Pub CiD => Rapport

frusciante64 Messages postés 315 Statut Membre -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,
Depuis 2 jour j'ai sans cesse des publicités intempestives nommées "CiD", j'ai essayé d'enlever ce spyware avec Ccleaner, Avast, AVG, Soybot Search & Destroy mais je continues à en recevoir. J'ai pensé à faire un rapport avec Hijackthis. Le roblème c'est que je ne sais pa ce qu'il faut fixer... Si quelqu'un aurait une idée:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\Resources\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\Resources\UberIcon\UberIcon Manager.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Resources\YzShadow\YzShadow.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [platform bind axis time] C:\Documents and Settings\All Users\Application Data\soft ref platform bind\Title vga.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [joy five] C:\DOCUME~1\COMPAQ~1\APPLIC~1\BENDOB~1\rectpeak.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\Resources\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\Resources\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\Resources\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\Resources\YzShadow\YzShadow.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Traducción - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traducir - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Ajustar la traducción - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAACE3C8-161E-4F8D-B1A0-D1ED37A2006D}: NameServer = 80.10.246.2,80.10.246.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13416 bytes

Merci d'avance.
Configuration: Windows XP
Internet Explorer 7.0

9 réponses

  1. Local temp
     
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe
    Tu es dans les répertoires temporaires avec Hijackthis, les sauvegardes vont s' effacer et si tu effaces une dll par erreur tu ne pourras pas réparer

    FIXES RIEN DESINSTALLES HIJACKTHIS REINSTALLES

    - Hijackthis - Outil de diagnostic et réparation
    télécharge HijackThis ici:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html
    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis <

    Enregistre le bien dans C : !

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif
    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    http://www.tutoriaux-excalibur.com/hijackthis.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
    0
  2. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    pour suivre
    0
  3. Local temp
     
    Désinstalles les sponsors
    http://www.commentcamarche.net/faq/sujet 5996 comment bloquer les fenetres cid
    Essaie avec navilog
    http://www.commentcamarche.net/faq/sujet 2490 popups ouverture de fenetres internet publicitaires pop up
    Surf avec FF
    http://www.commentcamarche.net/faq/sujet 4541 web eliminer totalement les publicites dans les pages web
    Avec msn, il vaut mieux utiliser Antivir au lieu de Avast
    http://www.commentcamarche.net/faq/sujet 3045 tutoriels tutoriels de logiciels
    0
  4. Local temp
     
    J' ai pas vu quel parefeu tu as, Avast et antivir demandent un parefeu supplémentaire à la place de celui de XP
    Dans Tutoriels de logiciels, il y a des parefeu, Kério ou zonalarme.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Local temp
     
    Ps, Tu as déjà lop qui te mets les fenêtres cid, avec un nouveau hijackthis après les nettoyages, tu ne devrais plus trouver dans les lignes 04 le fichier:
    rectpeak.exe
    0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    malheureusement, ça ne suffit pas à neutraliser lop !

    Télécharge ceci: (by Moe) :

    http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

    Double clic sur Lopxpsetup.exe pour lancer l'installation
    Au menu, choisir l'option 1
    Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
    Une rapport sera alors crée, à copie/colle en entier sur le forum.

    ++
    0
  8. frusciante64 Messages postés 315 Statut Membre 22
     
    Salut, merci de ta réponse. Voici le rapport:

    Rapport Lopxp fait le 19/01/2008 à 13:23:24
    Exécuté dans : C:\Program Files\Lopxp
    
    
      Killing 'iexplore.exe'
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" (836)
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" (248)
    "C:\Program Files\Internet Explorer\iexplore.exe"  (2944)
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" https://ad.zanox.com/ppc/html/ppc_error_1.html (3920)
    "C:\Program Files\Internet Explorer\iexplore.exe"  (3924)
    ___________________________________________________________________________
    
    => Tâches planifiées
    
    C:\WINDOWS\tasks\AD94CA9C90B376BC.job 
    Crée le : 16/01/2008 à 18:52
    Fichier exécuté => c:\docume~1\compaq~1\applic~1\bendob~1\hidewipeinside.exe 
    
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job 
    Crée le : 11/09/2007 à 17:07
    Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
    
    C:\WINDOWS\tasks\Gerald Depalmas - Au paradis.job 
    Crée le : 12/12/2006 à 21:36
    Fichier exécuté => C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Ma musique\Gerald Depalmas - Au paradis.mp3 
    
    C:\WINDOWS\tasks\Maintenance en 1 clic.job 
    Crée le : 15/09/2007 à 14:46
    Fichier exécuté => C:\Program Files\TuneUp Utilities 2008\OneClick.exe /schedulestart
    
    C:\WINDOWS\tasks\Muse - Starlight.job 
    Crée le : 29/11/2006 à 22:37
    Fichier exécuté => C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Ma musique\Muse - Starlight.mp3 
    
    
    ___________________________________________________________________________
    
    => Listing des dossiers Application Data
    
    +- C:\Documents and Settings\All Users\Application Data
    
    01/01/2005 19:57:22 ... Adobe -----= Adobe
    01/03/2007 11:17:46 ... ADOBES~1 --= Adobe Systems
    03/07/2007 14:46:24 ... Apple -----= Apple
    01/01/2005 19:59:07 ... APPLEC~1 --= Apple Computer
    20/02/2007 01:33:53 ... Babylon ---= Babylon
    26/02/2007 01:12:35 ... BLUEFO~1 --= Blue fork 16 deaf
    14/07/2006 19:14:18 ... BOONTY ----= BOONTY
    15/08/2006 10:28:47 ... CopyPod ---= CopyPod
    12/09/2007 16:28:10 ... CYBERL~1 --= CyberLink
    12/09/2007 12:56:41 ... DVDSHR~1 --= DVD Shrink
    13/06/2006 14:07:36 ... Google ----= Google
    03/02/2007 13:38:45 ... GOOGLE~1 --= Google Updater
    18/07/2007 17:33:53 ... Grisoft ---= Grisoft
    01/01/2005 20:25:51 ... INSTAL~1 --= InstallShield
    03/07/2007 02:27:36 ... Lavasoft --= Lavasoft
    24/08/2007 11:54:36 ... LEGACY~1 --= Legacy Interactive
    08/04/2007 21:30:52 ... LIONHE~1 --= Lionhead Studios
    31/03/2007 23:35:10 ... Logishrd --= Logishrd
    31/03/2007 23:35:00 ... Logitech --= Logitech
    13/06/2006 13:49:12 ... MESSEN~1 --= Messenger Plus!
    25/11/2004 04:25:08 ... MICROS~1 --= Microsoft
    27/02/2007 00:42:29 ... MICROS~2 --= Microsoft Corporation
    01/01/2005 20:04:12 ... Motive ----= Motive
    19/04/2007 16:17:09 ... MUVEET~1 --= muvee Technologies
    02/07/2007 23:02:07 ... NANNYM~1 --= NannyMania
    01/01/2005 19:59:11 ... QUICKT~1 --= QuickTime
    01/01/2005 19:42:48 ... SBSI ------= SBSI
    18/02/2007 22:26:24 ... Skype -----= Skype
    16/01/2008 18:51:50 ... SOFTRE~1 --= soft ref platform bind
    30/06/2006 19:53:17 ... SPYBOT~1 --= Spybot - Search & Destroy
    02/07/2007 21:34:17 ... SUPERA~1.COM --= SUPERAntiSpyware.com
    01/01/2005 20:15:40 ... Symantec --= Symantec
    24/03/2007 13:39:35 ... TEMP ------= TEMP
    06/01/2007 22:55:38 ... TUNEUP~1 --= TuneUp Software
    22/08/2006 17:07:18 ... WINDOW~1 --= Windows Genuine Advantage
    
    +- C:\Documents and Settings\Default User\Application Data
    
    13/06/2006 12:18:09 ... APPLEC~1 --= Apple Computer
    25/11/2004 04:25:34 ... IDENTI~1 --= Identities
    13/10/2007 10:01:50 ... MACROM~1 --= Macromedia
    25/11/2004 04:25:34 ... MICROS~1 --= Microsoft
    13/06/2006 12:18:09 ... SAMPLE~1 --= SampleView
    13/06/2006 12:18:09 ... Sun -------= Sun
    13/06/2006 12:18:09 ... Symantec --= Symantec
    
    +- C:\Documents and Settings\Default User\Local Settings\Application Data
    
    13/06/2006 12:18:09 ... APPLEC~1 --= Apple Computer
    13/06/2006 12:18:09 ... APPLIC~1 --= ApplicationHistory
    25/11/2004 04:25:38 ... MICROS~1 --= Microsoft
    13/06/2006 12:18:09 ... {7148F~1 --= {7148F0A6-6813-11D6-A77B-00B0D0142030}
    
    ___________________________________________________________________________
    
    => Listing du dossier ProgramFiles
    
    +- C:\Program Files
    
    25/08/2006 17:57:23 ... 1964 ------= 1964
    04/03/2007 14:13:15 ... 3BSOFT~1 --= 3B Software
    03/09/2007 18:43:59 ... ACTIVI~1 --= Activision
    01/01/2005 19:57:20 ... Adobe -----= Adobe
    02/09/2007 23:00:08 ... Adverts ---= Adverts
    28/10/2006 16:52:54 ... AGOGOA~1 --= Agogo AVI MPEG WMV RM MOV Converter
    16/08/2006 00:32:13 ... Ahead -----= Ahead
    04/11/2006 01:14:30 ... ALCOHO~2 --= Alcohol Soft
    13/06/2006 17:34:10 ... ALWILS~1 --= Alwil Software
    12/03/2007 21:09:50 ... APPLES~1 --= Apple Software Update
    26/06/2006 19:10:58 ... ArcSoft ---= ArcSoft
    22/08/2006 15:03:26 ... Atari -----= Atari
    01/01/2005 20:23:57 ... ATITEC~1 --= ATI Technologies
    14/06/2006 17:14:07 ... Audacity --= Audacity
    03/07/2007 23:18:20 ... AVVCS3~1.0 --= AV VCS 3.0
    29/06/2006 11:22:24 ... AVICOD~1 --= AVI Codec Pack
    28/10/2006 17:34:23 ... AVISYN~1.5 --= AviSynth 2.5
    03/09/2006 17:10:06 ... AVSMedia --= AVSMedia
    16/01/2008 18:50:41 ... BENDOB~1 --= Bend obj mix
    04/07/2006 20:32:59 ... BITZIP~1 --= BitZipper
    14/08/2006 16:25:40 ... BLAZEA~1 --= Blaze Audio
    01/04/2007 18:02:05 ... bobyte ----= bobyte
    05/01/2008 11:59:48 ... CAPCOM ----= CAPCOM
    05/11/2007 23:51:38 ... CATDAD~1 --= Cat Daddy Games
    02/07/2007 14:17:37 ... CCleaner --= CCleaner
    16/01/2008 18:49:57 ... CIRCLE~1 --= Circle Developement
    19/01/2008 07:43:18 ... COMMEN~1 --= CommentCaMarche
    05/07/2007 13:47:02 ... COMMON~1 --= Common Files
    16/07/2007 13:44:25 ... COMPAQ ----= COMPAQ
    24/11/2004 02:37:34 ... COMPLU~1 --= ComPlus Applications
    13/06/2006 13:12:48 ... Creative --= Creative
    12/09/2007 16:02:18 ... CYBERL~1 --= CyberLink
    23/08/2006 20:21:15 ... D-Tools ---= D-Tools
    05/07/2006 23:46:14 ... DAEMON~1 --= DAEMON Tools
    05/07/2006 10:43:03 ... directx ---= directx
    19/04/2007 16:22:52 ... DivX ------= DivX
    19/07/2006 20:11:46 ... DJSHOW~1 --= DJ show
    24/11/2007 16:22:04 ... DK --------= DK
    02/07/2007 17:34:29 ... EAGAME~1 --= EA GAMES
    01/01/2005 20:06:29 ... EASYIN~1 --= Easy Internet signup
    05/07/2006 22:53:30 ... EIDOSI~1 --= Eidos Interactive
    30/08/2007 09:08:14 ... ELCOMS~1 --= ElcomSoft
    13/06/2006 18:08:11 ... eMule -----= eMule
    09/03/2007 22:49:12 ... EOVIDE~1 --= EO Video
    14/07/2007 12:18:50 ... eoRezo ----= eoRezo
    08/02/2007 18:55:37 ... epson -----= epson
    13/06/2006 19:03:58 ... EVILLY~1 --= EvilLyrics
    25/11/2004 04:26:44 ... FICHIE~1 --= Fichiers communs
    14/08/2006 15:20:20 ... FREEAU~1 --= Free Audio Pack
    03/09/2007 19:03:11 ... GAMESP~1 --= GameSpy Arcade
    13/06/2006 14:07:34 ... Google ----= Google
    29/12/2007 02:04:46 ... GOOGLE~1 --= Google Video
    18/01/2008 22:12:30 ... Grisoft ---= Grisoft
    14/05/2007 17:20:36 ... GUITAR~2 --= Guitar Pro 5
    03/02/2007 21:13:05 ... HARDWA~1 --= HardwareDetection
    01/01/2005 20:01:47 ... HELPAN~1 --= Help and Support Additions
    23/02/2007 19:33:22 ... ImTOO -----= ImTOO
    01/01/2005 19:59:21 ... INSTAL~1 --= InstallShield Installation Information
    25/11/2004 04:27:06 ... INTERN~1 --= Internet Explorer
    01/01/2005 20:24:11 ... INTERV~1 --= InterVideo
    17/01/2008 07:42:11 ... iPod ------= iPod
    21/02/2007 15:49:59 ... ISOpen ----= ISOpen
    14/07/2007 12:18:27 ... ITSLAB~1 --= Its Label
    08/08/2007 12:03:11 ... iTunes ----= iTunes
    04/07/2006 21:54:25 ... IZArc -----= IZArc
    19/07/2007 16:48:24 ... Java ------= Java
    02/07/2006 11:41:19 ... K-LITE~1 --= K-Lite Codec Pack
    01/12/2006 16:02:44 ... LAROUS~1 --= Larousse Multimédia
    01/03/2007 01:10:01 ... Lavasoft --= Lavasoft
    08/04/2007 21:30:52 ... LIONHE~1 --= Lionhead Studios Ltd
    06/07/2006 22:16:45 ... LITEXM~1 --= LitexMedia
    26/08/2006 15:41:24 ... Logitech --= Logitech
    19/01/2008 13:21:30 ... Lopxp -----= Lopxp
    28/01/2007 01:49:33 ... LUCASA~1 --= LucasArts
    01/01/2005 20:25:28 ... MACROV~1 --= Macrovision Corp
    20/08/2006 23:37:52 ... Maxis -----= Maxis
    14/07/2006 18:07:11 ... MESJEU~1 --= Mes Jeux Téléchargés
    25/11/2004 04:27:08 ... MESSEN~1 --= Messenger
    13/07/2006 13:12:48 ... MESSEN~3 --= Messenger Plus! Live
    13/06/2006 13:44:41 ... MESSEN~2 --= MessengerPlus! 3
    01/03/2007 11:12:47 ... MI3AA1~1 --= Microsoft ActiveSync
    25/11/2004 04:27:08 ... MICROS~1 --= microsoft frontpage
    18/08/2006 17:18:57 ... MICROS~2 --= Microsoft Office
    05/11/2006 13:14:29 ... MICROS~3 --= Microsoft Visual Studio
    06/01/2008 00:30:58 ... MINDSC~1 --= Mindscape
    04/11/2006 15:24:54 ... MONTEC~1 --= Monte Cristo
    25/11/2004 04:27:16 ... MOVIEM~1 --= Movie Maker
    25/11/2004 04:27:16 ... MSN -------= MSN
    25/11/2004 04:27:30 ... MSNGAM~1 --= MSN Gaming Zone
    13/06/2006 13:41:34 ... MSNMES~1 --= MSN Messenger
    09/02/2007 16:32:23 ... MSNPIC~1 --= MSN Pictures Displayer
    16/08/2007 18:02:30 ... MSXML4~1.0 --= MSXML 4.0
    16/08/2007 18:04:41 ... MSXML6~1.0 --= MSXML 6.0
    17/07/2006 19:50:09 ... MUSKCO~1 --= MUSK Codec Pack v3
    19/04/2007 16:20:31 ... MUVEET~1 --= muvee Technologies
    17/07/2007 21:08:22 ... Navilog1 --= Navilog1
    25/11/2004 04:27:40 ... NETMEE~1 --= NetMeeting
    28/02/2007 17:00:06 ... Noopod ----= Noopod
    14/10/2007 15:23:02 ... NORTON~1.0 ----= Norton Ghost 6.0
    25/11/2004 04:27:42 ... ONLINE~1 --= Online Services
    30/06/2006 13:25:04 ... OOSOFT~1 --= OO Software
    25/11/2004 04:27:44 ... OUTLOO~1 --= Outlook Express
    01/01/2005 20:04:58 ... PC-DOC~1 --= PC-Doctor for Windows
    25/06/2006 12:48:28 ... PHOTOF~1 --= PhotoFiltre
    03/09/2006 16:07:12 ... PHOTOF~2 --= PhotoFiltre Studio
    25/11/2006 00:30:36 ... PROMT5 ----= PROMT5
    28/10/2006 17:34:17 ... PSPVID~1 --= pspvideo9
    14/06/2006 06:18:37 ... PYMCOR~1 --= Pym Corporation
    01/01/2005 19:59:11 ... QUICKT~1 --= QuickTime
    18/08/2006 18:08:41 ... Real ------= Real
    24/08/2007 11:50:45 ... REFLEX~1 --= ReflexiveArcade
    23/08/2006 20:06:47 ... REGCLE~1 --= RegCleaner
    04/07/2007 01:11:29 ... REGIST~1 --= Registry Mechanic
    29/07/2007 20:44:16 ... RIPP-I~1 --= Ripp-it_AM
    17/10/2007 20:55:12 ... SAGEM -----= SAGEM
    17/10/2007 20:55:29 ... SAGEMW~1.11G -----= SAGEM Wi-Fi USB 802.11g
    07/06/2007 22:33:38 ... Sega ------= Sega
    25/11/2004 04:27:44 ... SERVIC~1 --= Services en ligne
    25/09/2007 18:16:48 ... Shareaza --= Shareaza
    18/02/2007 22:25:10 ... Skype -----= Skype
    24/03/2007 13:39:13 ... SMARTP~1 --= SmartPCTools
    01/01/2005 19:56:08 ... Sonic -----= Sonic
    01/01/2005 19:56:08 ... SONICR~1 --= Sonic RecordNow!
    27/01/2007 22:28:00 ... Sony ------= Sony
    24/08/2006 23:05:04 ... SOUNDS~1 --= SoundSpectrum
    30/06/2006 19:53:10 ... SPYBOT~1 --= Spybot - Search & Destroy
    18/07/2007 21:49:29 ... SPYWAR~1 --= SpywareBlaster
    28/10/2006 21:34:27 ... SSI -------= SSI
    29/10/2007 10:28:18 ... Stardock --= Stardock
    02/07/2007 21:34:06 ... SUPERA~1 --= SUPERAntiSpyware
    01/01/2005 20:15:42 ... Symantec --= Symantec
    03/01/2008 20:59:29 ... THEADV~1 --= The Adventure Company
    03/02/2007 20:53:35 ... TRADUC~1 --= Traduction-online
    29/10/2006 16:19:40 ... TRIBAL~1.NET --= TribalWeb.net
    06/11/2007 15:05:19 ... Tropico ---= Tropico
    31/12/2007 17:33:39 ... TUNEUP~3 --= TuneUp Utilities 2008
    24/11/2004 02:37:46 ... UNINST~1 --= Uninstall Information
    17/06/2006 21:32:39 ... VDJ3 ------= VDJ3
    13/06/2006 21:00:13 ... VideoLAN --= VideoLAN
    14/06/2006 17:11:54 ... VIRTUA~1 --= VirtualDJ
    01/04/2007 17:41:18 ... VIRTUA~2 --= VirtualDub
    22/06/2007 16:00:38 ... VIRTUA~3 --= VirtualDub-MPEG2
    24/06/2006 10:36:44 ... vso -------= vso
    13/06/2006 12:37:09 ... Wanadoo ---= Wanadoo
    17/10/2007 18:48:40 ... WANADO~1 --= Wanadoo Messager
    03/02/2007 18:19:51 ... WEBMED~1 --= Web Media Player
    14/01/2008 21:46:03 ... WEBMED~2 --= WebMediaPlayer
    23/02/2007 19:07:14 ... WINAVI~1 --= WinAVI Video Converter
    27/06/2007 19:47:28 ... WI1F86~1 --= Windows Live
    15/12/2006 21:39:19 ... WIE5D0~1 --= Windows Live Safety Center
    09/07/2006 12:12:21 ... WINDOW~4 --= Windows Media Components
    06/01/2007 00:27:38 ... WI4DF6~1 --= Windows Media Connect 2
    25/11/2004 04:27:48 ... WINDOW~1 --= Windows Media Player
    25/11/2004 04:27:52 ... WINDOW~2 --= Windows NT
    24/11/2004 02:37:48 ... WINDOW~3 --= WindowsUpdate
    14/06/2006 06:39:55 ... WinRAR ----= WinRAR
    14/06/2006 06:20:16 ... WinZip ----= WinZip
    25/11/2004 04:28:02 ... xerox -----= xerox
    
    
    ___________________________________________________________________________
    
    => Clés registre
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "platform bind axis time"="C:\Documents and Settings\All Users\Application Data\soft ref platform bind\Title vga.exe"
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "joy five"="C:\DOCUME~1\COMPAQ~1\APPLIC~1\BENDOB~1\rectpeak.exe"
    
    
    ___________________________________________________________________________
    
    => Bloqueur popups Internet Explorer
    
    +- Liste des popups autorisés :
    
    www.pagesjaunes.fr
    host-domain-lookup.com
    www.host-domain-lookup.com
    mysearchnow.com
    www.mysearchnow.com
    
    ___________________________________________________________________________
    
    /!\  Suggestion (Nécessite une interprétation.)
    
    +- Dossiers suspects :
    
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Bend obj mix
    C:\Program Files\Bend obj mix
    C:\Program Files\Adverts
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\BitDownload
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\BitDownload\Data
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\BitDownload\Data\BackUp
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\BitDownload\Data\DataDir
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\BitDownload\Data\LgDir
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\BitDownload\Data\TmpDir
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\BitDownload\Data\BackUp\DataDir
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\BitDownload\Data\BackUp\LgDir
    C:\Program Files\Circle Developement
    
    +- Tâches planifiées suspectes :
    
    C:\WINDOWS\tasks\AD94CA9C90B376BC.job
    
    +- Registre:
    
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "platform bind axis time"=-
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "joy five"=-
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow]
    "host-domain-lookup.com"=-
    "www.host-domain-lookup.com"=-
    "mysearchnow.com"=-
    "www.mysearchnow.com"=-
    
    
    

    - Fin du rapport -
    0
  9. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    ok

    va dans :► Démarrer Exécuter

    puis copier/coller :

    "%programfiles%\Lopxp\Lopxp.bat" /Fixme ► Guillemets y compris ► très important

    puis valide,

    et poste le rapport

    stp

    0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    guard aux faux positifs ! c'est encore en teste !

    @+
    0