Sujet Précédent Sujet Suivant

Virus

titish02 -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,

j'ai un gros probleme avec mon ordi j'ai des virus (trojan et adware) et spyware ,des pub intempestives aussi mon ordi rame a mort si quelqu'un peut m'aider a remettre mon ordi a neuf merci beaucoup
A voir également:

37 réponses

  • 1
  • 2
Réponse 1 / 37
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Télécharge ceci :

Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++
0
Réponse 2 / 37
hugnix Messages postés 124 Statut Membre
 
la première solution serait d'utiliser un antivirus quand tu vas sur le net :) si tu en as un fait un scan avec et détruit se qu'il a trouvé ensuite va sur www.secuser.com il va surement t'en trouver des autres, ensuite utilise ceci http://www.commentcamarche.net/telecharger/telecharger 83 ad aware 2007 free et pis ça http://www.commentcamarche.net/telecharger/telecharger 122 spybot .

Si tu sa toujours des problèmes fait un scan avec hijackthis et poste le log ici, les plus connaisseurs pourront t'aider!
0
Réponse 3 / 37
titish02
 
voila le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:50, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\audio ace.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Browse wma] C:\DOCUME~1\COMPAQ~1\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
0
Réponse 4 / 37
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharge ceci: (by Moe) :

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
titish02
 
le voila

Rapport Lopxp fait le 16/01/2008 à 21:35:54
Exécuté dans : C:\Program Files\Lopxp 


  Killing 'iexplore.exe'
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" (1876)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" (2528)
"C:\Program Files\Internet Explorer\iexplore.exe" (5972)
___________________________________________________________________________

=> Tâches planifiées

C:\WINDOWS\tasks\8B2C8CAD93872489.job 
Crée le : 15/01/2008 à 17:36
Fichier exécuté => c:\docume~1\kylie\applic~1\liesit~1\byte stupid intra.exe 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job 
Crée le : 12/10/2007 à 19:43
Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task

C:\WINDOWS\tasks\EasyShare Registration Task.job 
Crée le : 25/12/2007 à 17:20
Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job 
Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 


___________________________________________________________________________

=> Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

09/01/2008 07:03:06 ... ADMINI~1 --= Admin Inter 1 Mags
01/08/2006 01:18:06 ... Adobe -----= Adobe
03/11/2007 11:58:44 ... Ahead -----= Ahead
12/10/2007 19:42:43 ... Apple -----= Apple
12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
12/10/2007 10:38:33 ... F-Secure --= F-Secure
12/10/2007 10:27:54 ... fssg ------= fssg
14/12/2007 13:00:59 ... GamesBar --= GamesBar
11/10/2007 10:33:10 ... Google ----= Google
16/01/2008 19:52:36 ... Grisoft ---= Grisoft
01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
25/12/2007 17:19:02 ... Kodak -----= Kodak
14/12/2007 09:27:38 ... Logishrd --= Logishrd
12/10/2007 19:00:47 ... Logitech --= Logitech
21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
13/10/2007 09:18:51 ... MGS -------= MGS
26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
01/08/2006 00:51:05 ... SBSI ------= SBSI
01/08/2006 01:10:35 ... Sonic -----= Sonic
01/08/2006 01:36:51 ... Symantec --= Symantec
14/12/2007 13:01:57 ... TEMP ------= TEMP
13/10/2007 14:59:50 ... UDL -------= UDL
11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller

+- C:\Documents and Settings\Default User\Application Data

26/10/2005 23:34:38 ... IDENTI~1 --= Identities
26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... Real ------= Real

+- C:\Documents and Settings\Default User\Local Settings\Application Data

11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

+- C:\Documents and Settings\kylie\Application Data

15/10/2007 11:40:23 ... Adobe -----= Adobe
09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
18/10/2007 21:45:02 ... Dealio ----= Dealio
19/10/2007 16:39:43 ... DivX ------= DivX
13/11/2007 19:55:26 ... F-Secure --= F-Secure
12/10/2007 20:06:28 ... Google ----= Google
13/10/2007 12:30:04 ... HP --------= HP
15/12/2007 21:03:11 ... HPQ -------= HPQ
12/10/2007 20:02:23 ... IDENTI~1 --= Identities
18/12/2007 21:23:30 ... LIESIT~1 --= Lies Itch Roam
12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
12/10/2007 20:02:23 ... Real ------= Real
11/11/2007 11:04:15 ... Sonic -----= Sonic
09/12/2007 20:55:51 ... Sun -------= Sun

+- C:\Documents and Settings\kylie\Local Settings\Application Data

15/10/2007 11:40:23 ... Adobe -----= Adobe
11/11/2007 10:59:15 ... Ahead -----= Ahead
16/10/2007 14:19:09 ... Apple -----= Apple
12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
12/10/2007 20:06:28 ... Google ----= Google
09/11/2007 14:09:14 ... IDENTI~1 --= Identities
13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

+- C:\Documents and Settings\sabrina\Application Data

13/10/2007 20:21:09 ... Adobe -----= Adobe
20/10/2007 12:15:24 ... Dealio ----= Dealio
13/10/2007 16:24:38 ... Google ----= Google
23/11/2007 21:24:48 ... HP --------= HP
13/10/2007 16:19:41 ... IDENTI~1 --= Identities
13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... Real ------= Real
18/10/2007 11:32:51 ... Template --= Template

+- C:\Documents and Settings\sabrina\Local Settings\Application Data

13/10/2007 20:21:09 ... Adobe -----= Adobe
30/10/2007 15:19:04 ... Apple -----= Apple
13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
13/10/2007 16:24:38 ... Google ----= Google
23/11/2007 21:24:35 ... HP --------= HP
23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

___________________________________________________________________________

=> Listing du dossier ProgramFiles

+- C:\Program Files

01/08/2006 01:17:55 ... Adobe -----= Adobe
21/10/2007 19:30:03 ... Adverts ---= Adverts
21/10/2007 15:45:19 ... Ahead -----= Ahead
16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
25/12/2007 17:45:09 ... Bonjour ---= Bonjour
18/12/2007 21:22:33 ... CIRCLE~1 --= Circle Developement
03/12/2007 12:46:20 ... COMMON~1 --= Common Files
20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
18/10/2007 20:31:18 ... Dealio ----= Dealio
16/10/2007 09:47:38 ... DivX ------= DivX
22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
13/10/2007 16:54:41 ... eMule -----= eMule
13/10/2007 14:50:36 ... epson -----= epson
26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
14/12/2007 12:59:45 ... Gamenext --= Gamenext
14/12/2007 13:00:06 ... GamesBar --= GamesBar
05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
01/08/2006 01:33:41 ... Google ----= Google
16/01/2008 19:52:31 ... Grisoft ---= Grisoft
01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:09:39 ... HP --------= HP
18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
12/10/2007 19:44:16 ... iPod ------= iPod
12/10/2007 19:44:10 ... iTunes ----= iTunes
01/08/2006 00:53:14 ... Java ------= Java
25/12/2007 17:21:15 ... Kodak -----= Kodak
15/01/2008 17:35:04 ... LIESIT~1 --= Lies Itch Roam
18/10/2007 12:16:17 ... LimeWire --= LimeWire
12/10/2007 19:00:47 ... Logitech --= Logitech
16/01/2008 21:33:57 ... Lopxp -----= Lopxp
03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
26/10/2005 23:36:22 ... MSN -------= MSN
26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
02/11/2007 12:44:48 ... Neuf ------= Neuf
11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
01/08/2006 01:13:35 ... Real ------= Real
26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
01/08/2006 01:14:17 ... Sonic -----= Sonic
29/10/2007 12:47:22 ... Sony ------= Sony
01/08/2006 01:36:56 ... Symantec --= Symantec
16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
26/10/2005 23:37:08 ... xerox -----= xerox


___________________________________________________________________________

=> Clés registre

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1 mags 16 more"="C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\audio ace.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browse wma"="C:\DOCUME~1\COMPAQ~1\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe"


___________________________________________________________________________

=> Bloqueur popups Internet Explorer

+- Liste des popups autorisés :

www.infos-du-net.com
216.93.188.81
www.kaledonie.com
fr.unibet.com
adoption-dogo.niceboard.com
www.commentcamarche.net

___________________________________________________________________________

/!\  Suggestion (Nécessite une interprétation.)

+- Dossiers suspects :

C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
C:\Documents and Settings\kylie\Application Data\Lies Itch Roam
C:\Program Files\Lies Itch Roam
C:\Program Files\Adverts
C:\Program Files\Circle Developement

+- Tâches planifiées suspectes :

C:\WINDOWS\tasks\8B2C8CAD93872489.job

+- Registre:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1 mags 16 more"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browse wma"=-

- Fin du rapport -
0
Réponse 6 / 37
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
très bien :

va dans : Démarrer > Exécuter puis copier/coller :
"%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
puis valide, et poste le rapport stp, avec un nouveau hijack

@+

0
Réponse 7 / 37
titish02
 
salut voila le rapport mais j'ai pas compris le nouveau hijack c'est koi je dois refaire un rapport avec hijack ?

Rapport Lopxp fait le 17/01/2008 à 17:21:20
Exécuté dans : C:\Program Files\Lopxp 


___________________________________________________________________________

=> Fixme :

+- Tâches planifiées :
Supprimé : C:\WINDOWS\tasks\8B2C8CAD93872489.job

+- Dossiers :
Supprimé : C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
Supprimé : C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
Supprimé : C:\Documents and Settings\kylie\Application Data\Lies Itch Roam
Supprimé : C:\Program Files\Lies Itch Roam
Supprimé : C:\Program Files\Adverts
Supprimé : C:\Program Files\Circle Developement

+- Registre :
Nettoyage effectué.

+- Fichiers temporaires :
Nettoyage effectué.

___________________________________________________________________________

=> Tâches planifiées

C:\WINDOWS\tasks\AppleSoftwareUpdate.job 
Crée le : 12/10/2007 à 19:43
Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task

C:\WINDOWS\tasks\EasyShare Registration Task.job 
Crée le : 25/12/2007 à 17:20
Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job 
Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 


___________________________________________________________________________

=> Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

01/08/2006 01:18:06 ... Adobe -----= Adobe
03/11/2007 11:58:44 ... Ahead -----= Ahead
12/10/2007 19:42:43 ... Apple -----= Apple
12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
12/10/2007 10:38:33 ... F-Secure --= F-Secure
12/10/2007 10:27:54 ... fssg ------= fssg
14/12/2007 13:00:59 ... GamesBar --= GamesBar
11/10/2007 10:33:10 ... Google ----= Google
16/01/2008 19:52:36 ... Grisoft ---= Grisoft
01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
25/12/2007 17:19:02 ... Kodak -----= Kodak
14/12/2007 09:27:38 ... Logishrd --= Logishrd
12/10/2007 19:00:47 ... Logitech --= Logitech
21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
13/10/2007 09:18:51 ... MGS -------= MGS
26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
01/08/2006 00:51:05 ... SBSI ------= SBSI
01/08/2006 01:10:35 ... Sonic -----= Sonic
01/08/2006 01:36:51 ... Symantec --= Symantec
14/12/2007 13:01:57 ... TEMP ------= TEMP
13/10/2007 14:59:50 ... UDL -------= UDL
11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller

+- C:\Documents and Settings\Default User\Application Data

26/10/2005 23:34:38 ... IDENTI~1 --= Identities
26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... Real ------= Real

+- C:\Documents and Settings\Default User\Local Settings\Application Data

11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

+- C:\Documents and Settings\kylie\Application Data

15/10/2007 11:40:23 ... Adobe -----= Adobe
09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
18/10/2007 21:45:02 ... Dealio ----= Dealio
19/10/2007 16:39:43 ... DivX ------= DivX
13/11/2007 19:55:26 ... F-Secure --= F-Secure
12/10/2007 20:06:28 ... Google ----= Google
17/01/2008 16:52:56 ... Grisoft ---= Grisoft
13/10/2007 12:30:04 ... HP --------= HP
15/12/2007 21:03:11 ... HPQ -------= HPQ
12/10/2007 20:02:23 ... IDENTI~1 --= Identities
12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
12/10/2007 20:02:23 ... Real ------= Real
11/11/2007 11:04:15 ... Sonic -----= Sonic
09/12/2007 20:55:51 ... Sun -------= Sun

+- C:\Documents and Settings\kylie\Local Settings\Application Data

15/10/2007 11:40:23 ... Adobe -----= Adobe
11/11/2007 10:59:15 ... Ahead -----= Ahead
16/10/2007 14:19:09 ... Apple -----= Apple
12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
12/10/2007 20:06:28 ... Google ----= Google
09/11/2007 14:09:14 ... IDENTI~1 --= Identities
13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

+- C:\Documents and Settings\sabrina\Application Data

13/10/2007 20:21:09 ... Adobe -----= Adobe
20/10/2007 12:15:24 ... Dealio ----= Dealio
13/10/2007 16:24:38 ... Google ----= Google
17/01/2008 16:45:59 ... Grisoft ---= Grisoft
23/11/2007 21:24:48 ... HP --------= HP
13/10/2007 16:19:41 ... IDENTI~1 --= Identities
13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... Real ------= Real
18/10/2007 11:32:51 ... Template --= Template

+- C:\Documents and Settings\sabrina\Local Settings\Application Data

13/10/2007 20:21:09 ... Adobe -----= Adobe
30/10/2007 15:19:04 ... Apple -----= Apple
13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
13/10/2007 16:24:38 ... Google ----= Google
23/11/2007 21:24:35 ... HP --------= HP
23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

___________________________________________________________________________

=> Listing du dossier ProgramFiles

+- C:\Program Files

01/08/2006 01:17:55 ... Adobe -----= Adobe
21/10/2007 15:45:19 ... Ahead -----= Ahead
16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
25/12/2007 17:45:09 ... Bonjour ---= Bonjour
03/12/2007 12:46:20 ... COMMON~1 --= Common Files
20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
18/10/2007 20:31:18 ... Dealio ----= Dealio
16/10/2007 09:47:38 ... DivX ------= DivX
22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
13/10/2007 16:54:41 ... eMule -----= eMule
13/10/2007 14:50:36 ... epson -----= epson
26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
14/12/2007 12:59:45 ... Gamenext --= Gamenext
14/12/2007 13:00:06 ... GamesBar --= GamesBar
05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
01/08/2006 01:33:41 ... Google ----= Google
16/01/2008 19:52:31 ... Grisoft ---= Grisoft
01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:09:39 ... HP --------= HP
18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
12/10/2007 19:44:16 ... iPod ------= iPod
12/10/2007 19:44:10 ... iTunes ----= iTunes
01/08/2006 00:53:14 ... Java ------= Java
25/12/2007 17:21:15 ... Kodak -----= Kodak
18/10/2007 12:16:17 ... LimeWire --= LimeWire
12/10/2007 19:00:47 ... Logitech --= Logitech
16/01/2008 21:33:57 ... Lopxp -----= Lopxp
03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
26/10/2005 23:36:22 ... MSN -------= MSN
26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
02/11/2007 12:44:48 ... Neuf ------= Neuf
11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
01/08/2006 01:13:35 ... Real ------= Real
26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
01/08/2006 01:14:17 ... Sonic -----= Sonic
29/10/2007 12:47:22 ... Sony ------= Sony
01/08/2006 01:36:56 ... Symantec --= Symantec
16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
26/10/2005 23:37:08 ... xerox -----= xerox


___________________________________________________________________________

=> Clés registre


___________________________________________________________________________

=> Bloqueur popups Internet Explorer

+- Liste des popups autorisés :

www.infos-du-net.com
216.93.188.81
www.kaledonie.com
fr.unibet.com
adoption-dogo.niceboard.com
www.commentcamarche.net

___________________________________________________________________________

/!\  Suggestion (Nécessite une interprétation.)

+- Dossiers suspects :

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam

- Fin du rapport -
0
Réponse 8 / 37
titish02
 
voila au cas ou il fallait un autre rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:26, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'kylie')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'kylie')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'kylie')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [Browse wma] C:\DOCUME~1\kylie\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe (User 'kylie')
O4 - S-1-5-21-3752759594-2965898356-3032709857-1009 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'kylie')
O4 - S-1-5-21-3752759594-2965898356-3032709857-1009 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'kylie')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
0
Réponse 9 / 37
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

oui, ce bien un nouveau rapport hijack !

refais ceci stp :

va dans : Démarrer > Exécuter puis copier/coller :
"%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
puis valide, et poste le rapport stp,

++
0
Réponse 10 / 37
titish02
 
salut quand tu dis guillemets il faut que je mets ca aussi <=
0
Réponse 11 / 37
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

non sauf ce signe "=>" ! :)

++
0
Réponse 12 / 37
titish02
 
Rapport Lopxp fait le 18/01/2008 à 19:36:34
Exécuté dans : C:\Program Files\Lopxp 


___________________________________________________________________________

=> Fixme :

+- Dossiers :
Supprimé : C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam

+- Fichiers temporaires :
Nettoyage effectué.

___________________________________________________________________________

=> Tâches planifiées

C:\WINDOWS\tasks\AppleSoftwareUpdate.job 
Crée le : 12/10/2007 à 19:43
Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task

C:\WINDOWS\tasks\EasyShare Registration Task.job 
Crée le : 25/12/2007 à 17:20
Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job 
Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 


___________________________________________________________________________

=> Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

01/08/2006 01:18:06 ... Adobe -----= Adobe
03/11/2007 11:58:44 ... Ahead -----= Ahead
12/10/2007 19:42:43 ... Apple -----= Apple
12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
12/10/2007 10:38:33 ... F-Secure --= F-Secure
12/10/2007 10:27:54 ... fssg ------= fssg
14/12/2007 13:00:59 ... GamesBar --= GamesBar
11/10/2007 10:33:10 ... Google ----= Google
16/01/2008 19:52:36 ... Grisoft ---= Grisoft
01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
25/12/2007 17:19:02 ... Kodak -----= Kodak
14/12/2007 09:27:38 ... Logishrd --= Logishrd
12/10/2007 19:00:47 ... Logitech --= Logitech
21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
13/10/2007 09:18:51 ... MGS -------= MGS
26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
01/08/2006 00:51:05 ... SBSI ------= SBSI
01/08/2006 01:10:35 ... Sonic -----= Sonic
01/08/2006 01:36:51 ... Symantec --= Symantec
14/12/2007 13:01:57 ... TEMP ------= TEMP
13/10/2007 14:59:50 ... UDL -------= UDL
11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller

+- C:\Documents and Settings\Default User\Application Data

26/10/2005 23:34:38 ... IDENTI~1 --= Identities
26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... Real ------= Real

+- C:\Documents and Settings\Default User\Local Settings\Application Data

11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

+- C:\Documents and Settings\kylie\Application Data

15/10/2007 11:40:23 ... Adobe -----= Adobe
09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
18/10/2007 21:45:02 ... Dealio ----= Dealio
19/10/2007 16:39:43 ... DivX ------= DivX
13/11/2007 19:55:26 ... F-Secure --= F-Secure
12/10/2007 20:06:28 ... Google ----= Google
17/01/2008 16:52:56 ... Grisoft ---= Grisoft
13/10/2007 12:30:04 ... HP --------= HP
15/12/2007 21:03:11 ... HPQ -------= HPQ
12/10/2007 20:02:23 ... IDENTI~1 --= Identities
12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
12/10/2007 20:02:23 ... Real ------= Real
11/11/2007 11:04:15 ... Sonic -----= Sonic
09/12/2007 20:55:51 ... Sun -------= Sun

+- C:\Documents and Settings\kylie\Local Settings\Application Data

15/10/2007 11:40:23 ... Adobe -----= Adobe
11/11/2007 10:59:15 ... Ahead -----= Ahead
16/10/2007 14:19:09 ... Apple -----= Apple
12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
12/10/2007 20:06:28 ... Google ----= Google
09/11/2007 14:09:14 ... IDENTI~1 --= Identities
13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

+- C:\Documents and Settings\sabrina\Application Data

13/10/2007 20:21:09 ... Adobe -----= Adobe
20/10/2007 12:15:24 ... Dealio ----= Dealio
13/10/2007 16:24:38 ... Google ----= Google
17/01/2008 16:45:59 ... Grisoft ---= Grisoft
23/11/2007 21:24:48 ... HP --------= HP
13/10/2007 16:19:41 ... IDENTI~1 --= Identities
13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... Real ------= Real
18/10/2007 11:32:51 ... Template --= Template

+- C:\Documents and Settings\sabrina\Local Settings\Application Data

13/10/2007 20:21:09 ... Adobe -----= Adobe
30/10/2007 15:19:04 ... Apple -----= Apple
13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
13/10/2007 16:24:38 ... Google ----= Google
23/11/2007 21:24:35 ... HP --------= HP
23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

___________________________________________________________________________

=> Listing du dossier ProgramFiles

+- C:\Program Files

01/08/2006 01:17:55 ... Adobe -----= Adobe
21/10/2007 15:45:19 ... Ahead -----= Ahead
16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
25/12/2007 17:45:09 ... Bonjour ---= Bonjour
03/12/2007 12:46:20 ... COMMON~1 --= Common Files
20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
18/10/2007 20:31:18 ... Dealio ----= Dealio
16/10/2007 09:47:38 ... DivX ------= DivX
22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
13/10/2007 16:54:41 ... eMule -----= eMule
13/10/2007 14:50:36 ... epson -----= epson
26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
14/12/2007 12:59:45 ... Gamenext --= Gamenext
14/12/2007 13:00:06 ... GamesBar --= GamesBar
05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
01/08/2006 01:33:41 ... Google ----= Google
16/01/2008 19:52:31 ... Grisoft ---= Grisoft
01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:09:39 ... HP --------= HP
18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
12/10/2007 19:44:16 ... iPod ------= iPod
12/10/2007 19:44:10 ... iTunes ----= iTunes
01/08/2006 00:53:14 ... Java ------= Java
25/12/2007 17:21:15 ... Kodak -----= Kodak
18/10/2007 12:16:17 ... LimeWire --= LimeWire
12/10/2007 19:00:47 ... Logitech --= Logitech
16/01/2008 21:33:57 ... Lopxp -----= Lopxp
03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
26/10/2005 23:36:22 ... MSN -------= MSN
26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
02/11/2007 12:44:48 ... Neuf ------= Neuf
11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
01/08/2006 01:13:35 ... Real ------= Real
26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
01/08/2006 01:14:17 ... Sonic -----= Sonic
29/10/2007 12:47:22 ... Sony ------= Sony
01/08/2006 01:36:56 ... Symantec --= Symantec
16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
26/10/2005 23:37:08 ... xerox -----= xerox


___________________________________________________________________________

=> Clés registre


___________________________________________________________________________

=> Bloqueur popups Internet Explorer

+- Liste des popups autorisés :

www.infos-du-net.com
216.93.188.81
www.kaledonie.com
fr.unibet.com
adoption-dogo.niceboard.com
www.commentcamarche.net
www.skyrock.com
x3-ciity-world.skyrock.com

___________________________________________________________________________

/!\  Suggestion (Nécessite une interprétation.)

+- Dossiers suspects :

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam

- Fin du rapport -
0
Réponse 13 / 37
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, tu connais ce programme : Crazy Vegas Flash Casino ??

refais la manip avec la ligne de commande et poste le rapport stp

++
0
Réponse 14 / 37
titish02
 
je connais pas ce programme mes mon frere telecharge souvent des jeux de casino sur internet c'est peut etre ca , pourkoi
sinon pour le reste j'ai rien compris c koi la ligne de commande
0
Réponse 15 / 37
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
refais ceci stp :

va dans : Démarrer > Exécuter puis copier/coller :
"%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
puis valide, et poste le rapport stp,

++
0
Réponse 16 / 37
titish02
 
Rapport Lopxp fait le 19/01/2008 à 12:37:24
Exécuté dans : C:\Program Files\Lopxp 


___________________________________________________________________________

=> Fixme :

+- Dossiers :
Supprimé : C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam

+- Fichiers temporaires :
Nettoyage effectué.

___________________________________________________________________________

=> Tâches planifiées

C:\WINDOWS\tasks\AppleSoftwareUpdate.job 
Crée le : 12/10/2007 à 19:43
Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task

C:\WINDOWS\tasks\EasyShare Registration Task.job 
Crée le : 25/12/2007 à 17:20
Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job 
Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 


___________________________________________________________________________

=> Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

01/08/2006 01:18:06 ... Adobe -----= Adobe
03/11/2007 11:58:44 ... Ahead -----= Ahead
12/10/2007 19:42:43 ... Apple -----= Apple
12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
12/10/2007 10:38:33 ... F-Secure --= F-Secure
12/10/2007 10:27:54 ... fssg ------= fssg
14/12/2007 13:00:59 ... GamesBar --= GamesBar
11/10/2007 10:33:10 ... Google ----= Google
16/01/2008 19:52:36 ... Grisoft ---= Grisoft
01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
25/12/2007 17:19:02 ... Kodak -----= Kodak
14/12/2007 09:27:38 ... Logishrd --= Logishrd
12/10/2007 19:00:47 ... Logitech --= Logitech
21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
13/10/2007 09:18:51 ... MGS -------= MGS
26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
01/08/2006 00:51:05 ... SBSI ------= SBSI
01/08/2006 01:10:35 ... Sonic -----= Sonic
01/08/2006 01:36:51 ... Symantec --= Symantec
14/12/2007 13:01:57 ... TEMP ------= TEMP
13/10/2007 14:59:50 ... UDL -------= UDL
11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller

+- C:\Documents and Settings\Default User\Application Data

26/10/2005 23:34:38 ... IDENTI~1 --= Identities
26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... Real ------= Real

+- C:\Documents and Settings\Default User\Local Settings\Application Data

11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

+- C:\Documents and Settings\kylie\Application Data

15/10/2007 11:40:23 ... Adobe -----= Adobe
09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
18/10/2007 21:45:02 ... Dealio ----= Dealio
19/10/2007 16:39:43 ... DivX ------= DivX
13/11/2007 19:55:26 ... F-Secure --= F-Secure
12/10/2007 20:06:28 ... Google ----= Google
17/01/2008 16:52:56 ... Grisoft ---= Grisoft
13/10/2007 12:30:04 ... HP --------= HP
15/12/2007 21:03:11 ... HPQ -------= HPQ
12/10/2007 20:02:23 ... IDENTI~1 --= Identities
12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
12/10/2007 20:02:23 ... Real ------= Real
11/11/2007 11:04:15 ... Sonic -----= Sonic
09/12/2007 20:55:51 ... Sun -------= Sun

+- C:\Documents and Settings\kylie\Local Settings\Application Data

15/10/2007 11:40:23 ... Adobe -----= Adobe
11/11/2007 10:59:15 ... Ahead -----= Ahead
16/10/2007 14:19:09 ... Apple -----= Apple
12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
12/10/2007 20:06:28 ... Google ----= Google
09/11/2007 14:09:14 ... IDENTI~1 --= Identities
13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

+- C:\Documents and Settings\sabrina\Application Data

13/10/2007 20:21:09 ... Adobe -----= Adobe
20/10/2007 12:15:24 ... Dealio ----= Dealio
13/10/2007 16:24:38 ... Google ----= Google
17/01/2008 16:45:59 ... Grisoft ---= Grisoft
23/11/2007 21:24:48 ... HP --------= HP
13/10/2007 16:19:41 ... IDENTI~1 --= Identities
13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... Real ------= Real
18/10/2007 11:32:51 ... Template --= Template

+- C:\Documents and Settings\sabrina\Local Settings\Application Data

13/10/2007 20:21:09 ... Adobe -----= Adobe
30/10/2007 15:19:04 ... Apple -----= Apple
13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
13/10/2007 16:24:38 ... Google ----= Google
23/11/2007 21:24:35 ... HP --------= HP
23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}

___________________________________________________________________________

=> Listing du dossier ProgramFiles

+- C:\Program Files

01/08/2006 01:17:55 ... Adobe -----= Adobe
21/10/2007 15:45:19 ... Ahead -----= Ahead
16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
25/12/2007 17:45:09 ... Bonjour ---= Bonjour
03/12/2007 12:46:20 ... COMMON~1 --= Common Files
20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
18/10/2007 20:31:18 ... Dealio ----= Dealio
16/10/2007 09:47:38 ... DivX ------= DivX
22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
13/10/2007 16:54:41 ... eMule -----= eMule
13/10/2007 14:50:36 ... epson -----= epson
26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
14/12/2007 12:59:45 ... Gamenext --= Gamenext
14/12/2007 13:00:06 ... GamesBar --= GamesBar
05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
01/08/2006 01:33:41 ... Google ----= Google
16/01/2008 19:52:31 ... Grisoft ---= Grisoft
01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:09:39 ... HP --------= HP
18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
12/10/2007 19:44:16 ... iPod ------= iPod
12/10/2007 19:44:10 ... iTunes ----= iTunes
01/08/2006 00:53:14 ... Java ------= Java
25/12/2007 17:21:15 ... Kodak -----= Kodak
18/10/2007 12:16:17 ... LimeWire --= LimeWire
12/10/2007 19:00:47 ... Logitech --= Logitech
16/01/2008 21:33:57 ... Lopxp -----= Lopxp
03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
26/10/2005 23:36:22 ... MSN -------= MSN
26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
02/11/2007 12:44:48 ... Neuf ------= Neuf
11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
01/08/2006 01:13:35 ... Real ------= Real
26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
01/08/2006 01:14:17 ... Sonic -----= Sonic
29/10/2007 12:47:22 ... Sony ------= Sony
01/08/2006 01:36:56 ... Symantec --= Symantec
16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
26/10/2005 23:37:08 ... xerox -----= xerox


___________________________________________________________________________

=> Clés registre


___________________________________________________________________________

=> Bloqueur popups Internet Explorer

+- Liste des popups autorisés :

www.infos-du-net.com
216.93.188.81
www.kaledonie.com
fr.unibet.com
adoption-dogo.niceboard.com
www.commentcamarche.net
www.skyrock.com
x3-ciity-world.skyrock.com

___________________________________________________________________________

/!\  Suggestion (Nécessite une interprétation.)

+- Dossiers suspects :

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam

- Fin du rapport -
0
Réponse 17 / 37
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok,

cherche et supprime le fichier en gras :

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam

ensuite, poste un nouveau hijack stp

++

0
Réponse 18 / 37
titish02
 
salut
le fichier est supprimer voila le nouveau rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:50, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\windows\system32\qmmzmpum.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [qmmzmpum] c:\windows\system32\qmmzmpum.exe qmmzmpum
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
0
Réponse 19 / 37
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
Réponse 20 / 37
titish02
 
ComboFix 08-01-18.5 - Compaq_Propriétaire 2008-01-19 14:47:04.3 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.752 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.

2008-01-19 14:48 . 2008-01-19 14:48 3,220 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-01-19 13:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmpE1089.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp8B389.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp75189.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp4F689.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp48C79.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp01589.FOT
2008-01-18 21:07 . 2008-01-18 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-01-17 16:52 . 2008-01-17 16:52 <REP> d-------- C:\Documents and Settings\kylie\Application Data\Grisoft
2008-01-17 16:45 . 2008-01-17 16:45 <REP> d-------- C:\Documents and Settings\sabrina\Application Data\Grisoft
2008-01-16 21:33 . 2008-01-19 12:46 <REP> d-------- C:\Program Files\Lopxp
2008-01-16 19:58 . 2008-01-16 19:58 <REP> d-------- C:\Program Files\Trend Micro
2008-01-16 19:53 . 2008-01-16 19:53 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Grisoft
2008-01-16 19:52 . 2008-01-16 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 19:52 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-16 17:44 . 2008-01-16 17:44 <REP> d-------- C:\Program Files\Alwil Software
2008-01-16 09:47 . 2008-01-16 09:49 <REP> d-------- C:\Casino Riva
2008-01-15 08:48 . 2008-01-18 09:08 <REP> d-------- C:\Casino
2008-01-13 18:54 . 2008-01-13 18:54 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Saved Games
2008-01-13 18:54 . 2008-01-13 18:54 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Saved Games
2008-01-10 20:24 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-10 20:20 . 2008-01-10 20:20 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-10 19:52 . 2008-01-10 19:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-10 19:51 . 2008-01-10 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-09 17:56 . 2008-01-09 17:56 <REP> d-------- C:\WINDOWS\system32\FlashAX
2008-01-06 10:00 . 2008-01-19 14:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 10:00 . 2008-01-06 10:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 15:30 . 2008-01-14 10:45 <REP> d-------- C:\Program Files\Gold VIP Club Casino
2007-12-28 16:19 . 2007-12-28 16:19 <REP> d-------- C:\Program Files\Crazy Vegas Flash Casino
2007-12-28 15:18 . 2007-12-28 15:18 17 --a------ C:\WINDOWS\pp.enc
2007-12-28 15:13 . 2008-01-18 08:55 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microgaming
2007-12-25 17:45 . 2007-12-25 17:45 <REP> d-------- C:\Program Files\Bonjour
2007-12-25 17:44 . 2007-12-25 17:44 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-25 17:27 . 2008-01-19 14:32 23,763 --a------ C:\logfile
2007-12-25 17:25 . 2007-12-25 17:25 <REP> d-------- C:\WINDOWS\system32\BWKDLogs
2007-12-25 17:23 . 2007-12-25 17:23 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2007-12-25 17:23 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-25 17:23 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-25 17:21 . 2007-12-26 10:36 <REP> d-------- C:\Program Files\Kodak
2007-12-25 17:19 . 2007-12-25 17:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-22 20:16 . 2007-12-22 20:16 <REP> d-------- C:\Program Files\Easy Gif Animator Extension
2007-12-22 20:16 . 2007-12-22 20:16 231,872 --a------ C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_2156.exe
2007-12-22 20:14 . 2007-12-22 20:15 <REP> d-------- C:\Program Files\Easy GIF Animator

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 13:00 --------- d-----w C:\Program Files\GamesBar
2008-01-19 12:22 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
2008-01-19 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-01-18 20:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-18 20:07 --------- d-----w C:\Program Files\Gamenext
2008-01-17 15:22 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\AdobeUM
2008-01-17 12:56 --------- d-----w C:\Program Files\Incomplete
2008-01-17 12:20 --------- d-----w C:\Program Files\LimeWire
2008-01-13 15:50 --------- d-----w C:\Program Files\eMule
2008-01-11 09:20 --------- d-----w C:\Program Files\MSN Messenger
2008-01-10 19:25 --------- d-----w C:\Program Files\Windows Live
2007-12-15 20:03 --------- d-----w C:\Documents and Settings\kylie\Application Data\HPQ
2007-12-14 08:33 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2007-12-14 08:27 --------- d-----w C:\Program Files\Logitech
2007-12-14 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-09 16:17 --------- d-----w C:\Documents and Settings\kylie\Application Data\AdobeUM
2007-12-09 08:28 --------- d-----w C:\Program Files\Java
2007-12-03 13:53 482 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2007-12-03 11:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 11:58 --------- d-----w C:\Program Files\Marco Polo Mobile Navigator 2
2007-12-03 11:54 --------- d-----w C:\Program Files\Fichiers communs\Mapserv
2007-12-03 11:54 --------- d-----w C:\Program Files\Fichiers communs\GIS
2007-12-03 11:50 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-03 11:46 --------- d-----w C:\Program Files\Common Files
2007-12-03 11:46 --------- d-----w C:\Program Files\AvantGo Connect
2007-11-30 23:44 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 23:44 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 20:24 --------- d-----w C:\Documents and Settings\sabrina\Application Data\HP
2007-11-22 16:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Image Zone Express
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-06 05:54 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-02 19:15 464 ----a-w C:\Documents and Settings\sabrina\Application Data\wklnhst.dat
2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-19_14.01.53,68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-12 12:23:33 56,556 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-19 13:48:58 56,536 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-12 12:23:33 67,708 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-19 13:48:58 67,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-12-12 12:23:33 388,518 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-19 13:48:58 388,690 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-12 12:23:33 453,674 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-19 13:48:58 453,634 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 18:58 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 09:56 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 16:49 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46 147456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 18:12 183208]
"F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 18:10 740208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-10-09 11:47 492896]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-01 01:13 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

C:\Documents and Settings\kylie\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-01 00:43:29]

C:\Documents and Settings\sabrina\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-01 00:43:29]

C:\Documents and Settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-29 12:47:36]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-06 09:56:43]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 18:09]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
S1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Pack Securite\HIPS\fshs.sys [2007-04-26 18:11]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 18:07]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 18:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 18:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-15 14:19:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-26 09:26:26 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
"2008-01-19 12:44:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 14:55:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 14:57:42
ComboFix-quarantined-files.txt 2008-01-19 13:57:09
ComboFix2.txt 2008-01-19 13:03:03
.
2008-01-17 15:25:45 --- E O F ---
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses