Iexplore.exe se lance seul, prend tout le UC
Résolu
guh
-
guh Messages postés 5 Statut Membre -
guh Messages postés 5 Statut Membre -
Bonjour,
Depuis quelques jours, l'application d'internet explorer (iexplore.exe) se lance seule pour ouvrir des pop-ups et fait ramer mon ordi (occupant le UC à 100%), j'ai essayer de désinstaller internet explorer mais cela ne change presque rien (les pop-ups ne s'affichent plus mais l'ordi rame toujours). Mais antivirus (antivir et ad-aware) ne repère aucun problème à part des tracking cookies dans le cas d'ad-aware.
J'ai fait un system scan avec hijackthis (mais l'application ne iexplore.exe ne tournait pas à ce moment), je le joint à la fin de mon message.
Pour information, à la même époque, je me suis fait volé mon mot de passe msn (ainsi que celui de mon petit frère qui utilise le même ordi que moi) mais je ne pense pas que cela soit lié car après avoir désinstaller msn et enlever une application qui semblait être un malware (WLSetupSvc.exe) le problème semble réglé.
Je vous joins le log d'hijackthis et je vous remercie d'avance pour l'aide que vous allez m'apporter.
cordialement
guh
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:40, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
Depuis quelques jours, l'application d'internet explorer (iexplore.exe) se lance seule pour ouvrir des pop-ups et fait ramer mon ordi (occupant le UC à 100%), j'ai essayer de désinstaller internet explorer mais cela ne change presque rien (les pop-ups ne s'affichent plus mais l'ordi rame toujours). Mais antivirus (antivir et ad-aware) ne repère aucun problème à part des tracking cookies dans le cas d'ad-aware.
J'ai fait un system scan avec hijackthis (mais l'application ne iexplore.exe ne tournait pas à ce moment), je le joint à la fin de mon message.
Pour information, à la même époque, je me suis fait volé mon mot de passe msn (ainsi que celui de mon petit frère qui utilise le même ordi que moi) mais je ne pense pas que cela soit lié car après avoir désinstaller msn et enlever une application qui semblait être un malware (WLSetupSvc.exe) le problème semble réglé.
Je vous joins le log d'hijackthis et je vous remercie d'avance pour l'aide que vous allez m'apporter.
cordialement
guh
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:40, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
A voir également:
- Iexplore.exe se lance seul, prend tout le UC
- Windows ne se lance pas - Guide
- Qu'est ce qui se lance au démarrage de l'ordinateur - Guide
- Discord ne se lance pas - Forum Audio
- Mon iphone se verrouille tout seul - Forum iPhone
- Wifi se désactive tout seul windows 10 - Guide
8 réponses
Salut,
Télécharge Lop S&D.exe sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation.
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Apres tu renommes Hijackthis.exe en patate.exe et tu postes le nouveau rapport.
Télécharge Lop S&D.exe sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation.
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Apres tu renommes Hijackthis.exe en patate.exe et tu postes le nouveau rapport.
voila le rapport généré par Lop S&D
-----------------------[ Lop S&D 4.2.1-7 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : KKK ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 24/06/2008 | 10:13:56,00 ] [ PC : ZOCKOR ]
[ MAJ : 21-06-2008 | 15:15 ]
-------------[ Listing des dossiers dans Application Data ]------------
[12/05/2008|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{9784CF0C-B63B-4A60-A1B8-0D38CDF756EB}
[11/05/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/05/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[11/05/2008|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/05/2008|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[11/05/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[20/06/2008|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
[09/05/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[11/05/2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[20/06/2008|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[13/05/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/06/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[11/05/2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[11/05/2008|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/05/2008|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[22/06/2008|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/05/2008|19:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[09/05/2008|17:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/05/2008|20:58] C:\DOCUME~1\KKK\APPLIC~1\Adobe
