> Windows Media Connect 2
26/12/2006 09:22 <REP> Windows Media Player
12/02/2006 14:46 <REP> Windows NT
06/11/2006 23:16 <REP> WinRAR
02/01/2003 05:36 <REP> xerox
25/08/2006 12:00 <REP> XviD



_________________________________________________________________

## Recherche dans le registre


# Clés de démarrage :

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Locks Plus Link Memo REG_SZ C:\Documents and Settings\All Users\Application Data\downloadroadlocksplus\team mp3.exe

* HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Gram meta REG_SZ C:\DOCUME~1\PROPRI~1\APPLIC~1\CHINSI~1\PartEnc.exe
_________________________________________________________________

## Modification du fichier Hosts

127.0.0.1= Url bloquée Autre= Redirection

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD


_________________________________________________________________

# Popups autorisées

* Internet Explorer

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)
* Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)


_________________________________________________________________

## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)
0
Réponse 4 / 15
zBr
 
Hé bin !

Ton problème de pubs intempestive vient du sponsor de BitDownload et Messenger plus.

Ouvre le menu Démarrer
Clic sur executer et copie et colle exactement tout ce qui est en bleu ci-dessous 
"C:\Documents and Settings\Propriétaire\Bureau\Lopxpv3\Lopxp.bat" /fix

Puis valide.
Le bloc note va s'ouvrir, copie et colle son contenu dans ton prochain message.

a++
0
fred 85 Messages postés 21 Statut Membre
 
LopFix v 3.0 : 15/03/2007 23:22:13,92
FixMode


Dossiers supprimés:


C:\Program Files\Adverts
C:\Documents and Settings\All Users\Application Data\downloadroadlocksplus\
C:\DOCUME~1\PROPRI~1\APPLIC~1\CHINSI~1\
C:\Program Files\CHINSI~1

Tâche(s) supprimée(s):
C:\WINDOWS\Tasks\B04E3EFE93F5B2D6.job


Fin du rapport.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
zBr
 
Excellent, les fichiers de l'infection ont été supprimé.

Maintenant il faudrait supprimer Bitdownload, si tu veux Lopxp peux le faire à ta place.

Pour cela, tu relance Lopxp.bat à partir du dossier sur le bureau, mais cette fois tu choisis l'option 2 (Supprimer le programme P2P)
Là aussi, le bloc note va s'ouvrir, copie et colle le contenu ainsi qu'un nouveau rapport hijackthis.

a++
0
Réponse 6 / 15
zBr
 
Oups ! Désolé j'ai sauté une étape :-)

Il faut lire:
tu choisis l'option 2 Mode avancé
Ensuite tu choisis l'option 1 (Supprimer le programme P2P)

a++
0
fred 85 Messages postés 21 Statut Membre
 
Logfile of HijackThis v1.99.1
Scan saved at 23:37:35, on 15/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Alice ADSL - {FA703267-2411-411F-971F-0E6A6CCF5577} - https://portail.free.fr/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://portail.free.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/sp3.02r/spyspottercabinstall.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0
fred 85 Messages postés 21 Statut Membre
 
LopP2P : 15/03/2007 23:43:17,46

FixP2P Mode


________________________________
## Arrêt des processus

Effectué.
________________________________
## Nettoyage du registre:

Nettoyage effectué


________________________________
## Suppression des dossiers:
0
Réponse 7 / 15
zBr
 
Fred, tu avais déjà désinstallé BitDowload, ou tu as passé deux fois l'option supprimer le programme P2P de lopxp ?
Car le rapport ne mentionne rien du tout.
Supprimes manuellement les dossiers de BitDowload s'ils sont présent bien sur.

C:\Program Files\\BitDownload
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\BitDownload
C:\Documents and Settings\Propriétaire\Application Data\BitDownload
et le raccourci sur ton bureau.
Ensuite, dans le dossier lopxpv3 se trouve un dossier LopP2P, avec à l'intérieur le fichier p2p.reg, double clic sur p2p.reg et accepte la fusion dans le registre.
Ca enlèvera toutes les traces de BitDowload dans celui-ci.
Puis:
Lance hijackthis et clic sur [Do a system scan only]
cocher la case au début des lignes suivantes:

O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

valider en cliquant sur le bouton [Fix checked]

Je vois que tu as Ccleaner d'installé, lance le pour supprimer les fichiers inutiles et temporaires.

