01net    Web


Actuellement en ligne : 856 Utilisateurs dont 104 dans Sécurité, virus et assimilés >S'inscrire      >S'identifier      >Recherche      >Aide  
modéré par A.Ouloube, naheulbeuk, Mérillym, bibou0007, Malekal_morte, IL-MAFIOSO  
01net > Forum de 01net > Sécurité, virus et assimilés > Trojan et spywares
> Besion daide pour desinstallation de CiD Help
Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...
Auteur
Message
 
<     1       >
nenos11
  
   
      ?   @     Posté le 08/04/2008 16:31:55  
Voter pour ce message
Bonjour,

J'ai CiD Help qui ouvre des fenetres de pub sans arret. Je n'arrive pas a le desinstaller. J'ai vu sur different post qu'il faut telecharger lopremover cependant aucun lien ne marche. De plus, la desinstallation a partir d'ajout/suppression de programme ne donne rien.

j'ai donc besoin d'aide
merci

nenos11
KoTG
  Equipe Sécurité
  :-)
      ?   @     Posté le 08/04/2008 16:53:56  
Voter pour ce message
:hello: :hello:

Télécharge LopxpMH
  • Dézippe-le (clic droit >> Extraire ici).
  • Double clique sur le fichier lopxpMH.bat.
  • Poste le contenu du rapport qui va s'ouvrir.

    ;)
    • nenos11
      
       
          ?   @     Posté le 08/04/2008 21:20:59  
    Voter pour ce message
    j'ai ien telecharger et dezipper le soft; Cependant lorsque je le lance mon pc bip et une fenetre terminal s'ouvre et ce referme aussitot. 5PS je suis sous vista).

    merci
    KoTG
      Equipe Sécurité
      :-)
          ?   @     Posté le 08/04/2008 21:32:40  
    Voter pour ce message
    :hello:

    Désactive l'UAC ICI

    Puis retente.
    -->Message édité par KoTG le 08/04/2008 21:32:57<--
    nenos11
      
       
          ?   @     Posté le 09/04/2008 12:44:01  
    Voter pour ce message
    :youpi: ,merci c'etait bien l'UAC. Voici le rapport:

    Rapport lopxpMH2 version 2.0 fait à 8:40:18,67 le 09/04/2008
    G:\Users\Marc\Desktop\lopxpMH2

    ******************************************
    ## Répertoires Application Data

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\AppData

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Application Data

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Contacts

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Cookies

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Desktop

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Documents

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Local Settings\Application Data

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Menu Démarrer

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Mes documents

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Modèles

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Recent

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\SendTo

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Voisinage d'impression

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Voisinage réseau

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\{e9d5c04a-039f-4fd1-bf2f-5b1cac19f2c9}

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Windows\system32\config\systemprofile


    ******************************************
    Recherche des taches planifiées dans C:\Windows\tasks


    C:\Windows\Tasks\User_Feed_Synchronization-{B349408A-1338-423B-92FB-60C603E21A77}.job
    s  "€!Ø    9 ; ª $ C : \ W i n d o w s \ s y s t e m 3 2 \ m s f e e d s s y n c . e x e  s y n c / C : \ P r o g r a m F i l e s \ N e o S m a r t T e c h n o l o g i e s \ E a s y B C D  n e n o s " U p d a t e s o u t - o f - d a t e s y s t e m f e e d s .    0 Ø   £   0  Ø

