fenêtres IE intempestives
Forum Sécurité - Virus : fenêtres IE intempestives
Bonjour, des fenêtres IE intempestives de publicité s'ouvrent sur mon PC. J'ai fait un scan Hijackthis et voici le rapport.
Est-ce que quelqu'un peut m'aider?
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:06, on 02.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\QuickHelp2\QuickHelp.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Alexandre\Program Files\DNA\btdna.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickHelp2_McciTrayApp] "C:\Program Files\QuickHelp2\QuickHelp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Alexandre\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [find soft] "C:\ProgramData\wma internet internet.ny9uw"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\mpeg owns each.bc0ve"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/re [...] den-us.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://de.bluewin.ch/services/secu [...] /fscax.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.ch/ImageUploader4.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - C:\Program Files\WebDrive\wdService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 14685 bytes
Salut,
Tu es infecté par Lop.
- Désactive l'UAC le temps de la désinfection.
- Télécharge Lop S&D sur ton Bureau.
- Double-clique dessus pour lancer l'installation.
- Clique droit sur le raccourci Lop S&D présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.
- Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .
- Patiente jusqu'à la fin du scan.
- Poste le rapport généré (C:\lopR.txt).
Message édité par Destrio5 le 02-11-2008 à 18:17:25
Salut,
Merci beaucoup pour ton aide!
Voici le rapport généré par LopSD:
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Professionnel ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Alexandre ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:139 Go (Free:16 Go)
D:\ (USB)
E:\ (USB)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 03.11.2008| 7:03 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[25.11.2007|16:43] C:\Users\ALEXAN~1\AppData\Local\Adobe
[05.01.2008|11:49] C:\Users\ALEXAN~1\AppData\Local\Ahead
[20.11.2007|21:03] C:\Users\ALEXAN~1\AppData\Local\Apple
[16.08.2008|10:48] C:\Users\ALEXAN~1\AppData\Local\Apple Computer
[20.11.2007|17:32] C:\Users\ALEXAN~1\AppData\Local\Application Data
[30.07.2007|13:22] C:\Users\ALEXAN~1\AppData\Local\d3d9caps.dat
[31.10.2008|11:39] C:\Users\ALEXAN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[16.06.2008|16:27] C:\Users\ALEXAN~1\AppData\Local\DNA
[23.06.2008|16:07] C:\Users\ALEXAN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[18.08.2008|16:45] C:\Users\ALEXAN~1\AppData\Local\Google
[20.11.2007|17:32] C:\Users\ALEXAN~1\AppData\Local\Historique
[03.11.2008|06:58] C:\Users\ALEXAN~1\AppData\Local\IconCache.db
[11.08.2008|12:27] C:\Users\ALEXAN~1\AppData\Local\Microsoft
[31.07.2007|10:32] C:\Users\ALEXAN~1\AppData\Local\Microsoft Help
[31.10.2008|20:30] C:\Users\ALEXAN~1\AppData\Local\Mozilla
[02.12.2007|12:11] C:\Users\ALEXAN~1\AppData\Local\My Games
[31.07.2007|10:35] C:\Users\ALEXAN~1\AppData\Local\Seven Zip
[22.11.2007|14:53] C:\Users\ALEXAN~1\AppData\Local\Sony Corporation
[03.11.2008|07:02] C:\Users\ALEXAN~1\AppData\Local\Temp
[20.11.2007|17:32] C:\Users\ALEXAN~1\AppData\Local\Temporary Internet Files
[20.11.2007|21:25] C:\Users\ALEXAN~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[20.11.2007 19:04][--a------] C:\Windows\tasks\McDefragTask.job
[20.11.2007 19:04][--a------] C:\Windows\tasks\McQcTask.job
[03.11.2008 06:59][--ah-----] C:\Windows\tasks\SA.DAT
[03.11.2008 06:58][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[05.10.2008|13:01] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[23.06.2008|15:00] C:\ProgramData\Adobe
[20.12.2007|18:20] C:\ProgramData\Age of Empires 3
[20.11.2007|21:01] C:\ProgramData\Apple
[20.11.2007|21:19] C:\ProgramData\Apple Computer
[02.11.2006|14:02] C:\ProgramData\Application Data
[30.07.2007|10:25] C:\ProgramData\Bureau
[02.11.2006|14:02] C:\ProgramData\Desktop
[02.11.2006|14:02] C:\ProgramData\Documents
[25.06.2008|08:14] C:\ProgramData\DVD Shrink
[31.10.2008|11:36] C:\ProgramData\each new axis love
[30.07.2007|10:25] C:\ProgramData\Favoris
[02.11.2006|14:02] C:\ProgramData\Favorites
[04.07.2008|13:46] C:\ProgramData\FLEXnet
[31.07.2007|10:42] C:\ProgramData\Google
[31.10.2008|11:36] C:\ProgramData\Kind creative 01
[24.10.2008|07:48] C:\ProgramData\McAfee
[30.07.2007|10:25] C:\ProgramData\Menu D‚marrer
[31.10.2008|20:38] C:\ProgramData\Microsoft
[06.01.2008|11:14] C:\ProgramData\Microsoft Help
[30.07.2007|10:25] C:\ProgramData\ModŠles
[16.01.2008|14:26] C:\ProgramData\Motive
[31.10.2008|11:36] C:\ProgramData\mpeg owns each.bc0ve
[05.07.2008|16:21] C:\ProgramData\Roxio
[02.10.2008|05:51] C:\ProgramData\SiteAdvisor
[20.11.2007|16:41] C:\ProgramData\Skype
[20.11.2007|16:39] C:\ProgramData\Sonic
[31.07.2007|10:40] C:\ProgramData\Sony
[22.11.2007|14:52] C:\ProgramData\Sony Corporation
[02.11.2006|14:02] C:\ProgramData\Start Menu
[23.11.2007|09:23] C:\ProgramData\Symantec
[02.11.2006|14:02] C:\ProgramData\Templates
[20.11.2007|16:45] C:\ProgramData\VAIO Media Platform
[26.09.2008|10:55] C:\ProgramData\WebDrive
[31.10.2008|11:35] C:\ProgramData\wma internet internet.ny9uw
[31.10.2008|11:35] C:\ProgramData\wma internet internet.osvss91
[31.10.2008|11:34] C:\ProgramData\wma internet internet.ub0wh
--------------------\\ Listing des dossiers dans C:\Program Files
[06.01.2008|11:24] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[05.07.2008|17:14] C:\Program Files\Adobe
[19.06.2008|14:19] C:\Program Files\AGEIA Technologies
[05.01.2008|11:15] C:\Program Files\Ahead
[31.07.2007|08:31] C:\Program Files\Apoint
[15.08.2008|16:10] C:\Program Files\Apple Software Update
[20.11.2007|16:37] C:\Program Files\ArcSoft
[18.09.2008|13:05] C:\Program Files\Audacity 1.3 Beta (Unicode)
[09.10.2008|13:22] C:\Program Files\BitTorrent
[16.01.2008|13:57] C:\Program Files\bluewin
[14.09.2008|13:47] C:\Program Files\Bonjour
[03.04.2008|15:42] C:\Program Files\Canon
[28.10.2008|09:24] C:\Program Files\Common Files
[31.07.2007|08:30] C:\Program Files\CONEXANT
[01.09.2008|08:45] C:\Program Files\DivX
[16.06.2008|16:27] C:\Program Files\DNA
[06.06.2008|19:34] C:\Program Files\DVD Shrink
[30.07.2007|10:25] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20.11.2007|20:34] C:\Program Files\Finale 2003
[02.12.2007|11:03] C:\Program Files\Firaxis Games
[19.08.2008|13:39] C:\Program Files\Free Audio Pack
[06.06.2008|19:48] C:\Program Files\freestar
[05.08.2008|11:24] C:\Program Files\GALLIMAR
[18.08.2008|16:44] C:\Program Files\Google
[31.07.2007|10:42] C:\Program Files\Google BAE
[27.10.2008|17:34] C:\Program Files\Gpotato.eu
[31.10.2008|19:00] C:\Program Files\InstallShield Installation Information
[30.07.2007|13:27] C:\Program Files\Intel
[14.09.2008|16:51] C:\Program Files\Internet Explorer
[20.11.2007|16:51] C:\Program Files\InterVideo
[05.10.2008|13:01] C:\Program Files\iPod
[05.10.2008|13:01] C:\Program Files\iTunes
[24.06.2008|18:49] C:\Program Files\iWizz
[27.04.2008|15:18] C:\Program Files\IZArc
[28.07.2008|09:25] C:\Program Files\Java
[22.11.2007|15:23] C:\Program Files\LitexMedia
[29.10.2008|13:29] C:\Program Files\McAfee
[20.11.2007|18:53] C:\Program Files\McAfee.com
[20.11.2007|19:25] C:\Program Files\Microsoft ActiveSync
[20.12.2007|18:00] C:\Program Files\Microsoft Games
[06.01.2008|11:14] C:\Program Files\Microsoft Office
[31.07.2007|10:38] C:\Program Files\Microsoft SQL Server
[06.01.2008|11:14] C:\Program Files\Microsoft Works
[31.10.2008|20:40] C:\Program Files\Microsoft.NET
[29.06.2008|17:20] C:\Program Files\Monkey's Audio
[14.09.2008|16:51] C:\Program Files\Movie Maker
[03.11.2008|07:02] C:\Program Files\Mozilla Firefox
[02.11.2006|13:37] C:\Program Files\MSBuild
[30.07.2007|13:06] C:\Program Files\MSXML 4.0
[21.03.2008|11:10] C:\Program Files\Picasa2
[16.01.2008|14:26] C:\Program Files\QuickHelp2
[14.09.2008|13:46] C:\Program Files\QuickTime
[27.01.2008|10:43] C:\Program Files\Real
[02.11.2006|13:37] C:\Program Files\Reference Assemblies
[20.11.2007|16:39] C:\Program Files\Roxio
[19.06.2008|14:02] C:\Program Files\Sierra Entertainment
[31.07.2007|08:42] C:\Program Files\SigmaTel
[24.10.2008|07:56] C:\Program Files\SiteAdvisor
[20.11.2007|16:41] C:\Program Files\Skype
[20.11.2007|20:35] C:\Program Files\SmartMusic
[20.11.2007|17:00] C:\Program Files\Sony
[02.11.2008|11:27] C:\Program Files\Trend Micro
[02.11.2006|14:01] C:\Program Files\Uninstall Information
[22.10.2008|15:54] C:\Program Files\VideoLAN
[26.09.2008|10:53] C:\Program Files\WebDrive
[31.07.2007|08:49] C:\Program Files\WIDCOMM
[29.06.2008|17:16] C:\Program Files\Winamp
[14.09.2008|16:51] C:\Program Files\Windows Calendar
[14.09.2008|16:51] C:\Program Files\Windows Collaboration
[14.09.2008|16:50] C:\Program Files\Windows Defender
[14.09.2008|16:51] C:\Program Files\Windows Journal
[15.10.2008|16:30] C:\Program Files\Windows Mail
[14.09.2008|16:51] C:\Program Files\Windows Media Player
[30.07.2007|10:25] C:\Program Files\Windows NT
[14.09.2008|16:51] C:\Program Files\Windows Photo Gallery
[14.09.2008|16:51] C:\Program Files\Windows Sidebar
[10.02.2008|12:00] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[23.06.2008|15:02] C:\Program Files\Common Files\Adobe
[05.01.2008|11:14] C:\Program Files\Common Files\Ahead
[14.09.2008|13:46] C:\Program Files\Common Files\Apple
[31.07.2007|10:34] C:\Program Files\Common Files\DESIGNER
[28.10.2008|09:24] C:\Program Files\Common Files\INCA Shared
[20.11.2007|16:37] C:\Program Files\Common Files\InstallShield
[20.11.2007|16:51] C:\Program Files\Common Files\InterVideo
[31.07.2007|10:44] C:\Program Files\Common Files\Java
[31.03.2008|14:05] C:\Program Files\Common Files\Macrovision Shared
[06.06.2008|12:55] C:\Program Files\Common Files\McAfee
[31.10.2008|20:40] C:\Program Files\Common Files\microsoft shared
[27.10.2008|18:43] C:\Program Files\Common Files\Motive
[31.07.2007|10:40] C:\Program Files\Common Files\PX Storage Engine
[27.01.2008|10:43] C:\Program Files\Common Files\Real
[20.11.2007|16:39] C:\Program Files\Common Files\Roxio Shared
[02.11.2006|12:18] C:\Program Files\Common Files\Services
[20.11.2007|16:41] C:\Program Files\Common Files\Skype
[20.11.2007|16:39] C:\Program Files\Common Files\Sonic Shared
[20.11.2007|16:45] C:\Program Files\Common Files\Sony Shared
[02.11.2006|12:18] C:\Program Files\Common Files\SpeechEngines
[23.11.2007|09:23] C:\Program Files\Common Files\Symantec Shared
[14.09.2008|16:50] C:\Program Files\Common Files\System
[19.06.2008|14:19] C:\Program Files\Common Files\Wise Installation Wizard
[27.01.2008|10:43] C:\Program Files\Common Files\xing shared
--------------------\\ Process
( 86 Processes )
iexplore.exe ~ [PID:2040]
iexplore.exe ~ [PID:4424]
--------------------\\ Recherche avec S_Lop
C:\ProgramData\mpeg owns each.bc0ve
C:\ProgramData\wma internet internet.ny9uw
C:\ProgramData\wma internet internet.ub0wh
C:\ProgramData\wma internet internet.osvss91
C:\Users\ALEXAN~1\AppData\Local\Temp\bis408B.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\bis4472.exe
C:\ProgramData\KINDCR~1
C:\ProgramData\KINDCR~1\FREEWAIT.exe
C:\ProgramData\KINDCR~1\sbamsvmv.exe
C:\ProgramData\KINDCR~1\wpkoxvbf.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\ProgramData\Each New Axis Love
C:\ProgramData\Each New Axis Love\Up Bait.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\minime.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\HtmlControl.dll
C:\Users\ALEXAN~1\AppData\Local\Temp\codec_dv.bmp
C:\Users\ALEXAN~1\AppData\Local\Temp\nsb3E6D.tmp
C:\Users\ALEXAN~1\AppData\Local\Temp\nsm3E5D.tmp
C:\Users\ALEXAN~1\AppData\Local\Temp\nsq436B.tmp
C:\Users\ALEXAN~1\AppData\Local\Temp\nsq436C.tmp
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LinkThirdItch]
"DisplayName"="CiD Help"
"UninstallString"="C:\\PROGRA~2\\KINDCR~1\\FREEWAIT.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"axis love poll lite"="\"C:\\ProgramData\\mpeg owns each.bc0ve\""
"find soft"="\"C:\\ProgramData\\wma internet internet.ny9uw\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 07:03:46
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\ALEXAN~1\AppData\Local\Temp\Temp1_crack.zip
C:\Users\ALEXAN~1\AppData\Local\Temp\Temp1_crack.zip\cep2reg.exe
[F:2917][D:123]-> C:\Users\ALEXAN~1\AppData\Local\Temp
[F:13][D:1]-> C:\Users\ALEXAN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:34][D:92]-> C:\Users\ALEXAN~1\AppData\Local\MICROS~2\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 03.11.2008| 7:05 - Option : [1]
--------------------\\ Fin du rapport a 7:05:40
[ UAC => 1 ]
- Relance Lop S&D en administrateur.
- Choisis cette fois-ci l'option 2 (Suppression).
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt).
Salut,
Voici le rapport Lop SD avec l'option 2:
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Professionnel ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Alexandre ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:139 Go (Free:16 Go)
D:\ (USB)
E:\ (USB)
F:\ (CD or DVD)
G:\ (Local Disk) - FAT32 - Total:111 Go (Free:7 Go)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 03.11.2008|19:39 )
[ UAC => 0 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\ProgramData\Each New Axis Love\Up Bait.exe
Supprime! - C:\Users\ALEXAN~1\AppData\Local\Temp\minime.exe
Supprime! - C:\Users\ALEXAN~1\AppData\Local\Temp\HtmlControl.dll
Supprime! - C:\Users\ALEXAN~1\AppData\Local\Temp\codec_dv.bmp
Supprime! - C:\Users\ALEXAN~1\AppData\Local\Temp\nsb3E6D.tmp
Supprime! - C:\Users\ALEXAN~1\AppData\Local\Temp\nsm3E5D.tmp
Supprime! - C:\Users\ALEXAN~1\AppData\Local\Temp\nsq436B.tmp
Supprime! - C:\Users\ALEXAN~1\AppData\Local\Temp\nsq436C.tmp
Supprime! - C:\ProgramData\mpeg owns each.bc0ve
Supprime! - C:\ProgramData\wma internet internet.ny9uw
Supprime! - C:\ProgramData\wma internet internet.ub0wh
Supprime! - C:\ProgramData\wma internet internet.osvss91
Supprime! - C:\Users\ALEXAN~1\AppData\Local\Temp\bis408B.exe
Supprime! - C:\Users\ALEXAN~1\AppData\Local\Temp\bis4472.exe
Supprime! - C:\ProgramData\KINDCR~1\FREEWAIT.exe
Supprime! - C:\ProgramData\KINDCR~1\sbamsvmv.exe
Supprime! - C:\ProgramData\KINDCR~1\wpkoxvbf.exe
Supprime! - C:\ProgramData\Each New Axis Love
Supprime! - C:\ProgramData\KINDCR~1
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[25.11.2007|16:43] C:\Users\ALEXAN~1\AppData\Local\Adobe
[05.01.2008|11:49] C:\Users\ALEXAN~1\AppData\Local\Ahead
[20.11.2007|21:03] C:\Users\ALEXAN~1\AppData\Local\Apple
[16.08.2008|10:48] C:\Users\ALEXAN~1\AppData\Local\Apple Computer
[20.11.2007|17:32] C:\Users\ALEXAN~1\AppData\Local\Application Data
[30.07.2007|13:22] C:\Users\ALEXAN~1\AppData\Local\d3d9caps.dat
[03.11.2008|10:40] C:\Users\ALEXAN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[16.06.2008|16:27] C:\Users\ALEXAN~1\AppData\Local\DNA
[23.06.2008|16:07] C:\Users\ALEXAN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[18.08.2008|16:45] C:\Users\ALEXAN~1\AppData\Local\Google
[20.11.2007|17:32] C:\Users\ALEXAN~1\AppData\Local\Historique
[03.11.2008|18:42] C:\Users\ALEXAN~1\AppData\Local\IconCache.db
[11.08.2008|12:27] C:\Users\ALEXAN~1\AppData\Local\Microsoft
[31.07.2007|10:32] C:\Users\ALEXAN~1\AppData\Local\Microsoft Help
[31.10.2008|20:30] C:\Users\ALEXAN~1\AppData\Local\Mozilla
[02.12.2007|12:11] C:\Users\ALEXAN~1\AppData\Local\My Games
[31.07.2007|10:35] C:\Users\ALEXAN~1\AppData\Local\Seven Zip
[22.11.2007|14:53] C:\Users\ALEXAN~1\AppData\Local\Sony Corporation
[03.11.2008|19:39] C:\Users\ALEXAN~1\AppData\Local\Temp
[20.11.2007|17:32] C:\Users\ALEXAN~1\AppData\Local\Temporary Internet Files
[20.11.2007|21:25] C:\Users\ALEXAN~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[20.11.2007 19:04][--a------] C:\Windows\tasks\McDefragTask.job
[20.11.2007 19:04][--a------] C:\Windows\tasks\McQcTask.job
[03.11.2008 18:43][--ah-----] C:\Windows\tasks\SA.DAT
[03.11.2008 18:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[05.10.2008|13:01] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[23.06.2008|15:00] C:\ProgramData\Adobe
[20.12.2007|18:20] C:\ProgramData\Age of Empires 3
[20.11.2007|21:01] C:\ProgramData\Apple
[20.11.2007|21:19] C:\ProgramData\Apple Computer
[02.11.2006|14:02] C:\ProgramData\Application Data
[30.07.2007|10:25] C:\ProgramData\Bureau
[02.11.2006|14:02] C:\ProgramData\Desktop
[02.11.2006|14:02] C:\ProgramData\Documents
[25.06.2008|08:14] C:\ProgramData\DVD Shrink
[30.07.2007|10:25] C:\ProgramData\Favoris
[02.11.2006|14:02] C:\ProgramData\Favorites
[04.07.2008|13:46] C:\ProgramData\FLEXnet
[31.07.2007|10:42] C:\ProgramData\Google
[24.10.2008|07:48] C:\ProgramData\McAfee
[30.07.2007|10:25] C:\ProgramData\Menu D‚marrer
[31.10.2008|20:38] C:\ProgramData\Microsoft
[06.01.2008|11:14] C:\ProgramData\Microsoft Help
[30.07.2007|10:25] C:\ProgramData\ModŠles
[16.01.2008|14:26] C:\ProgramData\Motive
[05.07.2008|16:21] C:\ProgramData\Roxio
[02.10.2008|05:51] C:\ProgramData\SiteAdvisor
[20.11.2007|16:41] C:\ProgramData\Skype
[20.11.2007|16:39] C:\ProgramData\Sonic
[31.07.2007|10:40] C:\ProgramData\Sony
[22.11.2007|14:52] C:\ProgramData\Sony Corporation
[02.11.2006|14:02] C:\ProgramData\Start Menu
[23.11.2007|09:23] C:\ProgramData\Symantec
[02.11.2006|14:02] C:\ProgramData\Templates
[20.11.2007|16:45] C:\ProgramData\VAIO Media Platform
[26.09.2008|10:55] C:\ProgramData\WebDrive
--------------------\\ Listing des dossiers dans C:\Program Files
[06.01.2008|11:24] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[05.07.2008|17:14] C:\Program Files\Adobe
[19.06.2008|14:19] C:\Program Files\AGEIA Technologies
[05.01.2008|11:15] C:\Program Files\Ahead
[31.07.2007|08:31] C:\Program Files\Apoint
[15.08.2008|16:10] C:\Program Files\Apple Software Update
[20.11.2007|16:37] C:\Program Files\ArcSoft
[18.09.2008|13:05] C:\Program Files\Audacity 1.3 Beta (Unicode)
[09.10.2008|13:22] C:\Program Files\BitTorrent
[16.01.2008|13:57] C:\Program Files\bluewin
[14.09.2008|13:47] C:\Program Files\Bonjour
[03.04.2008|15:42] C:\Program Files\Canon
[28.10.2008|09:24] C:\Program Files\Common Files
[31.07.2007|08:30] C:\Program Files\CONEXANT
[01.09.2008|08:45] C:\Program Files\DivX
[16.06.2008|16:27] C:\Program Files\DNA
[06.06.2008|19:34] C:\Program Files\DVD Shrink
[30.07.2007|10:25] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20.11.2007|20:34] C:\Program Files\Finale 2003
[02.12.2007|11:03] C:\Program Files\Firaxis Games
[19.08.2008|13:39] C:\Program Files\Free Audio Pack
[06.06.2008|19:48] C:\Program Files\freestar
[05.08.2008|11:24] C:\Program Files\GALLIMAR
[18.08.2008|16:44] C:\Program Files\Google
[31.07.2007|10:42] C:\Program Files\Google BAE
[27.10.2008|17:34] C:\Program Files\Gpotato.eu
[31.10.2008|19:00] C:\Program Files\InstallShield Installation Information
[30.07.2007|13:27] C:\Program Files\Intel
[14.09.2008|16:51] C:\Program Files\Internet Explorer
[20.11.2007|16:51] C:\Program Files\InterVideo
[05.10.2008|13:01] C:\Program Files\iPod
[05.10.2008|13:01] C:\Program Files\iTunes
[24.06.2008|18:49] C:\Program Files\iWizz
[27.04.2008|15:18] C:\Program Files\IZArc
[28.07.2008|09:25] C:\Program Files\Java
[29.10.2008|13:29] C:\Program Files\McAfee
[20.11.2007|18:53] C:\Program Files\McAfee.com
[20.11.2007|19:25] C:\Program Files\Microsoft ActiveSync
[20.12.2007|18:00] C:\Program Files\Microsoft Games
[06.01.2008|11:14] C:\Program Files\Microsoft Office
[31.07.2007|10:38] C:\Program Files\Microsoft SQL Server
[06.01.2008|11:14] C:\Program Files\Microsoft Works
[31.10.2008|20:40] C:\Program Files\Microsoft.NET
[29.06.2008|17:20] C:\Program Files\Monkey's Audio
[14.09.2008|16:51] C:\Program Files\Movie Maker
[03.11.2008|11:30] C:\Program Files\Mozilla Firefox
[02.11.2006|13:37] C:\Program Files\MSBuild
[30.07.2007|13:06] C:\Program Files\MSXML 4.0
[21.03.2008|11:10] C:\Program Files\Picasa2
[16.01.2008|14:26] C:\Program Files\QuickHelp2
[14.09.2008|13:46] C:\Program Files\QuickTime
[27.01.2008|10:43] C:\Program Files\Real
[02.11.2006|13:37] C:\Program Files\Reference Assemblies
[20.11.2007|16:39] C:\Program Files\Roxio
[19.06.2008|14:02] C:\Program Files\Sierra Entertainment
[31.07.2007|08:42] C:\Program Files\SigmaTel
[24.10.2008|07:56] C:\Program Files\SiteAdvisor
[20.11.2007|16:41] C:\Program Files\Skype
[20.11.2007|20:35] C:\Program Files\SmartMusic
[20.11.2007|17:00] C:\Program Files\Sony
[02.11.2008|11:27] C:\Program Files\Trend Micro
[02.11.2006|14:01] C:\Program Files\Uninstall Information
[22.10.2008|15:54] C:\Program Files\VideoLAN
[26.09.2008|10:53] C:\Program Files\WebDrive
[31.07.2007|08:49] C:\Program Files\WIDCOMM
[29.06.2008|17:16] C:\Program Files\Winamp
[14.09.2008|16:51] C:\Program Files\Windows Calendar
[14.09.2008|16:51] C:\Program Files\Windows Collaboration
[14.09.2008|16:50] C:\Program Files\Windows Defender
[14.09.2008|16:51] C:\Program Files\Windows Journal
[15.10.2008|16:30] C:\Program Files\Windows Mail
[14.09.2008|16:51] C:\Program Files\Windows Media Player
[30.07.2007|10:25] C:\Program Files\Windows NT
[14.09.2008|16:51] C:\Program Files\Windows Photo Gallery
[14.09.2008|16:51] C:\Program Files\Windows Sidebar
[10.02.2008|12:00] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[23.06.2008|15:02] C:\Program Files\Common Files\Adobe
[05.01.2008|11:14] C:\Program Files\Common Files\Ahead
[14.09.2008|13:46] C:\Program Files\Common Files\Apple
[31.07.2007|10:34] C:\Program Files\Common Files\DESIGNER
[28.10.2008|09:24] C:\Program Files\Common Files\INCA Shared
[20.11.2007|16:37] C:\Program Files\Common Files\InstallShield
[20.11.2007|16:51] C:\Program Files\Common Files\InterVideo
[31.07.2007|10:44] C:\Program Files\Common Files\Java
[31.03.2008|14:05] C:\Program Files\Common Files\Macrovision Shared
[06.06.2008|12:55] C:\Program Files\Common Files\McAfee
[31.10.2008|20:40] C:\Program Files\Common Files\microsoft shared
[27.10.2008|18:43] C:\Program Files\Common Files\Motive
[31.07.2007|10:40] C:\Program Files\Common Files\PX Storage Engine
[27.01.2008|10:43] C:\Program Files\Common Files\Real
[20.11.2007|16:39] C:\Program Files\Common Files\Roxio Shared
[02.11.2006|12:18] C:\Program Files\Common Files\Services
[20.11.2007|16:41] C:\Program Files\Common Files\Skype
[20.11.2007|16:39] C:\Program Files\Common Files\Sonic Shared
[20.11.2007|16:45] C:\Program Files\Common Files\Sony Shared
[02.11.2006|12:18] C:\Program Files\Common Files\SpeechEngines
[23.11.2007|09:23] C:\Program Files\Common Files\Symantec Shared
[14.09.2008|16:50] C:\Program Files\Common Files\System
[19.06.2008|14:19] C:\Program Files\Common Files\Wise Installation Wizard
[27.01.2008|10:43] C:\Program Files\Common Files\xing shared
--------------------\\ Process
( 82 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 19:39:26
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\ALEXAN~1\AppData\Local\Temp\Temp1_crack.zip
C:\Users\ALEXAN~1\AppData\Local\Temp\Temp1_crack.zip\cep2reg.exe
[F:2916][D:128]-> C:\Users\ALEXAN~1\AppData\Local\Temp
[F:38][D:1]-> C:\Users\ALEXAN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:248][D:92]-> C:\Users\ALEXAN~1\AppData\Local\MICROS~2\Windows\TEMPOR~1\content.IE5
[F:5][D:6]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 03.11.2008| 7:05 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 03.11.2008|19:40 - Option : [2]
--------------------\\ Fin du rapport a 19:40:48
[ UAC => 1 ]
- Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
- Double-clique sur OTMoveIt3.exe afin de le lancer.
- Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
|
- Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log
Salut,
Voici le rapport OTmoveIt3:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== COMMANDS ==========
File delete failed. C:\Users\ALEXAN~1\AppData\Local\Temp\etilqs_2ReYJiao62fSaKrHlqno scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Alexandre\AppData\Local\Mozilla\Firefox\Profiles\cqhouthc.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Alexandre\AppData\Local\Mozilla\Firefox\Profiles\cqhouthc.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Alexandre\AppData\Local\Mozilla\Firefox\Profiles\cqhouthc.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Alexandre\AppData\Local\Mozilla\Firefox\Profiles\cqhouthc.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Alexandre\AppData\Local\Mozilla\Firefox\Profiles\cqhouthc.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11042008_105249
---> Mets à jour Java :
http://www.java.com/fr/download/manual.jsp
---> Mets à jour Adobe Reader :
http://www.adobe.com/fr/products/a [...] step2.html
OK, tout va bien pour l'instant!
Merci encore pour ton aide précieuse!
- Poste un nouveau rapport HijackThis.
Il y a 1739 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