Et enfin poste un dernier rapport de contrôle avec Lopxp.bat
Dans le dossier Lopxpv3 lance le fichier Lopxp.bat.
Choisis l'option 1 Rechercher/générer un rapport

J'allais oublier le principal lol, ou en sont tes soucis de pubs ?
Il y a du mieux ou bien tu en as toujours à chaque fois que tu lances internet explorer ?

a++
0
fred 85 Messages postés 21 Statut Membre
 
------------------------------------------------
Rapport Lopxp fait le 16/03/2007 à 9:11:31,03
------------------------------------------------

Exécuté dans C:\Documents and Settings\Propri‚taire\Bureau\Lopxpv3


/!\ Attention /!\

Les résultats de ce rapport sont sujets à interprétations,
Et ne démontrent pas systématiquement des dossiers infectés...



_________________________________________________________________

## Processus



_________________________________________________________________

## Recherche prédéterminé dans C:\Program Files




[X] C:\Program Files\MessengerPlus! 3 Présent ! Installé le: 23/03/2006

Recherche des dossiers crées le 23/03/2006 :




/!\ Sponsor accepté lors de la dernière installation.

Impossibilité de désinstaller le sponsor dans Ajout/Suppression de programme.
Le fichier C:\Program Files\Adverts\uninst.exe est manquant.


_________________________________________________________________

## Tâches planifiées cachées

(Panneau de configuration > Tâches planifiées > Menu "Avancé" > Afficher les tâches masquées)



_________________________________________________________________

## Détection des paramètres de désinstallation du sponsor P2P:
(BitDownload,BitGrabber,BitRoll,NetPumper,TorrentQ,Torrent101...)





_________________________________________________________________

## Listing des dossiers des répertoires Application Data


C:\Documents and Settings\All Users\Application Data

26/01/2007 18:29 <REP> ACD Systems
26/01/2007 18:40 <REP> Adobe
08/09/2006 13:53 <REP> Ahead
29/03/2006 10:05 <REP> Apple Computer
29/07/2006 23:55 <REP> Avg7
28/02/2006 11:37 <REP> Broderbund Software
29/03/2006 10:16 <REP> CyberLink
31/01/2007 11:19 <REP> DVD Shrink
16/01/2007 15:48 <REP> Google
23/03/2006 14:17 <REP> Messenger Plus!
10/07/2006 13:23 <REP> Microsoft
30/10/2005 19:50 <REP> MSN6
21/11/2005 00:58 <REP> QuickTime
15/06/2006 17:56 <REP> Real
02/01/2003 05:41 <REP> SBSI
03/08/2006 12:45 <REP> Spybot - Search & Destroy
06/02/2006 17:00 <REP> Symantec
23/06/2006 14:24 <REP> Windows Genuine Advantage
23/08/2006 19:52 <REP> Windows Live Toolbar



C:\Documents and Settings\Default User\Application Data

02/01/2003 06:29 <REP> Adobe
02/01/2003 05:36 <REP> Identities
02/01/2003 06:29 <REP> InterTrust
01/01/2003 17:54 <REP> Microsoft
02/01/2003 06:33 <REP> SampleView
02/01/2003 06:28 <REP> Sonic
02/01/2003 08:27 <REP> Symantec