    ******************************************
    ## Répertoires de C:\Program Files

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Program Files

    08/04/2008 12:27 <REP> .
    08/04/2008 12:27 <REP> ..
    05/09/2007 19:40 <REP> Acro Software
    03/11/2007 22:45 <REP> Adobe
    26/03/2008 21:41 <REP> AIDA32 - Personal System Information
    05/09/2007 19:37 <REP> Alwil Software
    29/11/2007 13:26 <REP> AutoCAD 2008
    29/11/2007 13:21 <REP> Autodesk
    08/04/2008 10:21 <REP> Common Files
    18/12/2006 18:49 <REP> CONEXANT
    06/09/2007 10:57 <REP> CrackWepPack
    07/04/2008 22:05 <REP> crocpopup+
    05/09/2007 19:45 <REP> CutePDF
    13/10/2007 12:35 <REP> DAEMON Tools
    03/04/2008 22:12 <REP> DivX
    25/03/2008 21:14 <REP> eMule
    06/09/2007 11:01 <REP> epson
    06/11/2007 22:35 <REP> Exercise Diary
    06/11/2007 22:35 <REP> GLD
    05/09/2007 19:14 <REP> Google
    05/09/2007 19:42 <REP> GPLGS
    26/01/2008 21:54 <REP> Hewlett-Packard
    18/12/2006 19:24 <REP> HP
    18/12/2006 19:31 <REP> HPQ
    20/03/2008 05:20 <REP> Internet Explorer
    22/03/2008 15:25 <REP> Java
    07/04/2008 20:48 <REP> Lavasoft
    06/11/2007 22:22 <REP> MassGainer
    06/09/2007 15:04 <REP> Microsoft CAPICOM 2.1.0.2
    02/11/2006 11:37 <REP> Microsoft Games
    06/09/2007 11:13 <REP> Microsoft Money
    29/11/2007 13:19 <REP> Microsoft Office
    18/12/2006 19:21 <REP> Microsoft Works
    06/09/2007 11:17 <REP> Microsoft.NET
    02/11/2006 11:42 <REP> Movie Maker
    16/10/2007 20:24 <REP> Mozilla Firefox
    02/11/2006 11:37 <REP> MSBuild
    02/11/2006 11:37 <REP> MSN
    06/09/2007 10:42 <REP> MSN Messenger
    05/09/2007 18:23 <REP> MSXML 4.0
    13/10/2007 12:55 <REP> Multi_Media
    13/10/2007 12:55 <REP> MultiMedia Toolbar
    30/03/2008 01:25 <REP> NeoSmart Technologies
    06/11/2007 22:24 <REP> nutri
    08/04/2008 12:34 <REP> Panda Security
    06/11/2007 22:36 <REP> PDF cute writer
    02/11/2006 11:37 <REP> Reference Assemblies
    15/10/2007 13:20 <REP> RocketDock
    18/12/2006 19:09 <REP> Roxio
    06/09/2007 10:26 <REP> Services en ligne
    06/09/2007 10:51 <REP> Siren
    06/09/2007 10:27 <REP> Skype
    18/12/2006 18:47 <REP> Synaptics
    06/09/2007 10:35 <REP> TweakVI
    05/09/2007 19:39 <REP> VideoLAN
    16/10/2007 13:32 <REP> VSO
    05/09/2007 18:12 <REP> WIDCOMM
    05/09/2007 19:12 <REP> Windows Calendar
    02/11/2006 11:42 <REP> Windows Collaboration
    05/09/2007 19:12 <REP> Windows Defender
    02/11/2006 11:42 <REP> Windows Journal
    06/09/2007 10:45 <REP> Windows Live
    20/03/2008 05:20 <REP> Windows Mail
    11/10/2007 04:10 <REP> Windows Media Player
    05/09/2007 17:58 <REP> Windows NT
    02/11/2006 11:42 <REP> Windows Photo Gallery
    10/01/2008 05:11 <REP> Windows Sidebar
    31/10/2007 15:13 <REP> WinRAR
    06/11/2007 22:15 <REP> WorkoutGenerator
    06/11/2007 22:26 <REP> WorkoutLogger
    0 fichier(s) 0 octets
    70 Rép(s) 74 765 934 592 octets libres

    ******************************************
    ## Popups autorisées

    * Internet Explorer

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
    www.kemule.com REG_BINARY


    * Mozilla Firefox (1 autorisé 2 interdit)

    ---------- C:\USERS\NENOS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PZOEB145.DEFAULT\HOSTPERM.1

    ******************************************
    ## Registre

    * [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
    Search Bar REG_SZ http://search.msn.fr/spbasic.htm

    ******************************************
    ## Zones de sécurité

    * HKCU Domains (4)

    * P3P History (5)

    ******************************************
    ## Recherche C:\Windows\*.htm, "C:\Windows\*.gif"


    *************** Fin du rapport ****************
    KoTG
      Equipe Sécurité
      :-)
          ?   @     Posté le 09/04/2008 12:51:26  
    Voter pour ce message
    :hello:

    Toujours UAC désactivée.

    Télécharge Lop S&D (Eric_71 & Angeldark)

    -> Choisis l'option 1 + poste le rapport.
    nenos11
      
       
          ?   @     Posté le 09/04/2008 15:08:26  
    Voter pour ce message
    voila,

    -----------------------[ Lop S&D 4.1.0-9 XP/Vista ]---------------------

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
    [ USER : nenos ] [ "C:\Lop SD" ]
    [ 09/04/2008 | 11:00:44,64 ] [ PC : PC-DE-MARC ]
    [ MAJ : 08-04-2008 | 23:37 ]
    [ UAC => 0 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [27/01/2008|17:32] C:\Users\nenos\AppData\Roaming\Adobe\..
    [27/01/2008|17:32] C:\Users\nenos\AppData\Roaming\Adobe\Flash Player
    [27/01/2008|17:32] C:\Users\nenos\AppData\Roaming\Adobe\.
    [12/12/2007|22:38] C:\Users\nenos\AppData\Roaming\Adobe\ImageReady
    [04/12/2007|15:23] C:\Users\nenos\AppData\Roaming\Adobe\Workflow
    [04/11/2007|00:41] C:\Users\nenos\AppData\Roaming\Adobe\Updater
    [03/11/2007|22:47] C:\Users\nenos\AppData\Roaming\Adobe\Color
    [03/11/2007|22:46] C:\Users\nenos\AppData\Roaming\Adobe\Photoshop
    [11/10/2007|13:32] C:\Users\nenos\AppData\Roaming\Adobe\Linguistics
    [09/10/2007|22:38] C:\Users\nenos\AppData\Roaming\Adobe\Acrobat

    [29/11/2007|13:23] C:\Users\nenos\AppData\Roaming\Autodesk\..
    [29/11/2007|13:23] C:\Users\nenos\AppData\Roaming\Autodesk\AutoCAD 2008
    [29/11/2007|13:23] C:\Users\nenos\AppData\Roaming\Autodesk\.

    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\..
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\.
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\azureus.config
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\azureus.config.bak
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\active
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\downloads.config
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\downloads.config.bak
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\tracker.config
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\tracker.config.bak
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\azureus.statistics.bak
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\azureus.statistics
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\dht
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\net
    [08/04/2008|10:21] C:\Users\nenos\AppData\Roaming\Azureus\tmp
    [08/04/2008|10:19] C:\Users\nenos\AppData\Roaming\Azureus\VuzeActivities.config
    [08/04/2008|10:19] C:\Users\nenos\AppData\Roaming\Azureus\VuzeActivities.config.bak
    [08/04/2008|10:17] C:\Users\nenos\AppData\Roaming\Azureus\torrents
    [08/04/2008|10:17] C:\Users\nenos\AppData\Roaming\Azureus\updates
    [08/04/2008|10:17] C:\Users\nenos\AppData\Roaming\Azureus\unsentdata.config.bak
    [08/04/2008|10:17] C:\Users\nenos\AppData\Roaming\Azureus\unsentdata.config
    [08/04/2008|10:17] C:\Users\nenos\AppData\Roaming\Azureus\plugins
    [08/04/2008|10:17] C:\Users\nenos\AppData\Roaming\Azureus\ipfilter.cache
    [08/04/2008|10:17] C:\Users\nenos\AppData\Roaming\Azureus\restart.bat
    [08/04/2008|10:17] C:\Users\nenos\AppData\Roaming\Azureus\update.properties
    [08/04/2008|10:16] C:\Users\nenos\AppData\Roaming\Azureus\media
    [08/04/2008|10:15] C:\Users\nenos\AppData\Roaming\Azureus\logs
    [08/04/2008|10:14] C:\Users\nenos\AppData\Roaming\Azureus\update.log
    [25/03/2008|22:41] C:\Users\nenos\AppData\Roaming\Azureus\shares
    [25/03/2008|22:41] C:\Users\nenos\AppData\Roaming\Azureus\.certs
    [25/03/2008|22:41] C:\Users\nenos\AppData\Roaming\Azureus\.keystore
    [25/03/2008|22:41] C:\Users\nenos\AppData\Roaming\Azureus\.lock

    [04/10/2007|23:27] C:\Users\nenos\AppData\Roaming\CyberLink\..
    [04/10/2007|23:27] C:\Users\nenos\AppData\Roaming\CyberLink\PowerCinema
    [04/10/2007|23:27] C:\Users\nenos\AppData\Roaming\CyberLink\.
    [04/10/2007|23:27] C:\Users\nenos\AppData\Roaming\CyberLink\PowerDVD

    [03/04/2008|22:16] C:\Users\nenos\AppData\Roaming\DivX\DivX Player
    [03/04/2008|22:16] C:\Users\nenos\AppData\Roaming\DivX\..
    [03/04/2008|22:16] C:\Users\nenos\AppData\Roaming\DivX\.
    [03/04/2008|22:15] C:\Users\nenos\AppData\Roaming\DivX\DivX Codec

    [22/03/2008|20:59] C:\Users\nenos\AppData\Roaming\Google\Local Search History
    [06/09/2007|01:13] C:\Users\nenos\AppData\Roaming\Google\..
    [06/09/2007|01:13] C:\Users\nenos\AppData\Roaming\Google\.

    [06/09/2007|10:21] C:\Users\nenos\AppData\Roaming\Hewlett-Packard\..
    [06/09/2007|10:21] C:\Users\nenos\AppData\Roaming\Hewlett-Packard\HP Software UI
    [06/09/2007|10:21] C:\Users\nenos\AppData\Roaming\Hewlett-Packard\.

    [16/09/2007|18:45] C:\Users\nenos\AppData\Roaming\HP\..
    [16/09/2007|18:45] C:\Users\nenos\AppData\Roaming\HP\QuickPlay
    [16/09/2007|18:45] C:\Users\nenos\AppData\Roaming\HP\.

    [05/09/2007|19:04] C:\Users\nenos\AppData\Roaming\Identities\..
    [05/09/2007|19:04] C:\Users\nenos\AppData\Roaming\Identities\{D9CA36F7-10DF-4D88-A913-4CC4A9F67CDF}
    [05/09/2007|19:04] C:\Users\nenos\AppData\Roaming\Identities\.

    [05/09/2007|19:46] C:\Users\nenos\AppData\Roaming\Macromedia\Flash Player
    [05/09/2007|19:46] C:\Users\nenos\AppData\Roaming\Macromedia\..
    [05/09/2007|19:46] C:\Users\nenos\AppData\Roaming\Macromedia\.

    [02/11/2006|11:37] C:\Users\nenos\AppData\Roaming\Media Center Programs\..
    [02/11/2006|11:37] C:\Users\nenos\AppData\Roaming\Media Center Programs\.

    [07/04/2008|13:20] C:\Users\nenos\AppData\Roaming\Microsoft\preuve
    [03/04/2008|15:26] C:\Users\nenos\AppData\Roaming\Microsoft\Excel
    [03/04/2008|12:56] C:\Users\nenos\AppData\Roaming\Microsoft\Word
    [23/03/2008|12:13] C:\Users\nenos\AppData\Roaming\Microsoft\Clip Organizer
    [23/03/2008|12:13] C:\Users\nenos\AppData\Roaming\Microsoft\.
    [23/03/2008|12:13] C:\Users\nenos\AppData\Roaming\Microsoft\..
    [20/12/2007|01:31] C:\Users\nenos\AppData\Roaming\Microsoft\Office
    [20/12/2007|01:31] C:\Users\nenos\AppData\Roaming\Microsoft\PowerPoint
    [26/11/2007|11:21] C:\Users\nenos\AppData\Roaming\Microsoft\Installer
    [12/11/2007|10:43] C:\Users\nenos\AppData\Roaming\Microsoft\Outlook
    [06/11/2007|10:35] C:\Users\nenos\AppData\Roaming\Microsoft\ModŠles
    [13/10/2007|21:36] C:\Users\nenos\AppData\Roaming\Microsoft\Speech
    [13/10/2007|20:29] C:\Users\nenos\AppData\Roaming\Microsoft\HTML Help
    [06/10/2007|22:56] C:\Users\nenos\AppData\Roaming\Microsoft\Crypto
    [06/10/2007|22:55] C:\Users\nenos\AppData\Roaming\Microsoft\MSN Messenger
    [25/09/2007|13:55] C:\Users\nenos\AppData\Roaming\Microsoft\Windows
    [23/09/2007|21:46] C:\Users\nenos\AppData\Roaming\Microsoft\eHome
    [22/09/2007|20:38] C:\Users\nenos\AppData\Roaming\Microsoft\Internet Explorer
    [06/09/2007|15:25] C:\Users\nenos\AppData\Roaming\Microsoft\Forms
    [06/09/2007|15:25] C:\Users\nenos\AppData\Roaming\Microsoft\Macros compl‚mentaires
    [06/09/2007|10:43] C:\Users\nenos\AppData\Roaming\Microsoft\IdentityCRL
    [06/09/2007|10:22] C:\Users\nenos\AppData\Roaming\Microsoft\CLR Security Config
    [05/09/2007|19:09] C:\Users\nenos\AppData\Roaming\Microsoft\MMC
    [05/09/2007|19:05] C:\Users\nenos\AppData\Roaming\Microsoft\SystemCertificates
    [05/09/2007|19:04] C:\Users\nenos\AppData\Roaming\Microsoft\Protect
    [05/09/2007|19:04] C:\Users\nenos\AppData\Roaming\Microsoft\Credentials

    [01/11/2007|05:00] C:\Users\nenos\AppData\Roaming\Mozilla\Firefox
    [06/09/2007|10:58] C:\Users\nenos\AppData\Roaming\Mozilla\..
    [06/09/2007|10:58] C:\Users\nenos\AppData\Roaming\Mozilla\.

    [09/04/2008|10:59] C:\Users\nenos\AppData\Roaming\nvModes.001\nvModes.001

    [20/06/2006|22:04] C:\Users\nenos\AppData\Roaming\nvModes.dat\nvModes.dat

    [29/03/2008|19:23] C:\Users\nenos\AppData\Roaming\Roxio\..
    [29/03/2008|19:23] C:\Users\nenos\AppData\Roaming\Roxio\Dragon
    [29/03/2008|19:23] C:\Users\nenos\AppData\Roaming\Roxio\.
    [04/10/2007|13:24] C:\Users\nenos\AppData\Roaming\Roxio\RoxioCentral
    [04/10/2007|13:24] C:\Users\nenos\AppData\Roaming\Roxio\RoxioCentral33

    [08/10/2007|13:50] C:\Users\nenos\AppData\Roaming\Skype\..
    [08/10/2007|13:50] C:\Users\nenos\AppData\Roaming\Skype\shared.xml
    [08/10/2007|13:50] C:\Users\nenos\AppData\Roaming\Skype\.
    [08/10/2007|13:50] C:\Users\nenos\AppData\Roaming\Skype\renceflo33
    [04/10/2007|10:05] C:\Users\nenos\AppData\Roaming\Skype\nenos11
    [01/10/2007|09:40] C:\Users\nenos\AppData\Roaming\Skype\renceflo3
    [06/09/2007|10:27] C:\Users\nenos\AppData\Roaming\Skype\shared.lck

    [28/09/2007|21:09] C:\Users\nenos\AppData\Roaming\Template\..
    [28/09/2007|21:09] C:\Users\nenos\AppData\Roaming\Template\.
    [17/02/2005|21:07] C:\Users\nenos\AppData\Roaming\Template\Normal.wpt

    [08/04/2008|09:22] C:\Users\nenos\AppData\Roaming\vlc\vlcrc
    [05/09/2007|19:40] C:\Users\nenos\AppData\Roaming\vlc\cache
    [05/09/2007|19:40] C:\Users\nenos\AppData\Roaming\vlc\..
    [05/09/2007|19:40] C:\Users\nenos\AppData\Roaming\vlc\.

    [18/01/2008|21:36] C:\Users\nenos\AppData\Roaming\Vso\ImageResizer.log
    [18/01/2008|21:36] C:\Users\nenos\AppData\Roaming\Vso\..
    [18/01/2008|21:36] C:\Users\nenos\AppData\Roaming\Vso\.
    [19/10/2006|19:54] C:\Users\nenos\AppData\Roaming\Vso\resizer_profiles.ini

    [13/10/2007|12:28] C:\Users\nenos\AppData\Roaming\WinRAR\..
    [13/10/2007|12:28] C:\Users\nenos\AppData\Roaming\WinRAR\.

    [19/06/2006|23:22] C:\Users\nenos\AppData\Roaming\wklnhst.dat\wklnhst.dat

    ----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

    [08/04/2008 16:58][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{B349408A-1338-423B-92FB-60C603E21A77}.job
    [09/04/2008 08:36][--ah-----] C:\Windows\tasks\SA.DAT
    [09/04/2008 08:35][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    ------[ Listing des dossiers dans C:\ProgramData ]------

    [07/04/2008|20:47] C:\ProgramData\.
    [07/04/2008|20:47] C:\ProgramData\..
    [03/11/2007|22:36] C:\ProgramData\Adobe
    [03/11/2007|22:49] C:\ProgramData\Adobe Systems
    [05/09/2007|17:58] C:\ProgramData\Application Data
    [29/11/2007|13:28] C:\ProgramData\Autodesk
    [05/04/2008|13:24] C:\ProgramData\Bash Dvd Hold Data
    [05/09/2007|17:58] C:\ProgramData\Bureau
    [05/09/2007|17:52] C:\ProgramData\CyberLink
    [05/09/2007|17:58] C:\ProgramData\Documents
    [06/09/2007|10:53] C:\ProgramData\eMule
    [05/09/2007|17:58] C:\ProgramData\Favoris
    [05/04/2008|13:24] C:\ProgramData\file second 16.kt08l3
    [18/12/2006|19:27] C:\ProgramData\Google
    [18/12/2006|19:40] C:\ProgramData\Hewlett-Packard
    [16/09/2007|18:45] C:\ProgramData\HP
    [18/12/2006|19:00] C:\ProgramData\InstallShield
    [07/04/2008|20:48] C:\ProgramData\Lavasoft
    [05/09/2007|17:58] C:\ProgramData\Menu D‚marrer
    [13/10/2007|20:29] C:\ProgramData\Microsoft
    [05/09/2007|17:58] C:\ProgramData\ModŠles
    [30/03/2008|22:50] C:\ProgramData\NVIDIA
    [07/04/2008|09:28] C:\ProgramData\Roxio
    [05/04/2008|13:24] C:\ProgramData\Shim the
    [06/09/2007|10:27] C:\ProgramData\Skype
    [05/04/2008|13:23] C:\ProgramData\SoftGplGpl.1701n
    [05/04/2008|13:23] C:\ProgramData\SoftGplGpl.d1qkqih
    [04/10/2007|13:24] C:\ProgramData\Sonic
    [06/09/2007|10:44] C:\ProgramData\WindowsLiveInstaller
    [06/09/2007|10:44] C:\ProgramData\WLInstaller

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [08/04/2008|12:27] C:\Program Files\.
    [08/04/2008|12:27] C:\Program Files\..
    [05/09/2007|19:40] C:\Program Files\Acro Software
    [03/11/2007|22:45] C:\Program Files\Adobe
    [26/03/2008|21:41] C:\Program Files\AIDA32 - Personal System Information
    [05/09/2007|19:37] C:\Program Files\Alwil Software
    [29/11/2007|13:26] C:\Program Files\AutoCAD 2008
    [29/11/2007|13:21] C:\Program Files\Autodesk
    [08/04/2008|10:21] C:\Program Files\Common Files
    [18/12/2006|18:49] C:\Program Files\CONEXANT
    [06/09/2007|10:57] C:\Program Files\CrackWepPack
    [07/04/2008|22:05] C:\Program Files\crocpopup+
    [05/09/2007|19:45] C:\Program Files\CutePDF
    [13/10/2007|12:35] C:\Program Files\DAEMON Tools
    [05/09/2007|19:17] C:\Program Files\desktop.ini
    [03/04/2008|22:12] C:\Program Files\DivX
    [25/03/2008|21:14] C:\Program Files\eMule
    [06/09/2007|11:01] C:\Program Files\epson
    [06/11/2007|22:35] C:\Program Files\Exercise Diary
    [05/09/2007|17:58] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [06/11/2007|22:35] C:\Program Files\GLD
    [05/09/2007|19:14] C:\Program Files\Google
    [05/09/2007|19:42] C:\Program Files\GPLGS
    [26/01/2008|21:54] C:\Program Files\Hewlett-Packard
    [18/12/2006|19:24] C:\Program Files\HP
    [18/12/2006|19:31] C:\Program Files\HPQ
    [26/01/2008|21:54] C:\Program Files\InstallShield Installation Information
    [20/03/2008|05:20] C:\Program Files\Internet Explorer
    [22/03/2008|15:25] C:\Program Files\Java
    [07/04/2008|20:48] C:\Program Files\Lavasoft
    [06/11/2007|22:22] C:\Program Files\MassGainer
    [06/09/2007|15:04] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [02/11/2006|11:37] C:\Program Files\Microsoft Games
    [06/09/2007|11:13] C:\Program Files\Microsoft Money
    [29/11/2007|13:19] C:\Program Files\Microsoft Office
    [18/12/2006|19:21] C:\Program Files\Microsoft Works
    [06/09/2007|11:17] C:\Program Files\Microsoft.NET
    [02/11/2006|11:42] C:\Program Files\Movie Maker
    [16/10/2007|20:24] C:\Program Files\Mozilla Firefox
    [02/11/2006|11:37] C:\Program Files\MSBuild
    [02/11/2006|11:37] C:\Program Files\MSN
    [06/09/2007|10:42] C:\Program Files\MSN Messenger
    [05/09/2007|18:23] C:\Program Files\MSXML 4.0
    [13/10/2007|12:55] C:\Program Files\Multi_Media
    [13/10/2007|12:55] C:\Program Files\MultiMedia Toolbar
    [30/03/2008|01:25] C:\Program Files\NeoSmart Technologies
    [06/11/2007|22:24] C:\Program Files\nutri
    [08/04/2008|12:34] C:\Program Files\Panda Security
    [06/11/2007|22:36] C:\Program Files\PDF cute writer
    [02/11/2006|11:37] C:\Program Files\Reference Assemblies
    [15/10/2007|13:20] C:\Program Files\RocketDock
    [18/12/2006|19:09] C:\Program Files\Roxio
    [06/09/2007|10:26] C:\Program Files\Services en ligne
    [06/09/2007|10:51] C:\Program Files\Siren
    [06/09/2007|10:27] C:\Program Files\Skype
    [18/12/2006|18:47] C:\Program Files\Synaptics
    [06/09/2007|10:35] C:\Program Files\TweakVI
    [02/11/2006|12:01] C:\Program Files\Uninstall Information
    [05/09/2007|19:39] C:\Program Files\VideoLAN
    [16/10/2007|13:32] C:\Program Files\VSO
    [05/09/2007|18:12] C:\Program Files\WIDCOMM
    [05/09/2007|19:12] C:\Program Files\Windows Calendar
    [02/11/2006|11:42] C:\Program Files\Windows Collaboration
    [05/09/2007|19:12] C:\Program Files\Windows Defender
    [02/11/2006|11:42] C:\Program Files\Windows Journal
    [06/09/2007|10:45] C:\Program Files\Windows Live
    [20/03/2008|05:20] C:\Program Files\Windows Mail
    [11/10/2007|04:10] C:\Program Files\Windows Media Player
    [05/09/2007|17:58] C:\Program Files\Windows NT
    [02/11/2006|11:42] C:\Program Files\Windows Photo Gallery
    [10/01/2008|05:11] C:\Program Files\Windows Sidebar
    [31/10/2007|15:13] C:\Program Files\WinRAR
    [06/11/2007|22:15] C:\Program Files\WorkoutGenerator
    [06/11/2007|22:26] C:\Program Files\WorkoutLogger

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [08/04/2008|10:21] C:\Program Files\Common Files\.
    [08/04/2008|10:21] C:\Program Files\Common Files\..
    [03/11/2007|22:42] C:\Program Files\Common Files\Adobe
    [03/11/2007|22:41] C:\Program Files\Common Files\Adobe Systems Shared
    [29/11/2007|13:26] C:\Program Files\Common Files\Autodesk Shared
    [06/11/2007|22:30] C:\Program Files\Common Files\Borland Shared
    [29/11/2007|13:19] C:\Program Files\Common Files\DESIGNER
    [29/11/2007|13:22] C:\Program Files\Common Files\InstallShield
    [18/12/2006|19:40] C:\Program Files\Common Files\Java
    [18/12/2006|19:31] C:\Program Files\Common Files\LightScribe
    [29/11/2007|13:19] C:\Program Files\Common Files\microsoft shared
    [03/04/2008|22:11] C:\Program Files\Common Files\PX Storage Engine
    [18/12/2006|19:06] C:\Program Files\Common Files\Roxio Shared
    [02/11/2006|10:18] C:\Program Files\Common Files\Services
    [18/12/2006|19:07] C:\Program Files\Common Files\Sonic Shared
    [02/11/2006|10:18] C:\Program Files\Common Files\SpeechEngines
    [18/12/2006|19:09] C:\Program Files\Common Files\SureThing Shared
    [06/09/2007|02:29] C:\Program Files\Common Files\Symantec Shared
    [06/09/2007|11:18] C:\Program Files\Common Files\System
    [07/04/2008|20:46] C:\Program Files\Common Files\Wise Installation Wizard

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\ProgramData\file second 16.kt08l3
    C:\TEMP\bisF22A.exe

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\ProgramData\Bash Dvd Hold Data
    C:\ProgramData\Bash Dvd Hold Data\Hide soft.exe
    C:\Program Files\Multi_Media
    C:\Program Files\Multi_Media\INSTALL.LOG
    C:\Windows\Prefetch\3WPLAYER.EXE-E663B82F.pf

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-09 10:58:30
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-09 11:00:49
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.115.45 85.255.112.110
    ! WAREOUT Possible !


    /!\ [Fich:65][Doss:13] C:\TEMP
    /!\ [Fich:443][Doss:1] C:\Users\nenos\AppData\Roaming\MICROS~1\Windows\Cookies
    /!\ [Fich:2729][Doss:4] C:\Users\nenos\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

    [ UAC => 1 ]

    --------------------[ Fin du rapport a 11:05:27,95 ]----------------------
    KoTG
      Equipe Sécurité
      :-)
          ?   @     Posté le 09/04/2008 15:10:36  
    Voter pour ce message
    A vrai dire tu ne semble pas infecté par LOP !

    Télécharge HijackThis (Merjin) et installe-le.
  • Renomme-le en Scanner.
  • Ferme toutes les fenêtres.
  • Cliques sur « Do a system Scan Only and Save a Logfile »
  • Un rapport apparaît à l’écran.
  • Copie/Colle l’ensemble du rapport ici.
    • nenos11
      
       
          ?   @     Posté le 09/04/2008 15:24:19  
    Voter pour ce message
    je suis bien infecté par CiD Help.

    Merci encore, ci-dessous le rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:20:19, on 09/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\ehome\ehmsas.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cheznoo.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [Book Barb] "C:\ProgramData\SoftGplGpl.1701n"
    O4 - HKCU\..\Run: [hold data mags move] "C:\ProgramData\file second 16.kt08l3"
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CCS\Services\Tcpip\..\{973DCBE0-3982-4D42-A8D5-2B986C0C128C}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110
    O17 - HKLM\System\CS1\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110
    O17 - HKLM\System\CS2\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11733 bytes
    KoTG
      Equipe Sécurité
      :-)
          ?   @     Posté le 09/04/2008 15:35:02  
    Voter pour ce message
    Tu n'es pas infecté par LOP mais pas WareOut ! :p

    Télécharge FixWareout LonnyRJones
    - Lance le fix : clique sur Next, puis Install, et assure toi que Run fixit est activé puis clique sur Finish.
    - Le fix va commencer, suis les messages à l´écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c´est normal.
    Enfin, poste le contenu de C:\fixwareout\report.txt.

    - Clique sur Démarrer > exécuter > tape : Cmd > OK.
    - Dans la fenêtre noire > tape : ipconfig /flushdns > appuie sur la touche Entrée.
    - Vas dans démarrer/panneau de configuration et choisis connexions réseaux.
    - Fais un clic droit sur l'icône correspondant à ta connexion réseau internet
    - Puis choisis propriétés
    - Doubles-cliques sur protocole TCP/IP
    - Dans l'onglet général, vérifies qu'est coché "obtenir une adresse IP automatiquement"
    - Valides 2 fois par OK
    - Redémarres ton ordinateur

    + nouveau log HijackThis.

    ;)
    -->Message édité par KoTG le 09/04/2008 15:36:10<--
    nenos11
      
       
          ?   @     Posté le 09/04/2008 16:13:08  
    Voter pour ce message
    merci encore pour ton aide mais fixwareout n'est pas compatible avec vista;

    Que faire ?
    KoTG
      Equipe Sécurité
      :-)
          ?   @     Posté le 09/04/2008 17:54:32  
    Voter pour ce message
    Alors là ! Je ne sais pas. Je vais demander à d'autres helpers ce qu'ils en pensent ;)
    KoTG
      Equipe Sécurité
      :-)
          ?   @     Posté le 09/04/2008 18:17:08  
    Voter pour ce message
    :hello: :hello:

    Télécharge SmitfraudFix (S!Ri)
  • Décompresse-le sur le bureau (clic droit >> Extraire ici).
  • Ouvre le dossier et lance Smitfraudix.(cmd)
  • Choisis l'option 5.
  • Patiente durant l'analyse, enregistre le rapport et poste son contenu.
    • nenos11
      
       
          ?   @     Posté le 10/04/2008 13:07:35  
    Voter pour ce message
    j'ai bien telecharger smitfraudfix cpendant, impossible de lancer l'exe, j'obtient le message suivant:

    une reference a ete envoyée au serveur ??

    merci
    KoTG
      Equipe Sécurité
      :-)
          ?   @     Posté le 10/04/2008 13:46:32  
    Voter pour ce message
    Tu dois double cliquer sur Smitfraudix.(cmd).

    Il n'y a pas de .exe
    nenos11
      
       
          ?   @     Posté le 10/04/2008 17:05:12  
    Voter pour ce message
    Tu as raison voila le rapport:

    SmitFraudFix v2.311

    Scan done at 13:02:47,21, 10/04/2008
    Run from G:\Users\Marc\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6000] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

    Description: Connexion réseau Intel(R) PRO/1000 PL #2
    DNS Server Search Order: 198.165.90.5
    DNS Server Search Order: 198.165.90.6

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5FCDD349-9889-447E-80EE-62EA17860C10}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EE84D76-CB57-4596-9EC3-F4C4BC367247}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{973DCBE0-3982-4D42-A8D5-2B986C0C128C}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: DhcpNameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5FCDD349-9889-447E-80EE-62EA17860C10}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8EE84D76-CB57-4596-9EC3-F4C4BC367247}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{973DCBE0-3982-4D42-A8D5-2B986C0C128C}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: DhcpNameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{5FCDD349-9889-447E-80EE-62EA17860C10}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{8EE84D76-CB57-4596-9EC3-F4C4BC367247}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{973DCBE0-3982-4D42-A8D5-2B986C0C128C}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: DhcpNameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.45 85.255.112.110
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.45 85.255.112.110
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.45 85.255.112.110

    »»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

    Description: Connexion réseau Intel(R) PRO/1000 PL #2
    DNS Server Search Order: 198.165.90.5
    DNS Server Search Order: 198.165.90.6

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5FCDD349-9889-447E-80EE-62EA17860C10}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EE84D76-CB57-4596-9EC3-F4C4BC367247}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{973DCBE0-3982-4D42-A8D5-2B986C0C128C}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: DhcpNameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5FCDD349-9889-447E-80EE-62EA17860C10}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8EE84D76-CB57-4596-9EC3-F4C4BC367247}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{973DCBE0-3982-4D42-A8D5-2B986C0C128C}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: DhcpNameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{5FCDD349-9889-447E-80EE-62EA17860C10}: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{8EE84D76-CB57-4596-9EC3-F4C4BC367247}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{973DCBE0-3982-4D42-A8D5-2B986C0C128C}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: DhcpNameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: NameServer=85.255.115.45,85.255.112.110
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.45 85.255.112.110
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.45 85.255.112.110
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=198.165.90.5 198.165.90.6
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.45 85.255.112.110

    KoTG
      Equipe Sécurité
      :-)
          ?   @     Posté le 10/04/2008 19:27:00  
    Voter pour ce message
    Poste un nouveau rapport HijackThis. ;)
    nenos11
      
       
          ?   @     Posté le 11/04/2008 15:57:13  
    Voter pour ce message
    voici le noueau rapport HJT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:54:46, on 11/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cheznoo.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [Book Barb] "C:\ProgramData\SoftGplGpl.1701n"
    O4 - HKCU\..\Run: [hold data mags move] "C:\ProgramData\file second 16.kt08l3"
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CCS\Services\Tcpip\..\{973DCBE0-3982-4D42-A8D5-2B986C0C128C}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A5FDA110-BA42-43B1-8861-09F7FCA6D96D}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110
    O17 - HKLM\System\CS1\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110
    O17 - HKLM\System\CS2\Services\Tcpip\..\{24BD558E-C2D0-46F2-BDBA-8A763F7D737A}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11558 bytes
    nenos11
      
       
          ?   @     Posté le 14/04/2008 15:28:12  
    Voter pour ce message
    Avez vous une idée d'apres le dernier rapport ci dessus ??
    KoTG
      Equipe Sécurité
      :-)
          ?   @     Posté le 15/04/2008 12:38:27  
    Voter pour ce message
    :hello:

    Passe à l'option 2 de LOP S&D et poste le rapport ;)

    Ensuite,

    Télécharge LopxpMH
  • Dézippe-le (clic droit >> Extraire ici).
  • Double clique sur le fichier lopxpMH.bat.
  • Poste le contenu du rapport qui va s'ouvrir.

    + nouveau rapport HijackThis.
    • nenos11
      
       
          ?   @     Posté le 16/04/2008 21:27:15  
    Voter pour ce message
    Re,

    L'option 2 de lop s&d ne semble pas fonctionner en effet, il reste bloqué sur Suppression en cours, çafait deja 15 min que ça tourne. Snif......

    Ci-dessous le rapport LopMH2:

    Rapport lopxpMH2 version 2.0 fait à 17:23:19,70 le 16/04/2008
    G:\Users\Marc\Desktop\lopxpMH2

    ******************************************
    ## Répertoires Application Data

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\AppData

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est AA46-7D3D

    Répertoire de C:\Users\nenos\Application Data

    Le volume dans le lecteur C s'appelle WINDOWS
    Le numéro de série du volume est A