[13/05/2008|12:59] C:\DOCUME~1\KKK\APPLIC~1\Apple Computer
[12/05/2008|17:24] C:\DOCUME~1\KKK\APPLIC~1\ArcSoft
[12/05/2008|16:19] C:\DOCUME~1\KKK\APPLIC~1\Canon
[09/05/2008|19:21] C:\DOCUME~1\KKK\APPLIC~1\desktop.ini
[12/05/2008|18:20] C:\DOCUME~1\KKK\APPLIC~1\DIMAGE
[12/05/2008|19:02] C:\DOCUME~1\KKK\APPLIC~1\FastStone
[20/06/2008|10:33] C:\DOCUME~1\KKK\APPLIC~1\gpl data
[09/05/2008|18:29] C:\DOCUME~1\KKK\APPLIC~1\Identities
[12/05/2008|12:39] C:\DOCUME~1\KKK\APPLIC~1\ma-config.com
[11/05/2008|16:21] C:\DOCUME~1\KKK\APPLIC~1\Macromedia
[20/06/2008|14:13] C:\DOCUME~1\KKK\APPLIC~1\Microsoft
[11/05/2008|15:53] C:\DOCUME~1\KKK\APPLIC~1\Mozilla
[11/05/2008|16:19] C:\DOCUME~1\KKK\APPLIC~1\MSNInstaller
[11/05/2008|15:43] C:\DOCUME~1\KKK\APPLIC~1\PC Tools
[11/05/2008|17:51] C:\DOCUME~1\KKK\APPLIC~1\ScanSoft
[18/05/2008|14:49] C:\DOCUME~1\KKK\APPLIC~1\Sun
[11/05/2008|15:53] C:\DOCUME~1\KKK\APPLIC~1\Talkback
[14/05/2008|08:14] C:\DOCUME~1\KKK\APPLIC~1\vlc
[16/06/2008|16:22] C:\DOCUME~1\KKK\APPLIC~1\Vso
[12/05/2008|12:27] C:\DOCUME~1\KKK\APPLIC~1\WinRAR
[20/06/2008|13:16] C:\DOCUME~1\KKK\APPLIC~1\XnView
[11/05/2008|18:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[09/05/2008|17:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[09/05/2008|17:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[24/06/2008 10:00][--ah-----] C:\WINDOWS\tasks\AA5B37B291E0AB22.job
[24/06/2008 08:43][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
AA5B37B291E0AB22.job <--> c:\docume~1\kkk\applic~1\gpldat~1\firstdefaultfour.exe
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[11/05/2008|15:41] C:\Program Files\Adobe
[13/05/2008|12:44] C:\Program Files\Ahead
[11/05/2008|16:41] C:\Program Files\Apple Software Update
[11/05/2008|17:49] C:\Program Files\ArcSoft
[11/05/2008|15:51] C:\Program Files\Avira
[11/05/2008|17:57] C:\Program Files\Canon
[11/05/2008|17:45] C:\Program Files\CanonBJ
[12/05/2008|18:20] C:\Program Files\DiMAGE Viewer
[13/05/2008|12:18] C:\Program Files\D-Tools
[22/06/2008|14:32] C:\Program Files\Fichiers communs
[21/05/2008|20:59] C:\Program Files\FreeMultiPosteTV
[12/05/2008|18:20] C:\Program Files\InstallShield Installation Information
[24/06/2008|08:31] C:\Program Files\Internet Explorer
[11/05/2008|16:42] C:\Program Files\iPod
[11/05/2008|16:42] C:\Program Files\iTunes
[18/05/2008|14:39] C:\Program Files\Java
[20/06/2008|14:13] C:\Program Files\Lavasoft
[24/06/2008|10:11] C:\Program Files\Lop SD
[11/05/2008|15:56] C:\Program Files\ma-config.com
[11/05/2008|17:34] C:\Program Files\Messenger
[12/05/2008|13:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[09/05/2008|17:49] C:\Program Files\microsoft frontpage
[13/05/2008|12:26] C:\Program Files\Microsoft Office
[13/05/2008|12:26] C:\Program Files\Microsoft Visual Studio
[13/05/2008|12:23] C:\Program Files\Microsoft Visual Studio 8
[13/05/2008|12:26] C:\Program Files\Microsoft Works
[13/05/2008|12:25] C:\Program Files\Microsoft.NET
[09/05/2008|17:46] C:\Program Files\Movie Maker
[24/06/2008|09:43] C:\Program Files\Mozilla Firefox
[13/05/2008|12:26] C:\Program Files\MSBuild
[22/06/2008|17:53] C:\Program Files\MSN
[09/05/2008|17:45] C:\Program Files\MSN Gaming Zone
[12/05/2008|13:01] C:\Program Files\MSXML 4.0
[09/05/2008|17:47] C:\Program Files\NetMeeting
[11/05/2008|17:33] C:\Program Files\Outlook Express
[11/05/2008|16:42] C:\Program Files\QuickTime
[11/05/2008|16:05] C:\Program Files\Realtek
[12/05/2008|12:46] C:\Program Files\S3
[11/05/2008|17:50] C:\Program Files\ScanSoft
[09/05/2008|17:47] C:\Program Files\Services en ligne
[11/05/2008|15:43] C:\Program Files\Spyware Doctor
[11/05/2008|15:41] C:\Program Files\Sunbelt Software
[24/06/2008|09:21] C:\Program Files\Trend Micro
[09/05/2008|18:29] C:\Program Files\Uninstall Information
[13/05/2008|12:46] C:\Program Files\VideoLAN
[20/06/2008|11:16] C:\Program Files\VS Revo Group
[12/05/2008|18:51] C:\Program Files\VSO
[11/05/2008|15:42] C:\Program Files\Webteh
[22/06/2008|18:05] C:\Program Files\Windows Live
[11/05/2008|15:45] C:\Program Files\Windows Media Connect 2
[11/05/2008|17:33] C:\Program Files\Windows Media Player
[09/05/2008|17:45] C:\Program Files\Windows NT
[09/05/2008|17:47] C:\Program Files\WindowsUpdate
[12/05/2008|12:26] C:\Program Files\WinRAR
[09/05/2008|17:49] C:\Program Files\xerox
[12/05/2008|19:06] C:\Program Files\XnView
[12/05/2008|12:26] C:\Program Files\XPC Tools
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[24/05/2008|13:05] C:\Program Files\Fichiers communs\Adobe
[13/05/2008|12:44] C:\Program Files\Fichiers communs\Ahead
[11/05/2008|15:21] C:\Program Files\Fichiers communs\Designer
[11/05/2008|17:50] C:\Program Files\Fichiers communs\InstallShield
[18/05/2008|14:37] C:\Program Files\Fichiers communs\Java
[14/05/2008|20:26] C:\Program Files\Fichiers communs\Microsoft Shared
[09/05/2008|17:46] C:\Program Files\Fichiers communs\MSSoap
[09/05/2008|19:21] C:\Program Files\Fichiers communs\ODBC
[11/05/2008|17:50] C:\Program Files\Fichiers communs\ScanSoft Shared
[09/05/2008|17:46] C:\Program Files\Fichiers communs\Services
[09/05/2008|19:21] C:\Program Files\Fichiers communs\SpeechEngines
[11/05/2008|17:33] C:\Program Files\Fichiers communs\System
[11/05/2008|17:22] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[20/06/2008|14:11] C:\Program Files\Fichiers communs\Wise Installation Wizard
---------------------------[ Process ]--------------------------
... 28
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
C:\DOCUME~1\KKK\LOCALS~1\Temp\bis97.exe
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\vc remote.exe
C:\DOCUME~1\KKK\APPLIC~1\gpldat~1
C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\DriveBait.exe
C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\first default four.exe
C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\mailbalmpeakweb.exe
C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\uzpyqnxm.exe
C:\WINDOWS\Prefetch\VC REMOTE.EXE-3A9D92B0.pf
C:\WINDOWS\Prefetch\FIRST DEFAULT FOUR.EXE-1C5FC9F0.pf
C:\DOCUME~1\KKK\Cookies\kkk@www.2xmoinscher[1].txt
C:\DOCUME~1\KKK\Cookies\kkk@www.2xmoinscher[3].txt
C:\WINDOWS\Tasks\AA5B37B291E0AB22.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 10:17:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
[F:382][D:26]-> C:\DOCUME~1\KKK\LOCALS~1\Temp
[F:102][D:0]-> C:\DOCUME~1\KKK\Cookies
[F:8256][D:9]-> C:\DOCUME~1\KKK\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 10:18:11,21 ]----------------------
rapport de hijackthis (par contre j'ai renommé l'application sans être sûr que ça ait bien été fait)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:51, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
-----------------------[ Lop S&D 4.2.1-7 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : KKK ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 24/06/2008 | 10:13:56,00 ] [ PC : ZOCKOR ]
[ MAJ : 21-06-2008 | 15:15 ]
-------------[ Listing des dossiers dans Application Data ]------------
[12/05/2008|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{9784CF0C-B63B-4A60-A1B8-0D38CDF756EB}
[11/05/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/05/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[11/05/2008|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/05/2008|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[11/05/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[20/06/2008|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
[09/05/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[11/05/2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[20/06/2008|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[13/05/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/06/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[11/05/2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[11/05/2008|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/05/2008|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[22/06/2008|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/05/2008|19:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[09/05/2008|17:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/05/2008|20:58] C:\DOCUME~1\KKK\APPLIC~1\Adobe
[13/05/2008|12:59] C:\DOCUME~1\KKK\APPLIC~1\Apple Computer
[12/05/2008|17:24] C:\DOCUME~1\KKK\APPLIC~1\ArcSoft
[12/05/2008|16:19] C:\DOCUME~1\KKK\APPLIC~1\Canon
[09/05/2008|19:21] C:\DOCUME~1\KKK\APPLIC~1\desktop.ini
[12/05/2008|18:20] C:\DOCUME~1\KKK\APPLIC~1\DIMAGE
[12/05/2008|19:02] C:\DOCUME~1\KKK\APPLIC~1\FastStone
[20/06/2008|10:33] C:\DOCUME~1\KKK\APPLIC~1\gpl data
[09/05/2008|18:29] C:\DOCUME~1\KKK\APPLIC~1\Identities
[12/05/2008|12:39] C:\DOCUME~1\KKK\APPLIC~1\ma-config.com
[11/05/2008|16:21] C:\DOCUME~1\KKK\APPLIC~1\Macromedia
[20/06/2008|14:13] C:\DOCUME~1\KKK\APPLIC~1\Microsoft
[11/05/2008|15:53] C:\DOCUME~1\KKK\APPLIC~1\Mozilla
[11/05/2008|16:19] C:\DOCUME~1\KKK\APPLIC~1\MSNInstaller
[11/05/2008|15:43] C:\DOCUME~1\KKK\APPLIC~1\PC Tools
[11/05/2008|17:51] C:\DOCUME~1\KKK\APPLIC~1\ScanSoft
[18/05/2008|14:49] C:\DOCUME~1\KKK\APPLIC~1\Sun
[11/05/2008|15:53] C:\DOCUME~1\KKK\APPLIC~1\Talkback
[14/05/2008|08:14] C:\DOCUME~1\KKK\APPLIC~1\vlc
[16/06/2008|16:22] C:\DOCUME~1\KKK\APPLIC~1\Vso
[12/05/2008|12:27] C:\DOCUME~1\KKK\APPLIC~1\WinRAR
[20/06/2008|13:16] C:\DOCUME~1\KKK\APPLIC~1\XnView
[11/05/2008|18:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[09/05/2008|17:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[09/05/2008|17:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[24/06/2008 10:00][--ah-----] C:\WINDOWS\tasks\AA5B37B291E0AB22.job
[24/06/2008 08:43][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
AA5B37B291E0AB22.job <--> c:\docume~1\kkk\applic~1\gpldat~1\firstdefaultfour.exe
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[11/05/2008|15:41] C:\Program Files\Adobe
[13/05/2008|12:44] C:\Program Files\Ahead
[11/05/2008|16:41] C:\Program Files\Apple Software Update
[11/05/2008|17:49] C:\Program Files\ArcSoft
[11/05/2008|15:51] C:\Program Files\Avira
[11/05/2008|17:57] C:\Program Files\Canon
[11/05/2008|17:45] C:\Program Files\CanonBJ
[12/05/2008|18:20] C:\Program Files\DiMAGE Viewer
[13/05/2008|12:18] C:\Program Files\D-Tools
[22/06/2008|14:32] C:\Program Files\Fichiers communs
[21/05/2008|20:59] C:\Program Files\FreeMultiPosteTV
[12/05/2008|18:20] C:\Program Files\InstallShield Installation Information
[24/06/2008|08:31] C:\Program Files\Internet Explorer
[11/05/2008|16:42] C:\Program Files\iPod
[11/05/2008|16:42] C:\Program Files\iTunes
[18/05/2008|14:39] C:\Program Files\Java
[20/06/2008|14:13] C:\Program Files\Lavasoft
[24/06/2008|10:11] C:\Program Files\Lop SD
[11/05/2008|15:56] C:\Program Files\ma-config.com
[11/05/2008|17:34] C:\Program Files\Messenger
[12/05/2008|13:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[09/05/2008|17:49] C:\Program Files\microsoft frontpage
[13/05/2008|12:26] C:\Program Files\Microsoft Office
[13/05/2008|12:26] C:\Program Files\Microsoft Visual Studio
[13/05/2008|12:23] C:\Program Files\Microsoft Visual Studio 8
[13/05/2008|12:26] C:\Program Files\Microsoft Works
[13/05/2008|12:25] C:\Program Files\Microsoft.NET
[09/05/2008|17:46] C:\Program Files\Movie Maker
[24/06/2008|09:43] C:\Program Files\Mozilla Firefox
[13/05/2008|12:26] C:\Program Files\MSBuild
[22/06/2008|17:53] C:\Program Files\MSN
[09/05/2008|17:45] C:\Program Files\MSN Gaming Zone
[12/05/2008|13:01] C:\Program Files\MSXML 4.0
[09/05/2008|17:47] C:\Program Files\NetMeeting
[11/05/2008|17:33] C:\Program Files\Outlook Express
[11/05/2008|16:42] C:\Program Files\QuickTime
[11/05/2008|16:05] C:\Program Files\Realtek
[12/05/2008|12:46] C:\Program Files\S3
[11/05/2008|17:50] C:\Program Files\ScanSoft
[09/05/2008|17:47] C:\Program Files\Services en ligne
[11/05/2008|15:43] C:\Program Files\Spyware Doctor
[11/05/2008|15:41] C:\Program Files\Sunbelt Software
[24/06/2008|09:21] C:\Program Files\Trend Micro
[09/05/2008|18:29] C:\Program Files\Uninstall Information
[13/05/2008|12:46] C:\Program Files\VideoLAN
[20/06/2008|11:16] C:\Program Files\VS Revo Group
[12/05/2008|18:51] C:\Program Files\VSO
[11/05/2008|15:42] C:\Program Files\Webteh
[22/06/2008|18:05] C:\Program Files\Windows Live
[11/05/2008|15:45] C:\Program Files\Windows Media Connect 2
[11/05/2008|17:33] C:\Program Files\Windows Media Player
[09/05/2008|17:45] C:\Program Files\Windows NT
[09/05/2008|17:47] C:\Program Files\WindowsUpdate
[12/05/2008|12:26] C:\Program Files\WinRAR
[09/05/2008|17:49] C:\Program Files\xerox
[12/05/2008|19:06] C:\Program Files\XnView
[12/05/2008|12:26] C:\Program Files\XPC Tools
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[24/05/2008|13:05] C:\Program Files\Fichiers communs\Adobe
[13/05/2008|12:44] C:\Program Files\Fichiers communs\Ahead
[11/05/2008|15:21] C:\Program Files\Fichiers communs\Designer
[11/05/2008|17:50] C:\Program Files\Fichiers communs\InstallShield
[18/05/2008|14:37] C:\Program Files\Fichiers communs\Java
[14/05/2008|20:26] C:\Program Files\Fichiers communs\Microsoft Shared
[09/05/2008|17:46] C:\Program Files\Fichiers communs\MSSoap
[09/05/2008|19:21] C:\Program Files\Fichiers communs\ODBC
[11/05/2008|17:50] C:\Program Files\Fichiers communs\ScanSoft Shared
[09/05/2008|17:46] C:\Program Files\Fichiers communs\Services
[09/05/2008|19:21] C:\Program Files\Fichiers communs\SpeechEngines
[11/05/2008|17:33] C:\Program Files\Fichiers communs\System
[11/05/2008|17:22] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[20/06/2008|14:11] C:\Program Files\Fichiers communs\Wise Installation Wizard
---------------------------[ Process ]--------------------------
... 28
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
C:\DOCUME~1\KKK\LOCALS~1\Temp\bis97.exe
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\vc remote.exe
C:\DOCUME~1\KKK\APPLIC~1\gpldat~1
C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\DriveBait.exe
C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\first default four.exe
C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\mailbalmpeakweb.exe
C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\uzpyqnxm.exe
C:\WINDOWS\Prefetch\VC REMOTE.EXE-3A9D92B0.pf
C:\WINDOWS\Prefetch\FIRST DEFAULT FOUR.EXE-1C5FC9F0.pf
C:\DOCUME~1\KKK\Cookies\kkk@www.2xmoinscher[1].txt
C:\DOCUME~1\KKK\Cookies\kkk@www.2xmoinscher[3].txt
C:\WINDOWS\Tasks\AA5B37B291E0AB22.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 10:17:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
[F:382][D:26]-> C:\DOCUME~1\KKK\LOCALS~1\Temp
[F:102][D:0]-> C:\DOCUME~1\KKK\Cookies
[F:8256][D:9]-> C:\DOCUME~1\KKK\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 10:18:11,21 ]----------------------
rapport de hijackthis (par contre j'ai renommé l'application sans être sûr que ça ait bien été fait)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:51, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
Pour desinfecter:
* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Voila.
Y a t il d'autres problemes ?
* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Voila.
Y a t il d'autres problemes ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci beaucoup pour ton aide, je ne sais pas si le problème est réglé car l'application iexpolre.exe se lance toute les heures environ (je l'enlevait en passant par le gestionnaire des tâches) mais s'il se relance je te tiendrait au courant. Merci beaucoup en tout cas et voici le rapport généré :
-----------------------[ Lop S&D 4.2.1-7 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : KKK ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 25/06/2008 | 10:29:50,92 ] [ PC : ZOCKOR ]
[ MAJ : 21-06-2008 | 15:15 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\vc remote.exe
Supprime! - C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\DriveBait.exe
Supprime! - C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\first default four.exe
Supprime! - C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\mailbalmpeakweb.exe
Supprime! - C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\uzpyqnxm.exe
Supprime! - C:\WINDOWS\Prefetch\VC REMOTE.EXE-3A9D92B0.pf
Supprime! - C:\WINDOWS\Prefetch\FIRST DEFAULT FOUR.EXE-1C5FC9F0.pf
Supprime! - C:\DOCUME~1\KKK\Cookies\kkk@www.2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\KKK\Cookies\kkk@www.2xmoinscher[3].txt
Supprime! - C:\WINDOWS\Tasks\AA5B37B291E0AB22.job
Supprime! - C:\DOCUME~1\KKK\LOCALS~1\Temp\bis97.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
Supprime! - C:\DOCUME~1\KKK\APPLIC~1\gpldat~1
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[12/05/2008|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{9784CF0C-B63B-4A60-A1B8-0D38CDF756EB}
[11/05/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/05/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[11/05/2008|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/05/2008|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[11/05/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[09/05/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[11/05/2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[20/06/2008|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[13/05/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/06/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[11/05/2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[11/05/2008|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/05/2008|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[22/06/2008|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/05/2008|19:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[09/05/2008|17:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/05/2008|20:58] C:\DOCUME~1\KKK\APPLIC~1\Adobe
[13/05/2008|12:59] C:\DOCUME~1\KKK\APPLIC~1\Apple Computer
[12/05/2008|17:24] C:\DOCUME~1\KKK\APPLIC~1\ArcSoft
[12/05/2008|16:19] C:\DOCUME~1\KKK\APPLIC~1\Canon
[09/05/2008|19:21] C:\DOCUME~1\KKK\APPLIC~1\desktop.ini
[12/05/2008|18:20] C:\DOCUME~1\KKK\APPLIC~1\DIMAGE
[12/05/2008|19:02] C:\DOCUME~1\KKK\APPLIC~1\FastStone
[09/05/2008|18:29] C:\DOCUME~1\KKK\APPLIC~1\Identities
[12/05/2008|12:39] C:\DOCUME~1\KKK\APPLIC~1\ma-config.com
[11/05/2008|16:21] C:\DOCUME~1\KKK\APPLIC~1\Macromedia
[20/06/2008|14:13] C:\DOCUME~1\KKK\APPLIC~1\Microsoft
[11/05/2008|15:53] C:\DOCUME~1\KKK\APPLIC~1\Mozilla
[11/05/2008|16:19] C:\DOCUME~1\KKK\APPLIC~1\MSNInstaller
[11/05/2008|15:43] C:\DOCUME~1\KKK\APPLIC~1\PC Tools
[11/05/2008|17:51] C:\DOCUME~1\KKK\APPLIC~1\ScanSoft
[18/05/2008|14:49] C:\DOCUME~1\KKK\APPLIC~1\Sun
[11/05/2008|15:53] C:\DOCUME~1\KKK\APPLIC~1\Talkback
[14/05/2008|08:14] C:\DOCUME~1\KKK\APPLIC~1\vlc
[16/06/2008|16:22] C:\DOCUME~1\KKK\APPLIC~1\Vso
[12/05/2008|12:27] C:\DOCUME~1\KKK\APPLIC~1\WinRAR
[20/06/2008|13:16] C:\DOCUME~1\KKK\APPLIC~1\XnView
[11/05/2008|18:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[09/05/2008|17:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[09/05/2008|17:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[25/06/2008 08:06][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[11/05/2008|15:41] C:\Program Files\Adobe
[13/05/2008|12:44] C:\Program Files\Ahead
[11/05/2008|16:41] C:\Program Files\Apple Software Update
[11/05/2008|17:49] C:\Program Files\ArcSoft
[11/05/2008|15:51] C:\Program Files\Avira
[11/05/2008|17:57] C:\Program Files\Canon
[11/05/2008|17:45] C:\Program Files\CanonBJ
[12/05/2008|18:20] C:\Program Files\DiMAGE Viewer
[13/05/2008|12:18] C:\Program Files\D-Tools
[22/06/2008|14:32] C:\Program Files\Fichiers communs
[21/05/2008|20:59] C:\Program Files\FreeMultiPosteTV
[12/05/2008|18:20] C:\Program Files\InstallShield Installation Information
[24/06/2008|08:31] C:\Program Files\Internet Explorer
[11/05/2008|16:42] C:\Program Files\iPod
[11/05/2008|16:42] C:\Program Files\iTunes
[18/05/2008|14:39] C:\Program Files\Java
[20/06/2008|14:13] C:\Program Files\Lavasoft
[24/06/2008|10:11] C:\Program Files\Lop SD
[11/05/2008|15:56] C:\Program Files\ma-config.com
[11/05/2008|17:34] C:\Program Files\Messenger
[12/05/2008|13:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[09/05/2008|17:49] C:\Program Files\microsoft frontpage
[13/05/2008|12:26] C:\Program Files\Microsoft Office
[13/05/2008|12:26] C:\Program Files\Microsoft Visual Studio
[13/05/2008|12:23] C:\Program Files\Microsoft Visual Studio 8
[13/05/2008|12:26] C:\Program Files\Microsoft Works
[13/05/2008|12:25] C:\Program Files\Microsoft.NET
[09/05/2008|17:46] C:\Program Files\Movie Maker
[25/06/2008|09:10] C:\Program Files\Mozilla Firefox
[13/05/2008|12:26] C:\Program Files\MSBuild
[22/06/2008|17:53] C:\Program Files\MSN
[09/05/2008|17:45] C:\Program Files\MSN Gaming Zone
[12/05/2008|13:01] C:\Program Files\MSXML 4.0
[09/05/2008|17:47] C:\Program Files\NetMeeting
[11/05/2008|17:33] C:\Program Files\Outlook Express
[11/05/2008|16:42] C:\Program Files\QuickTime
[11/05/2008|16:05] C:\Program Files\Realtek
[12/05/2008|12:46] C:\Program Files\S3
[11/05/2008|17:50] C:\Program Files\ScanSoft
[09/05/2008|17:47] C:\Program Files\Services en ligne
[11/05/2008|15:43] C:\Program Files\Spyware Doctor
[11/05/2008|15:41] C:\Program Files\Sunbelt Software
[24/06/2008|09:21] C:\Program Files\Trend Micro
[09/05/2008|18:29] C:\Program Files\Uninstall Information
[13/05/2008|12:46] C:\Program Files\VideoLAN
[20/06/2008|11:16] C:\Program Files\VS Revo Group
[12/05/2008|18:51] C:\Program Files\VSO
[11/05/2008|15:42] C:\Program Files\Webteh
[22/06/2008|18:05] C:\Program Files\Windows Live
[11/05/2008|15:45] C:\Program Files\Windows Media Connect 2
[11/05/2008|17:33] C:\Program Files\Windows Media Player
[09/05/2008|17:45] C:\Program Files\Windows NT
[09/05/2008|17:47] C:\Program Files\WindowsUpdate
[12/05/2008|12:26] C:\Program Files\WinRAR
[09/05/2008|17:49] C:\Program Files\xerox
[12/05/2008|19:06] C:\Program Files\XnView
[12/05/2008|12:26] C:\Program Files\XPC Tools
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[24/05/2008|13:05] C:\Program Files\Fichiers communs\Adobe
[13/05/2008|12:44] C:\Program Files\Fichiers communs\Ahead
[11/05/2008|15:21] C:\Program Files\Fichiers communs\Designer
[11/05/2008|17:50] C:\Program Files\Fichiers communs\InstallShield
[18/05/2008|14:37] C:\Program Files\Fichiers communs\Java
[14/05/2008|20:26] C:\Program Files\Fichiers communs\Microsoft Shared
[09/05/2008|17:46] C:\Program Files\Fichiers communs\MSSoap
[09/05/2008|19:21] C:\Program Files\Fichiers communs\ODBC
[11/05/2008|17:50] C:\Program Files\Fichiers communs\ScanSoft Shared
[09/05/2008|17:46] C:\Program Files\Fichiers communs\Services
[09/05/2008|19:21] C:\Program Files\Fichiers communs\SpeechEngines
[11/05/2008|17:33] C:\Program Files\Fichiers communs\System
[11/05/2008|17:22] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[20/06/2008|14:11] C:\Program Files\Fichiers communs\Wise Installation Wizard
---------------------------[ Process ]--------------------------
... 27
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\KKK\Cookies\kkk@adopt.euroclick[2].txt
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 10:33:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
[F:384][D:26]-> C:\DOCUME~1\KKK\LOCALS~1\Temp
[F:110][D:0]-> C:\DOCUME~1\KKK\Cookies
[F:8438][D:9]-> C:\DOCUME~1\KKK\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 10:34:06,56 ]----------------------
-----------------------[ Lop S&D 4.2.1-7 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : KKK ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 25/06/2008 | 10:29:50,92 ] [ PC : ZOCKOR ]
[ MAJ : 21-06-2008 | 15:15 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\vc remote.exe
Supprime! - C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\DriveBait.exe
Supprime! - C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\first default four.exe
Supprime! - C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\mailbalmpeakweb.exe
Supprime! - C:\DOCUME~1\KKK\APPLIC~1\gpldat~1\uzpyqnxm.exe
Supprime! - C:\WINDOWS\Prefetch\VC REMOTE.EXE-3A9D92B0.pf
Supprime! - C:\WINDOWS\Prefetch\FIRST DEFAULT FOUR.EXE-1C5FC9F0.pf
Supprime! - C:\DOCUME~1\KKK\Cookies\kkk@www.2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\KKK\Cookies\kkk@www.2xmoinscher[3].txt
Supprime! - C:\WINDOWS\Tasks\AA5B37B291E0AB22.job
Supprime! - C:\DOCUME~1\KKK\LOCALS~1\Temp\bis97.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
Supprime! - C:\DOCUME~1\KKK\APPLIC~1\gpldat~1
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[12/05/2008|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{9784CF0C-B63B-4A60-A1B8-0D38CDF756EB}
[11/05/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/05/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[11/05/2008|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/05/2008|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[11/05/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[09/05/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[11/05/2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[20/06/2008|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[13/05/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/06/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[11/05/2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[11/05/2008|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/05/2008|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[22/06/2008|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/05/2008|19:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[09/05/2008|17:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/05/2008|20:58] C:\DOCUME~1\KKK\APPLIC~1\Adobe
[13/05/2008|12:59] C:\DOCUME~1\KKK\APPLIC~1\Apple Computer
[12/05/2008|17:24] C:\DOCUME~1\KKK\APPLIC~1\ArcSoft
[12/05/2008|16:19] C:\DOCUME~1\KKK\APPLIC~1\Canon
[09/05/2008|19:21] C:\DOCUME~1\KKK\APPLIC~1\desktop.ini
[12/05/2008|18:20] C:\DOCUME~1\KKK\APPLIC~1\DIMAGE
[12/05/2008|19:02] C:\DOCUME~1\KKK\APPLIC~1\FastStone
[09/05/2008|18:29] C:\DOCUME~1\KKK\APPLIC~1\Identities
[12/05/2008|12:39] C:\DOCUME~1\KKK\APPLIC~1\ma-config.com
[11/05/2008|16:21] C:\DOCUME~1\KKK\APPLIC~1\Macromedia
[20/06/2008|14:13] C:\DOCUME~1\KKK\APPLIC~1\Microsoft
[11/05/2008|15:53] C:\DOCUME~1\KKK\APPLIC~1\Mozilla
[11/05/2008|16:19] C:\DOCUME~1\KKK\APPLIC~1\MSNInstaller
[11/05/2008|15:43] C:\DOCUME~1\KKK\APPLIC~1\PC Tools
[11/05/2008|17:51] C:\DOCUME~1\KKK\APPLIC~1\ScanSoft
[18/05/2008|14:49] C:\DOCUME~1\KKK\APPLIC~1\Sun
[11/05/2008|15:53] C:\DOCUME~1\KKK\APPLIC~1\Talkback
[14/05/2008|08:14] C:\DOCUME~1\KKK\APPLIC~1\vlc
[16/06/2008|16:22] C:\DOCUME~1\KKK\APPLIC~1\Vso
[12/05/2008|12:27] C:\DOCUME~1\KKK\APPLIC~1\WinRAR
[20/06/2008|13:16] C:\DOCUME~1\KKK\APPLIC~1\XnView
[11/05/2008|18:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[09/05/2008|17:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[09/05/2008|17:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[25/06/2008 08:06][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[11/05/2008|15:41] C:\Program Files\Adobe
[13/05/2008|12:44] C:\Program Files\Ahead
[11/05/2008|16:41] C:\Program Files\Apple Software Update
[11/05/2008|17:49] C:\Program Files\ArcSoft
[11/05/2008|15:51] C:\Program Files\Avira
[11/05/2008|17:57] C:\Program Files\Canon
[11/05/2008|17:45] C:\Program Files\CanonBJ
[12/05/2008|18:20] C:\Program Files\DiMAGE Viewer
[13/05/2008|12:18] C:\Program Files\D-Tools
[22/06/2008|14:32] C:\Program Files\Fichiers communs
[21/05/2008|20:59] C:\Program Files\FreeMultiPosteTV
[12/05/2008|18:20] C:\Program Files\InstallShield Installation Information
[24/06/2008|08:31] C:\Program Files\Internet Explorer
[11/05/2008|16:42] C:\Program Files\iPod
[11/05/2008|16:42] C:\Program Files\iTunes
[18/05/2008|14:39] C:\Program Files\Java
[20/06/2008|14:13] C:\Program Files\Lavasoft
[24/06/2008|10:11] C:\Program Files\Lop SD
[11/05/2008|15:56] C:\Program Files\ma-config.com
[11/05/2008|17:34] C:\Program Files\Messenger
[12/05/2008|13:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[09/05/2008|17:49] C:\Program Files\microsoft frontpage
[13/05/2008|12:26] C:\Program Files\Microsoft Office
[13/05/2008|12:26] C:\Program Files\Microsoft Visual Studio
[13/05/2008|12:23] C:\Program Files\Microsoft Visual Studio 8
[13/05/2008|12:26] C:\Program Files\Microsoft Works
[13/05/2008|12:25] C:\Program Files\Microsoft.NET
[09/05/2008|17:46] C:\Program Files\Movie Maker
[25/06/2008|09:10] C:\Program Files\Mozilla Firefox
[13/05/2008|12:26] C:\Program Files\MSBuild
[22/06/2008|17:53] C:\Program Files\MSN
[09/05/2008|17:45] C:\Program Files\MSN Gaming Zone
[12/05/2008|13:01] C:\Program Files\MSXML 4.0
[09/05/2008|17:47] C:\Program Files\NetMeeting
[11/05/2008|17:33] C:\Program Files\Outlook Express
[11/05/2008|16:42] C:\Program Files\QuickTime
[11/05/2008|16:05] C:\Program Files\Realtek
[12/05/2008|12:46] C:\Program Files\S3
[11/05/2008|17:50] C:\Program Files\ScanSoft
[09/05/2008|17:47] C:\Program Files\Services en ligne
[11/05/2008|15:43] C:\Program Files\Spyware Doctor
[11/05/2008|15:41] C:\Program Files\Sunbelt Software
[24/06/2008|09:21] C:\Program Files\Trend Micro
[09/05/2008|18:29] C:\Program Files\Uninstall Information
[13/05/2008|12:46] C:\Program Files\VideoLAN
[20/06/2008|11:16] C:\Program Files\VS Revo Group
[12/05/2008|18:51] C:\Program Files\VSO
[11/05/2008|15:42] C:\Program Files\Webteh
[22/06/2008|18:05] C:\Program Files\Windows Live
[11/05/2008|15:45] C:\Program Files\Windows Media Connect 2
[11/05/2008|17:33] C:\Program Files\Windows Media Player
[09/05/2008|17:45] C:\Program Files\Windows NT
[09/05/2008|17:47] C:\Program Files\WindowsUpdate
[12/05/2008|12:26] C:\Program Files\WinRAR
[09/05/2008|17:49] C:\Program Files\xerox
[12/05/2008|19:06] C:\Program Files\XnView
[12/05/2008|12:26] C:\Program Files\XPC Tools
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[24/05/2008|13:05] C:\Program Files\Fichiers communs\Adobe
[13/05/2008|12:44] C:\Program Files\Fichiers communs\Ahead
[11/05/2008|15:21] C:\Program Files\Fichiers communs\Designer
[11/05/2008|17:50] C:\Program Files\Fichiers communs\InstallShield
[18/05/2008|14:37] C:\Program Files\Fichiers communs\Java
[14/05/2008|20:26] C:\Program Files\Fichiers communs\Microsoft Shared
[09/05/2008|17:46] C:\Program Files\Fichiers communs\MSSoap
[09/05/2008|19:21] C:\Program Files\Fichiers communs\ODBC
[11/05/2008|17:50] C:\Program Files\Fichiers communs\ScanSoft Shared
[09/05/2008|17:46] C:\Program Files\Fichiers communs\Services
[09/05/2008|19:21] C:\Program Files\Fichiers communs\SpeechEngines
[11/05/2008|17:33] C:\Program Files\Fichiers communs\System
[11/05/2008|17:22] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[20/06/2008|14:11] C:\Program Files\Fichiers communs\Wise Installation Wizard
---------------------------[ Process ]--------------------------
... 27
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\KKK\Cookies\kkk@adopt.euroclick[2].txt
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 10:33:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
[F:384][D:26]-> C:\DOCUME~1\KKK\LOCALS~1\Temp
[F:110][D:0]-> C:\DOCUME~1\KKK\Cookies
[F:8438][D:9]-> C:\DOCUME~1\KKK\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 10:34:06,56 ]----------------------