C:\Documents and Settings\Default User\Local Settings\Application Data

21/04/2006 13:56 <REP> ApplicationHistory
01/01/2003 17:51 <REP> Microsoft



C:\Documents and Settings\LocalService\Application Data

18/02/2007 00:19 <REP> Google
18/02/2007 00:19 <REP> Microsoft


C:\Documents and Settings\LocalService\Local Settings\Application Data

18/02/2007 00:19 <REP> Google
29/07/2006 23:55 <REP> Microsoft



C:\Documents and Settings\NetworkService\Application Data

29/07/2006 23:55 <REP> Microsoft


C:\Documents and Settings\NetworkService\Local Settings\Application Data

29/07/2006 23:55 <REP> Microsoft



C:\Documents and Settings\Propri‚taire\Application Data

26/01/2007 18:33 <REP> ACD Systems
02/03/2006 21:00 <REP> Adobe
31/03/2006 10:21 <REP> AdobeUM
27/10/2006 21:43 <REP> Ahead
29/03/2006 10:10 <REP> Apple Computer
16/11/2005 19:44 <REP> ArcSoft
12/07/2006 08:36 <REP> CopyToDvd
30/03/2006 19:52 <REP> CyberLink
07/02/2006 15:20 <REP> EFF
03/08/2006 20:49 <REP> Google
31/10/2005 10:56 <REP> Help
12/03/2006 00:29 <REP> Identities
19/06/2006 14:23 <REP> InterTrust
30/10/2005 18:12 <REP> InterVideo
21/11/2005 00:57 <REP> iScreensaver
16/04/2006 16:28 <REP> Leadertech
31/10/2005 10:32 <REP> Macromedia
26/05/2006 21:47 <REP> Media Player Classic
08/11/2006 20:58 <REP> Microsoft
30/08/2006 11:10 <REP> MSN6
18/09/2006 18:56 <REP> PC Tools
15/02/2006 23:22 <REP> PEX
22/06/2006 13:37 <REP> Real
02/01/2003 06:33 <REP> SampleView
23/11/2006 09:49 <REP> SlySoft
02/01/2003 06:28 <REP> Sonic
09/12/2006 13:39 <REP> Sun
02/01/2003 08:27 <REP> Symantec
09/05/2006 12:23 <REP> VERITAS
14/03/2007 21:03 <REP> Vso
11/06/2006 14:45 <REP> WholeSecurity
02/07/2006 21:30 <REP> WinPatrol


C:\Documents and Settings\Propri‚taire\Local Settings\Application Data

11/02/2007 17:20 <REP> Adobe
12/06/2006 16:17 <REP> Ahead
04/05/2006 09:53 <REP> Apple Computer
23/08/2006 23:50 <REP> Ashampoo AudioCD MP3 Studio 3
29/07/2006 08:24 <REP> Google
24/06/2006 07:58 <REP> Help
23/04/2006 21:48 <REP> Identities
06/01/2007 23:43 <REP> Microsoft


____________________________________________

## Listing des dossiers dans C:\Program Files

26/01/2007 18:29 <REP> ACD Systems
25/10/2006 20:35 <REP> ACE Mega CoDecS Pack
19/06/2006 14:23 <REP> Adobe
08/09/2006 13:57 <REP> Ahead
25/02/2007 09:18 <REP> Alcohol Soft
19/10/2006 15:49 <REP> Alice
12/09/2006 13:38 <REP> Alwil Software
16/11/2005 19:42 <REP> ArcSoft
25/02/2007 19:22 <REP> Atari
30/10/2005 17:57 <REP> ATI Technologies
28/02/2006 11:33 <REP> Broderbund
19/09/2006 07:29 <REP> BulletProofSoft.com
23/06/2006 18:33 <REP> CCleaner
06/10/2006 10:37 <REP> Coktel
31/10/2005 11:08 <REP> ColorClub
21/04/2006 19:27 <REP> Common Files
29/03/2006 10:16 <REP> CyberLink
08/02/2007 08:12 <REP> DaemonTools_WhenUSave_Installer
11/08/2006 08:50 <REP> denouvel
31/12/2005 00:15 <REP> directx
21/01/2007 13:12 <REP> Diskeeper Corporation
27/08/2006 21:22 <REP> DivX
25/08/2006 12:00 <REP> DivXCodec
22/03/2006 21:22 <REP> Duo
02/07/2006 07:40 <REP> DVD Shrink
11/02/2007 15:02 <REP> EA SPORTS
03/06/2006 15:07 <REP> Easy Internet signup
01/09/2006 15:08 <REP> EasyBurning
25/03/2006 13:26 <REP> eBay
13/02/2006 20:43 <REP> eChanblard
23/01/2007 22:28 <REP> Elaborate Bytes
16/03/2007 07:59 <REP> eMule
09/12/2006 08:27 <REP> EPSON
12/11/2006 18:50 <REP> ExtraFilm Digitorder
23/08/2006 20:10 <REP> Extrafilm FotoFacil
09/03/2006 18:22 <REP> Family Games
26/01/2007 18:28 <REP> Fichiers communs
16/01/2007 15:56 <REP> Google
30/10/2005 17:59 <REP> Home Media Networks Limited
29/12/2006 10:11 <REP> HP
14/02/2007 08:41 <REP> Internet Explorer
26/06/2006 08:15 <REP> InterVideo
09/12/2006 13:38 <REP> Java
25/10/2006 20:37 <REP> K-Lite Codec Pack
25/02/2007 10:15 <REP> Knowledge Adventure
26/01/2006 20:36 <REP> Logitech
16/08/2006 12:29 <REP> Magic Burning Studio
25/10/2006 20:31 <REP> Matroska Pack
24/06/2006 23:46 <REP> Maxicolor Screen Saver
15/06/2006 17:56 <REP> Media Player Classic
12/11/2006 18:50 <REP> Messenger
21/04/2006 21:26 <REP> MessengerPlus! 3
31/10/2005 11:26 <REP> MGI
28/06/2006 08:00 <REP> Micro Application
01/01/2003 17:54 <REP> Microsoft AutoRoute
01/01/2003 17:55 <REP> Microsoft Encarta
02/01/2003 05:36 <REP> microsoft frontpage
01/01/2003 17:54 <REP> Microsoft Money
12/03/2006 00:20 <REP> Microsoft Office
12/11/2006 18:50 <REP> Microsoft Picture It! 7
05/11/2005 20:54 <REP> Microsoft SQL Server
28/02/2006 16:50 <REP> Microsoft Works
01/01/2003 17:50 <REP> Microsoft Works Suite 2003
23/06/2006 19:32 <REP> Movie Collection
16/08/2006 14:29 <REP> Movie Maker
06/02/2006 20:28 <REP> MSN
02/01/2003 05:33 <REP> MSN Gaming Zone
23/08/2006 19:50 <REP> MSN Messenger
17/11/2006 05:30 <REP> MSXML 4.0
31/10/2005 10:54 <REP> MyPhotosNow
09/03/2006 18:14 <REP> Neoact
12/02/2006 14:46 <REP> NetMeeting
25/08/2006 12:00 <REP> NimoCodec Pack
27/08/2006 21:28 <REP> Oberon Media
14/12/2006 03:11 <REP> Outlook Express
25/02/2007 10:16 <REP> QuickTime
20/06/2006 14:32 <REP> Real Alternative
09/03/2007 22:30 <REP> RealVNC
09/05/2006 12:30 <REP> RecordNow
28/12/2005 21:47 <REP> ReflexiveArcade
10/03/2007 08:25 <REP> Satsuki Decoder Pack
16/11/2005 19:53 <REP> SEIKO EPSON Corp
02/01/2003 06:40 <REP> Services en ligne
23/01/2007 22:26 <REP> SlySoft
23/12/2006 15:23 <REP> vso
26/01/2007 21:00 <REP> Wanadoo Edition
07/11/2006 21:00 <REP> Windows Live Toolbar
24/12/2006 09:41 <REP> Windows Media Connect 2
26/12/2006 09:22 <REP> Windows Media Player
12/02/2006 14:46 <REP> Windows NT
06/11/2006 23:16 <REP> WinRAR
02/01/2003 05:36 <REP> xerox
25/08/2006 12:00 <REP> XviD



_________________________________________________________________

## Recherche dans le registre


# Clés de démarrage :

_________________________________________________________________

## Modification du fichier Hosts

127.0.0.1= Url bloquée Autre= Redirection

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD


_________________________________________________________________

# Popups autorisées

* Internet Explorer

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)
* Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)


_________________________________________________________________

## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

quand je vais sur internet je n'ai plus de pubs.
0
Réponse 8 / 15
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Bonsoir zBr

Désolé de t'interpeller ici, mais pas d'autres choix.

Puis-je encore utiliser ta version lopXP-MH2 ?
Est-elle mise à jour ?
Ou faut-il déjà utiliser ta version bêta 3 ?
Sous quelle condition puis-je l'employer ?

Possibilité de MP ?
Merci .
Al.
0
Réponse 9 / 15
zBr
 
Salut Fred

Pour moi ton problème est résolu, il n'y a plus rien de suspect dans le rapport Lopxp, sauf si tu as encore des pubs, lol.

Afideg, lopxpMH2 n'a jamais été codé par moi, mais par Jean-Chrétien 1, j'ai simplement revu et adapté un peu le code original afin d'affiner et cibler le plus précisément possible la recherche de Lop et d'insister surtout sur sa possibilité de désinstallation. :-)
Cet outil (Lopxpv3) n'est en fait qu'un gadget sans réelle utilité qu'il m'amuse de coder pour le fun et pour le petit challenge de pouvoir permettre une detection fiable à 100% de cette infection particulière, afin d'envisager une option "Fix" visible...Lol
Malheureusement en l'état actuel de la méthode de détection que j'utilise, cette option demande pour l'instant au point de vue fiabilité et efficacité que certains paramètres très précis soit présents pour fonctionner correctement, si n'est pas le cas le nettoyage se fait à moitié voire pas du tout.
Donc c'est pour cette raison que je ne souhaite pas que cet outil soit fait utiliser par quelqu'un d'autre que moi, et car il y a encore des petits bug et travers avec cet outil qui est encore en cours de tests pour certains points.
Petits travers que je connais assez bien pour adapter une manip en fonction de ceux-ci pour me permettre de le faire utiliser à un internaute.
Si vraiment il y avait une réelle demande et utilité pour ce batch, ce dont je doute fort, à la rigueur je peux proposer une version qui génèrera le même type de rapport qu'actuellement mais sans possibilité de suppression.
Mais dans ce cas lol, autant utiliser LopxpMH2 qui fournis tout les renseignements qu'ils y a à savoir sur cette infection, et le désinstalleur de CiD, tu ne crois pas ?

a++

PS:
Désolé, mais pas de possibilité pour me joindre en MP non, car je ne suis pas inscrit ici, et plus sur aucun forum qui demande une inscription préalable.
0
Réponse 10 / 15
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Bonsoir zBr,

Sincèrement merci d'avoir accepté de m'apporter une réponse.

« Mais dans ce cas, autant utiliser LopxpMH2 qui fournit tous les renseignements qu'il y a à savoir sur cette infection, et le désinstalleur de CiD, tu ne crois pas ? »

Oui bien sûr.

J'y voyais en effet cesdit "gadgets" intéressants :
- Détection des paramètres de désinstallation du sponsor
- Recherche des dossiers crées le :
- /!\ Sponsor accepté lors de la dernière installation.
- 127.0.0.1= Url bloquée Autre= Redirection
( liste que je vais ajouter à ma liste MVPS HOSTS ) ;)

J'ai cru un moment que tu étais bien N, puisqu'il teste également une version bêta . Mais c'est vrai que ce ne sont pas des jouets. Je regrette assurément que je ne puisse t'interpeller lors d'un cas difficile, et adapté à ta recherche. Je ne désespère pas.
Et comme tu dis : « ... presqu'autant utiliser LopxpMH2 » ;)

Bon W-E
Al.
0
Réponse 11 / 15
denzele
 
Je lé attrapé moi en installant msn +, svp aidé moi !!!!!!!!!!!!!!!!!!!
0
Réponse 12 / 15
elodie
 
quelque choz de simple il suffit d'aller dans ajout/suppression de prog
et de supprimer le logiciel CID... voila
0
Réponse 13 / 15
PiratX
 
Logfile of HijackThis v1.99.1
Scan saved at 23:37:20, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cake Wipe Inside Wma] C:\Documents and Settings\All Users\Application Data\flag barb cake wipe\pile extra.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Admin Hide] C:\DOCUME~1\ADMINI~1\APPLIC~1\THIRDF~1\WIPE MEET SETTINGS.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 14 / 15
Aude
 
gros pb de pub CiD sur vista je fait tourner 1 nolop mais rien y fait, je pense que le CiD vient de messenger plus merci de m'aider.
0
Réponse 15 / 15
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Doublon
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses