Virus

titish02 -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,

j'ai un gros probleme avec mon ordi j'ai des virus (trojan et adware) et spyware ,des pub intempestives aussi mon ordi rame a mort si quelqu'un peut m'aider a remettre mon ordi a neuf merci beaucoup
Configuration: Windows XP
Internet Explorer 7.0

37 réponses

  • 1
  • 2
Résumé de la discussion

Un utilisateur signale un ordinateur sous Windows XP infecté par des virus (trojan), adware et spyware, avec des publicités intempestives et des ralentissements importants nécessitant une remise à neuf. Plusieurs réponses recommandent des outils et procédures de nettoyage, notamment l’exécution du script "%programfiles%\Lopxp\Lopxp.bat" /Fixme pour générer un rapport et partager les résultats avec les éléments suspects, puis d’envisager des nettoyages supplémentaires. D'autres évoquent des méthodes complémentaires comme l'utilisation d'outils de détection GMER, des vérifications manuelles du disque et des remplacements ou réinstallations de composants problématiques, voire l'utilisation d'un hijack rapport. Certains messages mentionnent des méthodes controversées telles que des liens de téléchargement non vérifiés et des outils non vérifiés, ce qui souligne la prudence à adopter lors de la désinfection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharge ceci :

    Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

    ++
    0
  2. hugnix Messages postés 129 Date d'inscription   Statut Membre
     
    la première solution serait d'utiliser un antivirus quand tu vas sur le net :) si tu en as un fait un scan avec et détruit se qu'il a trouvé ensuite va sur www.secuser.com il va surement t'en trouver des autres, ensuite utilise ceci http://www.commentcamarche.net/telecharger/telecharger 83 ad aware 2007 free et pis ça http://www.commentcamarche.net/telecharger/telecharger 122 spybot .

    Si tu sa toujours des problèmes fait un scan avec hijackthis et poste le log ici, les plus connaisseurs pourront t'aider!
    0
  3. titish02
     
    voila le rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:00:50, on 16/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Pack Securite\FSPC\fspc.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
    C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
    O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
    O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\audio ace.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Browse wma] C:\DOCUME~1\COMPAQ~1\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
    O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharge ceci: (by Moe) :

    http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

    Double clic sur Lopxpsetup.exe pour lancer l'installation
    Au menu, choisir l'option 1
    Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
    Une rapport sera alors crée, à copie/colle en entier sur le forum.

    ++
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. titish02
     
    le voila

    Rapport Lopxp fait le 16/01/2008 à 21:35:54
    Exécuté dans : C:\Program Files\Lopxp
    
    
      Killing 'iexplore.exe'
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" (1876)
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" (2528)
    "C:\Program Files\Internet Explorer\iexplore.exe" (5972)
    ___________________________________________________________________________
    
    => Tâches planifiées
    
    C:\WINDOWS\tasks\8B2C8CAD93872489.job 
    Crée le : 15/01/2008 à 17:36
    Fichier exécuté => c:\docume~1\kylie\applic~1\liesit~1\byte stupid intra.exe 
    
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job 
    Crée le : 12/10/2007 à 19:43
    Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
    
    C:\WINDOWS\tasks\EasyShare Registration Task.job 
    Crée le : 25/12/2007 à 17:20
    Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
    
    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job 
    Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 
    
    
    ___________________________________________________________________________
    
    => Listing des dossiers Application Data
    
    +- C:\Documents and Settings\All Users\Application Data
    
    09/01/2008 07:03:06 ... ADMINI~1 --= Admin Inter 1 Mags
    01/08/2006 01:18:06 ... Adobe -----= Adobe
    03/11/2007 11:58:44 ... Ahead -----= Ahead
    12/10/2007 19:42:43 ... Apple -----= Apple
    12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
    01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
    12/10/2007 10:38:33 ... F-Secure --= F-Secure
    12/10/2007 10:27:54 ... fssg ------= fssg
    14/12/2007 13:00:59 ... GamesBar --= GamesBar
    11/10/2007 10:33:10 ... Google ----= Google
    16/01/2008 19:52:36 ... Grisoft ---= Grisoft
    01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
    01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
    25/12/2007 17:19:02 ... Kodak -----= Kodak
    14/12/2007 09:27:38 ... Logishrd --= Logishrd
    12/10/2007 19:00:47 ... Logitech --= Logitech
    21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
    13/10/2007 09:18:51 ... MGS -------= MGS
    26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
    01/08/2006 00:51:05 ... SBSI ------= SBSI
    01/08/2006 01:10:35 ... Sonic -----= Sonic
    01/08/2006 01:36:51 ... Symantec --= Symantec
    14/12/2007 13:01:57 ... TEMP ------= TEMP
    13/10/2007 14:59:50 ... UDL -------= UDL
    11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
    12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
    10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller
    
    +- C:\Documents and Settings\Default User\Application Data
    
    26/10/2005 23:34:38 ... IDENTI~1 --= Identities
    26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
    11/10/2007 10:27:31 ... Real ------= Real
    
    +- C:\Documents and Settings\Default User\Local Settings\Application Data
    
    11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
    26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
    11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
    11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    +- C:\Documents and Settings\kylie\Application Data
    
    15/10/2007 11:40:23 ... Adobe -----= Adobe
    09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
    28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
    18/10/2007 21:45:02 ... Dealio ----= Dealio
    19/10/2007 16:39:43 ... DivX ------= DivX
    13/11/2007 19:55:26 ... F-Secure --= F-Secure
    12/10/2007 20:06:28 ... Google ----= Google
    13/10/2007 12:30:04 ... HP --------= HP
    15/12/2007 21:03:11 ... HPQ -------= HPQ
    12/10/2007 20:02:23 ... IDENTI~1 --= Identities
    18/12/2007 21:23:30 ... LIESIT~1 --= Lies Itch Roam
    12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
    12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
    12/10/2007 20:02:23 ... Real ------= Real
    11/11/2007 11:04:15 ... Sonic -----= Sonic
    09/12/2007 20:55:51 ... Sun -------= Sun
    
    +- C:\Documents and Settings\kylie\Local Settings\Application Data
    
    15/10/2007 11:40:23 ... Adobe -----= Adobe
    11/11/2007 10:59:15 ... Ahead -----= Ahead
    16/10/2007 14:19:09 ... Apple -----= Apple
    12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
    12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
    12/10/2007 20:06:28 ... Google ----= Google
    09/11/2007 14:09:14 ... IDENTI~1 --= Identities
    13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
    26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
    12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
    12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
    12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    +- C:\Documents and Settings\sabrina\Application Data
    
    13/10/2007 20:21:09 ... Adobe -----= Adobe
    20/10/2007 12:15:24 ... Dealio ----= Dealio
    13/10/2007 16:24:38 ... Google ----= Google
    23/11/2007 21:24:48 ... HP --------= HP
    13/10/2007 16:19:41 ... IDENTI~1 --= Identities
    13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
    13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
    13/10/2007 16:19:41 ... Real ------= Real
    18/10/2007 11:32:51 ... Template --= Template
    
    +- C:\Documents and Settings\sabrina\Local Settings\Application Data
    
    13/10/2007 20:21:09 ... Adobe -----= Adobe
    30/10/2007 15:19:04 ... Apple -----= Apple
    13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
    13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
    13/10/2007 16:24:38 ... Google ----= Google
    23/11/2007 21:24:35 ... HP --------= HP
    23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
    13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
    13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
    13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    ___________________________________________________________________________
    
    => Listing du dossier ProgramFiles
    
    +- C:\Program Files
    
    01/08/2006 01:17:55 ... Adobe -----= Adobe
    21/10/2007 19:30:03 ... Adverts ---= Adverts
    21/10/2007 15:45:19 ... Ahead -----= Ahead
    16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
    12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
    01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
    03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
    25/12/2007 17:45:09 ... Bonjour ---= Bonjour
    18/12/2007 21:22:33 ... CIRCLE~1 --= Circle Developement
    03/12/2007 12:46:20 ... COMMON~1 --= Common Files
    20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
    28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
    01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
    18/10/2007 20:31:18 ... Dealio ----= Dealio
    16/10/2007 09:47:38 ... DivX ------= DivX
    22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
    22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
    13/10/2007 16:54:41 ... eMule -----= eMule
    13/10/2007 14:50:36 ... epson -----= epson
    26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
    14/12/2007 12:59:45 ... Gamenext --= Gamenext
    14/12/2007 13:00:06 ... GamesBar --= GamesBar
    05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
    01/08/2006 01:33:41 ... Google ----= Google
    16/01/2008 19:52:31 ... Grisoft ---= Grisoft
    01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
    01/08/2006 01:09:39 ... HP --------= HP
    18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
    20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
    01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
    26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
    01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
    12/10/2007 19:44:16 ... iPod ------= iPod
    12/10/2007 19:44:10 ... iTunes ----= iTunes
    01/08/2006 00:53:14 ... Java ------= Java
    25/12/2007 17:21:15 ... Kodak -----= Kodak
    15/01/2008 17:35:04 ... LIESIT~1 --= Lies Itch Roam
    18/10/2007 12:16:17 ... LimeWire --= LimeWire
    12/10/2007 19:00:47 ... Logitech --= Logitech
    16/01/2008 21:33:57 ... Lopxp -----= Lopxp
    03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
    26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
    03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
    13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
    26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
    01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
    10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
    01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
    26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
    26/10/2005 23:36:22 ... MSN -------= MSN
    26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
    12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
    12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
    26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
    02/11/2007 12:44:48 ... Neuf ------= Neuf
    11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
    26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
    26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
    12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
    01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
    12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
    01/08/2006 01:13:35 ... Real ------= Real
    26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
    01/08/2006 01:14:17 ... Sonic -----= Sonic
    29/10/2007 12:47:22 ... Sony ------= Sony
    01/08/2006 01:36:56 ... Symantec --= Symantec
    16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
    20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
    21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
    01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
    12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
    16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
    26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
    26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
    20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
    26/10/2005 23:37:08 ... xerox -----= xerox
    
    
    ___________________________________________________________________________
    
    => Clés registre
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "1 mags 16 more"="C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\audio ace.exe"
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Browse wma"="C:\DOCUME~1\COMPAQ~1\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe"
    
    
    ___________________________________________________________________________
    
    => Bloqueur popups Internet Explorer
    
    +- Liste des popups autorisés :
    
    www.infos-du-net.com
    216.93.188.81
    www.kaledonie.com
    fr.unibet.com
    adoption-dogo.niceboard.com
    www.commentcamarche.net
    
    ___________________________________________________________________________
    
    /!\  Suggestion (Nécessite une interprétation.)
    
    +- Dossiers suspects :
    
    C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
    C:\Documents and Settings\kylie\Application Data\Lies Itch Roam
    C:\Program Files\Lies Itch Roam
    C:\Program Files\Adverts
    C:\Program Files\Circle Developement
    
    +- Tâches planifiées suspectes :
    
    C:\WINDOWS\tasks\8B2C8CAD93872489.job
    
    +- Registre:
    
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "1 mags 16 more"=-
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Browse wma"=-
    
    
    
    

    - Fin du rapport -
    0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    très bien :

    va dans : Démarrer > Exécuter puis copier/coller :
    "%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
    puis valide, et poste le rapport stp, avec un nouveau hijack

    @+

    0
  8. titish02
     
    salut voila le rapport mais j'ai pas compris le nouveau hijack c'est koi je dois refaire un rapport avec hijack ?

    Rapport Lopxp fait le 17/01/2008 à 17:21:20
    Exécuté dans : C:\Program Files\Lopxp
    
    
    ___________________________________________________________________________
    
    => Fixme :
    
    +- Tâches planifiées :
    Supprimé : C:\WINDOWS\tasks\8B2C8CAD93872489.job
    
    +- Dossiers :
    Supprimé : C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
    Supprimé : C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
    Supprimé : C:\Documents and Settings\kylie\Application Data\Lies Itch Roam
    Supprimé : C:\Program Files\Lies Itch Roam
    Supprimé : C:\Program Files\Adverts
    Supprimé : C:\Program Files\Circle Developement
    
    +- Registre :
    Nettoyage effectué.
    
    +- Fichiers temporaires :
    Nettoyage effectué.
    
    ___________________________________________________________________________
    
    => Tâches planifiées
    
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job 
    Crée le : 12/10/2007 à 19:43
    Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
    
    C:\WINDOWS\tasks\EasyShare Registration Task.job 
    Crée le : 25/12/2007 à 17:20
    Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
    
    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job 
    Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 
    
    
    ___________________________________________________________________________
    
    => Listing des dossiers Application Data
    
    +- C:\Documents and Settings\All Users\Application Data
    
    01/08/2006 01:18:06 ... Adobe -----= Adobe
    03/11/2007 11:58:44 ... Ahead -----= Ahead
    12/10/2007 19:42:43 ... Apple -----= Apple
    12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
    01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
    12/10/2007 10:38:33 ... F-Secure --= F-Secure
    12/10/2007 10:27:54 ... fssg ------= fssg
    14/12/2007 13:00:59 ... GamesBar --= GamesBar
    11/10/2007 10:33:10 ... Google ----= Google
    16/01/2008 19:52:36 ... Grisoft ---= Grisoft
    01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
    01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
    25/12/2007 17:19:02 ... Kodak -----= Kodak
    14/12/2007 09:27:38 ... Logishrd --= Logishrd
    12/10/2007 19:00:47 ... Logitech --= Logitech
    21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
    13/10/2007 09:18:51 ... MGS -------= MGS
    26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
    01/08/2006 00:51:05 ... SBSI ------= SBSI
    01/08/2006 01:10:35 ... Sonic -----= Sonic
    01/08/2006 01:36:51 ... Symantec --= Symantec
    14/12/2007 13:01:57 ... TEMP ------= TEMP
    13/10/2007 14:59:50 ... UDL -------= UDL
    11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
    12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
    10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller
    
    +- C:\Documents and Settings\Default User\Application Data
    
    26/10/2005 23:34:38 ... IDENTI~1 --= Identities
    26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
    11/10/2007 10:27:31 ... Real ------= Real
    
    +- C:\Documents and Settings\Default User\Local Settings\Application Data
    
    11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
    26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
    11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
    11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    +- C:\Documents and Settings\kylie\Application Data
    
    15/10/2007 11:40:23 ... Adobe -----= Adobe
    09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
    28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
    18/10/2007 21:45:02 ... Dealio ----= Dealio
    19/10/2007 16:39:43 ... DivX ------= DivX
    13/11/2007 19:55:26 ... F-Secure --= F-Secure
    12/10/2007 20:06:28 ... Google ----= Google
    17/01/2008 16:52:56 ... Grisoft ---= Grisoft
    13/10/2007 12:30:04 ... HP --------= HP
    15/12/2007 21:03:11 ... HPQ -------= HPQ
    12/10/2007 20:02:23 ... IDENTI~1 --= Identities
    12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
    12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
    12/10/2007 20:02:23 ... Real ------= Real
    11/11/2007 11:04:15 ... Sonic -----= Sonic
    09/12/2007 20:55:51 ... Sun -------= Sun
    
    +- C:\Documents and Settings\kylie\Local Settings\Application Data
    
    15/10/2007 11:40:23 ... Adobe -----= Adobe
    11/11/2007 10:59:15 ... Ahead -----= Ahead
    16/10/2007 14:19:09 ... Apple -----= Apple
    12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
    12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
    12/10/2007 20:06:28 ... Google ----= Google
    09/11/2007 14:09:14 ... IDENTI~1 --= Identities
    13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
    26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
    12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
    12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
    12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    +- C:\Documents and Settings\sabrina\Application Data
    
    13/10/2007 20:21:09 ... Adobe -----= Adobe
    20/10/2007 12:15:24 ... Dealio ----= Dealio
    13/10/2007 16:24:38 ... Google ----= Google
    17/01/2008 16:45:59 ... Grisoft ---= Grisoft
    23/11/2007 21:24:48 ... HP --------= HP
    13/10/2007 16:19:41 ... IDENTI~1 --= Identities
    13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
    13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
    13/10/2007 16:19:41 ... Real ------= Real
    18/10/2007 11:32:51 ... Template --= Template
    
    +- C:\Documents and Settings\sabrina\Local Settings\Application Data
    
    13/10/2007 20:21:09 ... Adobe -----= Adobe
    30/10/2007 15:19:04 ... Apple -----= Apple
    13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
    13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
    13/10/2007 16:24:38 ... Google ----= Google
    23/11/2007 21:24:35 ... HP --------= HP
    23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
    13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
    13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
    13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    ___________________________________________________________________________
    
    => Listing du dossier ProgramFiles
    
    +- C:\Program Files
    
    01/08/2006 01:17:55 ... Adobe -----= Adobe
    21/10/2007 15:45:19 ... Ahead -----= Ahead
    16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
    12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
    01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
    03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
    25/12/2007 17:45:09 ... Bonjour ---= Bonjour
    03/12/2007 12:46:20 ... COMMON~1 --= Common Files
    20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
    28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
    01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
    18/10/2007 20:31:18 ... Dealio ----= Dealio
    16/10/2007 09:47:38 ... DivX ------= DivX
    22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
    22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
    13/10/2007 16:54:41 ... eMule -----= eMule
    13/10/2007 14:50:36 ... epson -----= epson
    26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
    14/12/2007 12:59:45 ... Gamenext --= Gamenext
    14/12/2007 13:00:06 ... GamesBar --= GamesBar
    05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
    01/08/2006 01:33:41 ... Google ----= Google
    16/01/2008 19:52:31 ... Grisoft ---= Grisoft
    01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
    01/08/2006 01:09:39 ... HP --------= HP
    18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
    20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
    01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
    26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
    01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
    12/10/2007 19:44:16 ... iPod ------= iPod
    12/10/2007 19:44:10 ... iTunes ----= iTunes
    01/08/2006 00:53:14 ... Java ------= Java
    25/12/2007 17:21:15 ... Kodak -----= Kodak
    18/10/2007 12:16:17 ... LimeWire --= LimeWire
    12/10/2007 19:00:47 ... Logitech --= Logitech
    16/01/2008 21:33:57 ... Lopxp -----= Lopxp
    03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
    26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
    03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
    13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
    26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
    01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
    10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
    01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
    26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
    26/10/2005 23:36:22 ... MSN -------= MSN
    26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
    12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
    12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
    26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
    02/11/2007 12:44:48 ... Neuf ------= Neuf
    11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
    26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
    26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
    12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
    01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
    12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
    01/08/2006 01:13:35 ... Real ------= Real
    26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
    01/08/2006 01:14:17 ... Sonic -----= Sonic
    29/10/2007 12:47:22 ... Sony ------= Sony
    01/08/2006 01:36:56 ... Symantec --= Symantec
    16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
    20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
    21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
    01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
    12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
    16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
    26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
    26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
    20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
    26/10/2005 23:37:08 ... xerox -----= xerox
    
    
    ___________________________________________________________________________
    
    => Clés registre
    
    
    ___________________________________________________________________________
    
    => Bloqueur popups Internet Explorer
    
    +- Liste des popups autorisés :
    
    www.infos-du-net.com
    216.93.188.81
    www.kaledonie.com
    fr.unibet.com
    adoption-dogo.niceboard.com
    www.commentcamarche.net
    
    ___________________________________________________________________________
    
    /!\  Suggestion (Nécessite une interprétation.)
    
    +- Dossiers suspects :
    
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
    
    
    

    - Fin du rapport -
    0
  9. titish02
     
    voila au cas ou il fallait un autre rapport hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:36:26, on 17/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
    C:\Program Files\Pack Securite\FSPC\fspc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
    C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
    O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
    O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'kylie')
    O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'kylie')
    O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'kylie')
    O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [Browse wma] C:\DOCUME~1\kylie\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe (User 'kylie')
    O4 - S-1-5-21-3752759594-2965898356-3032709857-1009 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'kylie')
    O4 - S-1-5-21-3752759594-2965898356-3032709857-1009 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'kylie')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
    O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    oui, ce bien un nouveau rapport hijack !

    refais ceci stp :

    va dans : Démarrer > Exécuter puis copier/coller :
    "%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
    puis valide, et poste le rapport stp,

    ++
    0
  11. titish02
     
    salut quand tu dis guillemets il faut que je mets ca aussi <=
    0
  12. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    non sauf ce signe "=>" ! :)

    ++
    0
  13. titish02
     
    Rapport Lopxp fait le 18/01/2008 à 19:36:34
    Exécuté dans : C:\Program Files\Lopxp
    
    
    ___________________________________________________________________________
    
    => Fixme :
    
    +- Dossiers :
    Supprimé : C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
    
    +- Fichiers temporaires :
    Nettoyage effectué.
    
    ___________________________________________________________________________
    
    => Tâches planifiées
    
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job 
    Crée le : 12/10/2007 à 19:43
    Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
    
    C:\WINDOWS\tasks\EasyShare Registration Task.job 
    Crée le : 25/12/2007 à 17:20
    Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
    
    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job 
    Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 
    
    
    ___________________________________________________________________________
    
    => Listing des dossiers Application Data
    
    +- C:\Documents and Settings\All Users\Application Data
    
    01/08/2006 01:18:06 ... Adobe -----= Adobe
    03/11/2007 11:58:44 ... Ahead -----= Ahead
    12/10/2007 19:42:43 ... Apple -----= Apple
    12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
    01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
    12/10/2007 10:38:33 ... F-Secure --= F-Secure
    12/10/2007 10:27:54 ... fssg ------= fssg
    14/12/2007 13:00:59 ... GamesBar --= GamesBar
    11/10/2007 10:33:10 ... Google ----= Google
    16/01/2008 19:52:36 ... Grisoft ---= Grisoft
    01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
    01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
    25/12/2007 17:19:02 ... Kodak -----= Kodak
    14/12/2007 09:27:38 ... Logishrd --= Logishrd
    12/10/2007 19:00:47 ... Logitech --= Logitech
    21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
    13/10/2007 09:18:51 ... MGS -------= MGS
    26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
    01/08/2006 00:51:05 ... SBSI ------= SBSI
    01/08/2006 01:10:35 ... Sonic -----= Sonic
    01/08/2006 01:36:51 ... Symantec --= Symantec
    14/12/2007 13:01:57 ... TEMP ------= TEMP
    13/10/2007 14:59:50 ... UDL -------= UDL
    11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
    12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
    10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller
    
    +- C:\Documents and Settings\Default User\Application Data
    
    26/10/2005 23:34:38 ... IDENTI~1 --= Identities
    26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
    11/10/2007 10:27:31 ... Real ------= Real
    
    +- C:\Documents and Settings\Default User\Local Settings\Application Data
    
    11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
    26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
    11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
    11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    +- C:\Documents and Settings\kylie\Application Data
    
    15/10/2007 11:40:23 ... Adobe -----= Adobe
    09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
    28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
    18/10/2007 21:45:02 ... Dealio ----= Dealio
    19/10/2007 16:39:43 ... DivX ------= DivX
    13/11/2007 19:55:26 ... F-Secure --= F-Secure
    12/10/2007 20:06:28 ... Google ----= Google
    17/01/2008 16:52:56 ... Grisoft ---= Grisoft
    13/10/2007 12:30:04 ... HP --------= HP
    15/12/2007 21:03:11 ... HPQ -------= HPQ
    12/10/2007 20:02:23 ... IDENTI~1 --= Identities
    12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
    12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
    12/10/2007 20:02:23 ... Real ------= Real
    11/11/2007 11:04:15 ... Sonic -----= Sonic
    09/12/2007 20:55:51 ... Sun -------= Sun
    
    +- C:\Documents and Settings\kylie\Local Settings\Application Data
    
    15/10/2007 11:40:23 ... Adobe -----= Adobe
    11/11/2007 10:59:15 ... Ahead -----= Ahead
    16/10/2007 14:19:09 ... Apple -----= Apple
    12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
    12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
    12/10/2007 20:06:28 ... Google ----= Google
    09/11/2007 14:09:14 ... IDENTI~1 --= Identities
    13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
    26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
    12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
    12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
    12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    +- C:\Documents and Settings\sabrina\Application Data
    
    13/10/2007 20:21:09 ... Adobe -----= Adobe
    20/10/2007 12:15:24 ... Dealio ----= Dealio
    13/10/2007 16:24:38 ... Google ----= Google
    17/01/2008 16:45:59 ... Grisoft ---= Grisoft
    23/11/2007 21:24:48 ... HP --------= HP
    13/10/2007 16:19:41 ... IDENTI~1 --= Identities
    13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
    13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
    13/10/2007 16:19:41 ... Real ------= Real
    18/10/2007 11:32:51 ... Template --= Template
    
    +- C:\Documents and Settings\sabrina\Local Settings\Application Data
    
    13/10/2007 20:21:09 ... Adobe -----= Adobe
    30/10/2007 15:19:04 ... Apple -----= Apple
    13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
    13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
    13/10/2007 16:24:38 ... Google ----= Google
    23/11/2007 21:24:35 ... HP --------= HP
    23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
    13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
    13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
    13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    ___________________________________________________________________________
    
    => Listing du dossier ProgramFiles
    
    +- C:\Program Files
    
    01/08/2006 01:17:55 ... Adobe -----= Adobe
    21/10/2007 15:45:19 ... Ahead -----= Ahead
    16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
    12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
    01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
    03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
    25/12/2007 17:45:09 ... Bonjour ---= Bonjour
    03/12/2007 12:46:20 ... COMMON~1 --= Common Files
    20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
    28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
    01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
    18/10/2007 20:31:18 ... Dealio ----= Dealio
    16/10/2007 09:47:38 ... DivX ------= DivX
    22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
    22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
    13/10/2007 16:54:41 ... eMule -----= eMule
    13/10/2007 14:50:36 ... epson -----= epson
    26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
    14/12/2007 12:59:45 ... Gamenext --= Gamenext
    14/12/2007 13:00:06 ... GamesBar --= GamesBar
    05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
    01/08/2006 01:33:41 ... Google ----= Google
    16/01/2008 19:52:31 ... Grisoft ---= Grisoft
    01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
    01/08/2006 01:09:39 ... HP --------= HP
    18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
    20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
    01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
    26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
    01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
    12/10/2007 19:44:16 ... iPod ------= iPod
    12/10/2007 19:44:10 ... iTunes ----= iTunes
    01/08/2006 00:53:14 ... Java ------= Java
    25/12/2007 17:21:15 ... Kodak -----= Kodak
    18/10/2007 12:16:17 ... LimeWire --= LimeWire
    12/10/2007 19:00:47 ... Logitech --= Logitech
    16/01/2008 21:33:57 ... Lopxp -----= Lopxp
    03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
    26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
    03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
    13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
    26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
    01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
    10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
    01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
    26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
    26/10/2005 23:36:22 ... MSN -------= MSN
    26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
    12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
    12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
    26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
    02/11/2007 12:44:48 ... Neuf ------= Neuf
    11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
    26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
    26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
    12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
    01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
    12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
    01/08/2006 01:13:35 ... Real ------= Real
    26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
    01/08/2006 01:14:17 ... Sonic -----= Sonic
    29/10/2007 12:47:22 ... Sony ------= Sony
    01/08/2006 01:36:56 ... Symantec --= Symantec
    16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
    20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
    21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
    01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
    12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
    16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
    26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
    26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
    20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
    26/10/2005 23:37:08 ... xerox -----= xerox
    
    
    ___________________________________________________________________________
    
    => Clés registre
    
    
    ___________________________________________________________________________
    
    => Bloqueur popups Internet Explorer
    
    +- Liste des popups autorisés :
    
    www.infos-du-net.com
    216.93.188.81
    www.kaledonie.com
    fr.unibet.com
    adoption-dogo.niceboard.com
    www.commentcamarche.net
    www.skyrock.com
    x3-ciity-world.skyrock.com
    
    ___________________________________________________________________________
    
    /!\  Suggestion (Nécessite une interprétation.)
    
    +- Dossiers suspects :
    
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
    
    
    

    - Fin du rapport -
    0
  14. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, tu connais ce programme : Crazy Vegas Flash Casino ??

    refais la manip avec la ligne de commande et poste le rapport stp

    ++
    0
  15. titish02
     
    je connais pas ce programme mes mon frere telecharge souvent des jeux de casino sur internet c'est peut etre ca , pourkoi
    sinon pour le reste j'ai rien compris c koi la ligne de commande
    0
  16. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    refais ceci stp :

    va dans : Démarrer > Exécuter puis copier/coller :
    "%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
    puis valide, et poste le rapport stp,

    ++
    0
  17. titish02
     
    Rapport Lopxp fait le 19/01/2008 à 12:37:24
    Exécuté dans : C:\Program Files\Lopxp
    
    
    ___________________________________________________________________________
    
    => Fixme :
    
    +- Dossiers :
    Supprimé : C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
    
    +- Fichiers temporaires :
    Nettoyage effectué.
    
    ___________________________________________________________________________
    
    => Tâches planifiées
    
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job 
    Crée le : 12/10/2007 à 19:43
    Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
    
    C:\WINDOWS\tasks\EasyShare Registration Task.job 
    Crée le : 25/12/2007 à 17:20
    Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
    
    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job 
    Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 
    
    
    ___________________________________________________________________________
    
    => Listing des dossiers Application Data
    
    +- C:\Documents and Settings\All Users\Application Data
    
    01/08/2006 01:18:06 ... Adobe -----= Adobe
    03/11/2007 11:58:44 ... Ahead -----= Ahead
    12/10/2007 19:42:43 ... Apple -----= Apple
    12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
    01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
    12/10/2007 10:38:33 ... F-Secure --= F-Secure
    12/10/2007 10:27:54 ... fssg ------= fssg
    14/12/2007 13:00:59 ... GamesBar --= GamesBar
    11/10/2007 10:33:10 ... Google ----= Google
    16/01/2008 19:52:36 ... Grisoft ---= Grisoft
    01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
    01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
    25/12/2007 17:19:02 ... Kodak -----= Kodak
    14/12/2007 09:27:38 ... Logishrd --= Logishrd
    12/10/2007 19:00:47 ... Logitech --= Logitech
    21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
    13/10/2007 09:18:51 ... MGS -------= MGS
    26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
    01/08/2006 00:51:05 ... SBSI ------= SBSI
    01/08/2006 01:10:35 ... Sonic -----= Sonic
    01/08/2006 01:36:51 ... Symantec --= Symantec
    14/12/2007 13:01:57 ... TEMP ------= TEMP
    13/10/2007 14:59:50 ... UDL -------= UDL
    11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
    12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
    10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller
    
    +- C:\Documents and Settings\Default User\Application Data
    
    26/10/2005 23:34:38 ... IDENTI~1 --= Identities
    26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
    11/10/2007 10:27:31 ... Real ------= Real
    
    +- C:\Documents and Settings\Default User\Local Settings\Application Data
    
    11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
    26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
    11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
    11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    +- C:\Documents and Settings\kylie\Application Data
    
    15/10/2007 11:40:23 ... Adobe -----= Adobe
    09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
    28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
    18/10/2007 21:45:02 ... Dealio ----= Dealio
    19/10/2007 16:39:43 ... DivX ------= DivX
    13/11/2007 19:55:26 ... F-Secure --= F-Secure
    12/10/2007 20:06:28 ... Google ----= Google
    17/01/2008 16:52:56 ... Grisoft ---= Grisoft
    13/10/2007 12:30:04 ... HP --------= HP
    15/12/2007 21:03:11 ... HPQ -------= HPQ
    12/10/2007 20:02:23 ... IDENTI~1 --= Identities
    12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
    12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
    12/10/2007 20:02:23 ... Real ------= Real
    11/11/2007 11:04:15 ... Sonic -----= Sonic
    09/12/2007 20:55:51 ... Sun -------= Sun
    
    +- C:\Documents and Settings\kylie\Local Settings\Application Data
    
    15/10/2007 11:40:23 ... Adobe -----= Adobe
    11/11/2007 10:59:15 ... Ahead -----= Ahead
    16/10/2007 14:19:09 ... Apple -----= Apple
    12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
    12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
    12/10/2007 20:06:28 ... Google ----= Google
    09/11/2007 14:09:14 ... IDENTI~1 --= Identities
    13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
    26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
    12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
    12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
    12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    +- C:\Documents and Settings\sabrina\Application Data
    
    13/10/2007 20:21:09 ... Adobe -----= Adobe
    20/10/2007 12:15:24 ... Dealio ----= Dealio
    13/10/2007 16:24:38 ... Google ----= Google
    17/01/2008 16:45:59 ... Grisoft ---= Grisoft
    23/11/2007 21:24:48 ... HP --------= HP
    13/10/2007 16:19:41 ... IDENTI~1 --= Identities
    13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
    13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
    13/10/2007 16:19:41 ... Real ------= Real
    18/10/2007 11:32:51 ... Template --= Template
    
    +- C:\Documents and Settings\sabrina\Local Settings\Application Data
    
    13/10/2007 20:21:09 ... Adobe -----= Adobe
    30/10/2007 15:19:04 ... Apple -----= Apple
    13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
    13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
    13/10/2007 16:24:38 ... Google ----= Google
    23/11/2007 21:24:35 ... HP --------= HP
    23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
    13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
    13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
    13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
    
    ___________________________________________________________________________
    
    => Listing du dossier ProgramFiles
    
    +- C:\Program Files
    
    01/08/2006 01:17:55 ... Adobe -----= Adobe
    21/10/2007 15:45:19 ... Ahead -----= Ahead
    16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
    12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
    01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
    03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
    25/12/2007 17:45:09 ... Bonjour ---= Bonjour
    03/12/2007 12:46:20 ... COMMON~1 --= Common Files
    20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
    28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
    01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
    18/10/2007 20:31:18 ... Dealio ----= Dealio
    16/10/2007 09:47:38 ... DivX ------= DivX
    22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
    22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
    13/10/2007 16:54:41 ... eMule -----= eMule
    13/10/2007 14:50:36 ... epson -----= epson
    26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
    14/12/2007 12:59:45 ... Gamenext --= Gamenext
    14/12/2007 13:00:06 ... GamesBar --= GamesBar
    05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
    01/08/2006 01:33:41 ... Google ----= Google
    16/01/2008 19:52:31 ... Grisoft ---= Grisoft
    01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
    01/08/2006 01:09:39 ... HP --------= HP
    18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
    20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
    01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
    26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
    01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
    12/10/2007 19:44:16 ... iPod ------= iPod
    12/10/2007 19:44:10 ... iTunes ----= iTunes
    01/08/2006 00:53:14 ... Java ------= Java
    25/12/2007 17:21:15 ... Kodak -----= Kodak
    18/10/2007 12:16:17 ... LimeWire --= LimeWire
    12/10/2007 19:00:47 ... Logitech --= Logitech
    16/01/2008 21:33:57 ... Lopxp -----= Lopxp
    03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
    26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
    03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
    13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
    26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
    01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
    10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
    01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
    26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
    26/10/2005 23:36:22 ... MSN -------= MSN
    26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
    12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
    12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
    26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
    02/11/2007 12:44:48 ... Neuf ------= Neuf
    11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
    26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
    26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
    12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
    01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
    12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
    01/08/2006 01:13:35 ... Real ------= Real
    26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
    01/08/2006 01:14:17 ... Sonic -----= Sonic
    29/10/2007 12:47:22 ... Sony ------= Sony
    01/08/2006 01:36:56 ... Symantec --= Symantec
    16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
    20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
    21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
    01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
    12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
    16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
    26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
    26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
    20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
    26/10/2005 23:37:08 ... xerox -----= xerox
    
    
    ___________________________________________________________________________
    
    => Clés registre
    
    
    ___________________________________________________________________________
    
    => Bloqueur popups Internet Explorer
    
    +- Liste des popups autorisés :
    
    www.infos-du-net.com
    216.93.188.81
    www.kaledonie.com
    fr.unibet.com
    adoption-dogo.niceboard.com
    www.commentcamarche.net
    www.skyrock.com
    x3-ciity-world.skyrock.com
    
    ___________________________________________________________________________
    
    /!\  Suggestion (Nécessite une interprétation.)
    
    +- Dossiers suspects :
    
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
    
    
    

    - Fin du rapport -
    0
  18. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok,

    cherche et supprime le fichier en gras :

    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam

    ensuite, poste un nouveau hijack stp

    ++

    0
  19. titish02
     
    salut
    le fichier est supprimer voila le nouveau rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:28:50, on 19/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\windows\system32\qmmzmpum.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Pack Securite\FSPC\fspc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
    C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
    O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
    O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [qmmzmpum] c:\windows\system32\qmmzmpum.exe qmmzmpum
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
    O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    0
  20. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    ++
    0
  21. titish02
     
    ComboFix 08-01-18.5 - Compaq_Propriétaire 2008-01-19 14:47:04.3 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.752 [GMT 1:00]
    Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-19 14:48 . 2008-01-19 14:48 3,220 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
    2008-01-19 13:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmpE1089.FOT
    2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp8B389.FOT
    2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp75189.FOT
    2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp4F689.FOT
    2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp48C79.FOT
    2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp01589.FOT
    2008-01-18 21:07 . 2008-01-18 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
    2008-01-17 16:52 . 2008-01-17 16:52 <REP> d-------- C:\Documents and Settings\kylie\Application Data\Grisoft
    2008-01-17 16:45 . 2008-01-17 16:45 <REP> d-------- C:\Documents and Settings\sabrina\Application Data\Grisoft
    2008-01-16 21:33 . 2008-01-19 12:46 <REP> d-------- C:\Program Files\Lopxp
    2008-01-16 19:58 . 2008-01-16 19:58 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-16 19:53 . 2008-01-16 19:53 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Grisoft
    2008-01-16 19:52 . 2008-01-16 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-16 19:52 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-16 17:44 . 2008-01-16 17:44 <REP> d-------- C:\Program Files\Alwil Software
    2008-01-16 09:47 . 2008-01-16 09:49 <REP> d-------- C:\Casino Riva
    2008-01-15 08:48 . 2008-01-18 09:08 <REP> d-------- C:\Casino
    2008-01-13 18:54 . 2008-01-13 18:54 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Saved Games
    2008-01-13 18:54 . 2008-01-13 18:54 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Saved Games
    2008-01-10 20:24 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-01-10 20:20 . 2008-01-10 20:20 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-01-10 19:52 . 2008-01-10 19:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-10 19:51 . 2008-01-10 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-09 17:56 . 2008-01-09 17:56 <REP> d-------- C:\WINDOWS\system32\FlashAX
    2008-01-06 10:00 . 2008-01-19 14:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-06 10:00 . 2008-01-06 10:00 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-05 15:30 . 2008-01-14 10:45 <REP> d-------- C:\Program Files\Gold VIP Club Casino
    2007-12-28 16:19 . 2007-12-28 16:19 <REP> d-------- C:\Program Files\Crazy Vegas Flash Casino
    2007-12-28 15:18 . 2007-12-28 15:18 17 --a------ C:\WINDOWS\pp.enc
    2007-12-28 15:13 . 2008-01-18 08:55 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microgaming
    2007-12-25 17:45 . 2007-12-25 17:45 <REP> d-------- C:\Program Files\Bonjour
    2007-12-25 17:44 . 2007-12-25 17:44 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2007-12-25 17:27 . 2008-01-19 14:32 23,763 --a------ C:\logfile
    2007-12-25 17:25 . 2007-12-25 17:25 <REP> d-------- C:\WINDOWS\system32\BWKDLogs
    2007-12-25 17:23 . 2007-12-25 17:23 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
    2007-12-25 17:23 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2007-12-25 17:23 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2007-12-25 17:21 . 2007-12-26 10:36 <REP> d-------- C:\Program Files\Kodak
    2007-12-25 17:19 . 2007-12-25 17:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
    2007-12-22 20:16 . 2007-12-22 20:16 <REP> d-------- C:\Program Files\Easy Gif Animator Extension
    2007-12-22 20:16 . 2007-12-22 20:16 231,872 --a------ C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_2156.exe
    2007-12-22 20:14 . 2007-12-22 20:15 <REP> d-------- C:\Program Files\Easy GIF Animator

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-19 13:00 --------- d-----w C:\Program Files\GamesBar
    2008-01-19 12:22 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
    2008-01-19 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
    2008-01-18 20:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-18 20:07 --------- d-----w C:\Program Files\Gamenext
    2008-01-17 15:22 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\AdobeUM
    2008-01-17 12:56 --------- d-----w C:\Program Files\Incomplete
    2008-01-17 12:20 --------- d-----w C:\Program Files\LimeWire
    2008-01-13 15:50 --------- d-----w C:\Program Files\eMule
    2008-01-11 09:20 --------- d-----w C:\Program Files\MSN Messenger
    2008-01-10 19:25 --------- d-----w C:\Program Files\Windows Live
    2007-12-15 20:03 --------- d-----w C:\Documents and Settings\kylie\Application Data\HPQ
    2007-12-14 08:33 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
    2007-12-14 08:27 --------- d-----w C:\Program Files\Logitech
    2007-12-14 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
    2007-12-09 16:17 --------- d-----w C:\Documents and Settings\kylie\Application Data\AdobeUM
    2007-12-09 08:28 --------- d-----w C:\Program Files\Java
    2007-12-03 13:53 482 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2007-12-03 11:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-03 11:58 --------- d-----w C:\Program Files\Marco Polo Mobile Navigator 2
    2007-12-03 11:54 --------- d-----w C:\Program Files\Fichiers communs\Mapserv
    2007-12-03 11:54 --------- d-----w C:\Program Files\Fichiers communs\GIS
    2007-12-03 11:50 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-12-03 11:46 --------- d-----w C:\Program Files\Common Files
    2007-12-03 11:46 --------- d-----w C:\Program Files\AvantGo Connect
    2007-11-30 23:44 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-11-30 23:44 --------- d-----w C:\Program Files\Windows Live Favorites
    2007-11-23 20:24 --------- d-----w C:\Documents and Settings\sabrina\Application Data\HP
    2007-11-22 16:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Image Zone Express
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-11-06 05:54 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-11-02 19:15 464 ----a-w C:\Documents and Settings\sabrina\Application Data\wklnhst.dat
    2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-19_14.01.53,68 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-12 12:23:33 56,556 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-19 13:48:58 56,536 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-12-12 12:23:33 67,708 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-01-19 13:48:58 67,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2007-12-12 12:23:33 388,518 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-19 13:48:58 388,690 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-12-12 12:23:33 453,674 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-19 13:48:58 453,634 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 18:58 68856]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 09:56 67128]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 16:49 307200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46 147456]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
    "F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 18:12 183208]
    "F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 18:10 740208]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
    "au"="C:\Program Files\Dealio\DealioAU.exe" [2007-10-09 11:47 492896]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-01 01:13 180269]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    C:\Documents and Settings\kylie\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-01 00:43:29]

    C:\Documents and Settings\sabrina\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-01 00:43:29]

    C:\Documents and Settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
    Outil de d‚tection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-29 12:47:36]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-06 09:56:43]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 18:09]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
    S1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Pack Securite\HIPS\fshs.sys [2007-04-26 18:11]
    S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 18:07]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 18:08]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 18:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-15 14:19:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-12-26 09:26:26 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
    - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
    "2008-01-19 12:44:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 14:55:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-19 14:57:42
    ComboFix-quarantined-files.txt 2008-01-19 13:57:09
    ComboFix2.txt 2008-01-19 13:03:03
    .
    2008-01-17 15:25:45 --- E O F ---
    0
  • 1
  • 2