Probleme publicité
dadoulinee
-
sherred Messages postés 8605 Statut Membre -
sherred Messages postés 8605 Statut Membre -
Bonjour,
Depuis quelques temps j'ai sur l'ecran de mon PC des tonnes de pubs qui s'affichent et je ne sais pas si c'est à cause de ça mais il rame à mort. Enfait une fois que j'ai les pubs sur l'écran pour les fermer c'est assez long.
Quelqu'un pourrait-il m'aider ?
Merci
Depuis quelques temps j'ai sur l'ecran de mon PC des tonnes de pubs qui s'affichent et je ne sais pas si c'est à cause de ça mais il rame à mort. Enfait une fois que j'ai les pubs sur l'écran pour les fermer c'est assez long.
Quelqu'un pourrait-il m'aider ?
Merci
A voir également:
- Probleme publicité
- Supprimer publicité - Guide
- Bloquer publicité youtube - Accueil - Streaming
- Publicité sms - Guide
- Un bloqueur de publicité empêche la lecture. veuillez le désactiver pour démarrer la vidéo - Forum Réseaux sociaux
- Un bloqueur de publicité empêche la lecture. Veuillez le désacti - Forum Logiciels
30 réponses
rapport de lop
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : forian ( Administrator )
BOOT : Normal boot
Antivirus : Trend Micro Internet Security 17.0.1367 (Activated)
C:\ (Local Disk) - FAT32 - Total:26 Go (Free:4 Go)
D:\ (Local Disk) - FAT32 - Total:26 Go (Free:16 Go)
E:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go)
G:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 10/11/2008|13:08 )
--------------------\\ Listing des dossiers dans APPLIC~1
[24/08/2005|03:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[24/08/2005|03:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/08/2005|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/12/2005|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[25/08/2005|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[10/12/2005|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[02/07/2006|13:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
[08/11/2008|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag barb cake wipe
[19/11/2005|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[09/11/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[30/10/2006|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[24/08/2005|03:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/10/2006|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\new send rdr up
[20/07/2006|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[19/11/2005|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[08/11/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
[02/07/2006|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/11/2008|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[24/08/2005|03:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[24/08/2005|03:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[21/11/2005|15:25] C:\DOCUME~1\forian\APPLIC~1\Adobe
[13/02/2006|11:09] C:\DOCUME~1\forian\APPLIC~1\AdobeUM
[08/12/2005|12:09] C:\DOCUME~1\forian\APPLIC~1\Ahead
[19/11/2005|13:18] C:\DOCUME~1\forian\APPLIC~1\CyberLink
[30/10/2006|21:31] C:\DOCUME~1\forian\APPLIC~1\Else plus
[24/10/2006|18:16] C:\DOCUME~1\forian\APPLIC~1\Help
[24/08/2005|03:39] C:\DOCUME~1\forian\APPLIC~1\Identities
[23/05/2006|19:25] C:\DOCUME~1\forian\APPLIC~1\Intel
[21/03/2007|21:25] C:\DOCUME~1\forian\APPLIC~1\LimeWire
[20/05/2006|19:23] C:\DOCUME~1\forian\APPLIC~1\Macromedia
[09/11/2008|11:09] C:\DOCUME~1\forian\APPLIC~1\Malwarebytes
[24/08/2005|03:27] C:\DOCUME~1\forian\APPLIC~1\Microsoft
[20/05/2006|19:26] C:\DOCUME~1\forian\APPLIC~1\MSNInstaller
[09/04/2008|11:18] C:\DOCUME~1\forian\APPLIC~1\Samsung
[11/06/2006|16:54] C:\DOCUME~1\forian\APPLIC~1\Sun
[19/11/2005|12:55] C:\DOCUME~1\forian\APPLIC~1\Symantec
[08/02/2007|12:23] C:\DOCUME~1\forian\APPLIC~1\vlc
[24/08/2005|03:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/08/2005|03:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[10/11/2008 13:00][--ah-----] C:\WINDOWS\tasks\AC8E6D519185E5B5.job
[10/11/2008 10:30][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( AC8E6D519185E5B5.job )=( c:\docume~1\forian\applic~1\elsepl~1\Thunkdeafgreat.exe )
--------------------\\ MsgPlus SPONSOR INSTALLED !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"DisplayName"="Messenger Plus! 3 & Sponsor"
"SponsorInstalled"=dword:00000000
--------------------\\ Listing des dossiers dans C:\Program Files
[25/08/2005|08:29] C:\Program Files\Acer
[24/08/2005|03:49] C:\Program Files\Acer Inc
[24/08/2005|03:49] C:\Program Files\Adobe
[24/11/2006|14:33] C:\Program Files\Agnitum
[19/11/2005|14:34] C:\Program Files\Ahead
[04/11/2006|11:11] C:\Program Files\Alwil Software
[09/11/2008|17:45] C:\Program Files\Circle Developement
[20/07/2006|22:54] C:\Program Files\Common Files
[24/08/2005|03:33] C:\Program Files\ComPlus Applications
[24/08/2005|03:46] C:\Program Files\CONEXANT
[25/08/2005|08:27] C:\Program Files\CyberLink
[10/12/2005|19:57] C:\Program Files\D-Tools
[10/12/2005|19:55] C:\Program Files\DVD Shrink
[08/11/2008|22:17] C:\Program Files\Else plus
[02/01/2007|12:48] C:\Program Files\eMule
[24/08/2005|03:28] C:\Program Files\Fichiers communs
[24/08/2005|03:41] C:\Program Files\InstallShield Installation Information
[24/08/2005|03:42] C:\Program Files\Intel
[24/08/2005|03:33] C:\Program Files\Internet Explorer
[18/10/2006|21:30] C:\Program Files\Inventel
[11/06/2006|16:50] C:\Program Files\Java
[19/11/2005|12:47] C:\Program Files\Launch Manager
[09/12/2006|20:55] C:\Program Files\LimeWire
[24/05/2006|20:36] C:\Program Files\Logitech
[09/11/2008|11:09] C:\Program Files\Malwarebytes' Anti-Malware
[24/08/2005|03:32] C:\Program Files\Messenger
[09/11/2008|17:45] C:\Program Files\Messenger Plus! Live
[30/10/2006|21:31] C:\Program Files\MessengerPlus! 3
[24/08/2005|03:35] C:\Program Files\microsoft frontpage
[19/11/2005|12:48] C:\Program Files\Microsoft Office
[20/11/2005|23:26] C:\Program Files\Microsoft Visual Studio
[19/11/2005|12:48] C:\Program Files\Microsoft Works
[20/11/2005|23:27] C:\Program Files\Microsoft.NET
[24/08/2005|03:33] C:\Program Files\Movie Maker
[24/08/2005|03:32] C:\Program Files\MSN
[20/05/2006|23:03] C:\Program Files\MSN Apps
[24/08/2005|03:32] C:\Program Files\MSN Gaming Zone
[29/11/2006|09:09] C:\Program Files\MSXML 4.0
[10/11/2008|12:05] C:\Program Files\Navilog1
[24/08/2005|03:33] C:\Program Files\NetMeeting
[24/08/2005|03:51] C:\Program Files\NewTech Infosystems
[24/08/2005|03:33] C:\Program Files\Outlook Express
[04/11/2006|13:07] C:\Program Files\PeerGuardian2
[30/06/2008|18:47] C:\Program Files\PHOTO CARREFOUR
[24/08/2005|03:45] C:\Program Files\Realtek
[09/04/2006|00:25] C:\Program Files\Samsung
[24/08/2005|03:34] C:\Program Files\Services en ligne
[20/07/2006|21:42] C:\Program Files\Sony
[07/03/2007|13:12] C:\Program Files\SuperCopier2
[24/08/2005|03:47] C:\Program Files\Synaptics
[08/11/2008|23:07] C:\Program Files\Trend Micro
[24/08/2005|03:39] C:\Program Files\Uninstall Information
[09/11/2008|10:36] C:\Program Files\Unlocker
[08/02/2007|12:18] C:\Program Files\VideoLAN
[23/10/2006|12:15] C:\Program Files\Wanadoo
[08/11/2008|22:17] C:\Program Files\Windows Live
[02/02/2007|15:56] C:\Program Files\Windows Media Connect 2
[24/08/2005|03:32] C:\Program Files\Windows Media Player
[24/08/2005|03:32] C:\Program Files\Windows NT
[24/08/2005|03:34] C:\Program Files\WindowsUpdate
[19/11/2005|12:44] C:\Program Files\WinPCap
[24/08/2005|03:35] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[24/08/2005|03:49] C:\Program Files\Fichiers communs\Adobe
[24/11/2006|14:33] C:\Program Files\Fichiers communs\Agnitum Shared
[10/12/2005|19:42] C:\Program Files\Fichiers communs\Ahead
[20/11/2005|23:26] C:\Program Files\Fichiers communs\DESIGNER
[24/08/2005|03:41] C:\Program Files\Fichiers communs\InstallShield
[11/06/2006|16:18] C:\Program Files\Fichiers communs\Java
[24/05/2006|20:37] C:\Program Files\Fichiers communs\Logitech
[24/08/2005|03:28] C:\Program Files\Fichiers communs\Microsoft Shared
[24/08/2005|03:33] C:\Program Files\Fichiers communs\MSSoap
[24/08/2005|03:51] C:\Program Files\Fichiers communs\muvee Technologies
[24/08/2005|03:51] C:\Program Files\Fichiers communs\NewTech Infosystems
[24/08/2005|03:28] C:\Program Files\Fichiers communs\ODBC
[24/08/2005|03:33] C:\Program Files\Fichiers communs\Services
[20/07/2006|21:42] C:\Program Files\Fichiers communs\Sony Shared
[24/08/2005|03:28] C:\Program Files\Fichiers communs\SpeechEngines
[24/08/2005|03:33] C:\Program Files\Fichiers communs\System
[08/11/2008|22:17] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 56 Processes )
IEXPLORE.EXE ~ [PID:820]
iexplore.exe ~ [PID:1612]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS
C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\uslhqaqs.exe
C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\JoyPokeForkBlue.exe
C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\Thunkdeafgreat.exe
C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\sctnbgpm.exe
C:\Program Files\ELSE PLUS
C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag barb cake wipe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag barb cake wipe\army name.exe
C:\DOCUME~1\forian\APPLIC~1\elsepl~1
C:\DOCUME~1\forian\APPLIC~1\elsepl~1\uslhqaqs.exe
C:\DOCUME~1\forian\APPLIC~1\elsepl~1\JoyPokeForkBlue.exe
C:\DOCUME~1\forian\APPLIC~1\elsepl~1\Thunkdeafgreat.exe
C:\DOCUME~1\forian\APPLIC~1\elsepl~1\sctnbgpm.exe
C:\Program Files\elsepl~1
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\forian\Cookies\forian@d2.advertserve[1].txt
C:\DOCUME~1\forian\Cookies\forian@advertising[1].txt
C:\DOCUME~1\forian\Cookies\forian@fr.xblaster.bigpoint[1].txt
C:\DOCUME~1\forian\Cookies\forian@bigpoint[1].txt
C:\DOCUME~1\forian\Cookies\forian@casinoking[1].txt
C:\DOCUME~1\forian\Cookies\forian@banner.casinoking[2].txt
C:\DOCUME~1\forian\Cookies\forian@banner.cotedazurpalace[2].txt
C:\DOCUME~1\forian\Cookies\forian@adopt.euroclick[2].txt
C:\DOCUME~1\forian\Cookies\forian@pacificpoker[4].txt
C:\DOCUME~1\forian\Cookies\forian@pacificpoker[2].txt
C:\DOCUME~1\forian\Cookies\forian@pacificpoker[1].txt
C:\DOCUME~1\forian\Cookies\forian@partypoker[2].txt
C:\DOCUME~1\forian\Cookies\forian@32vegas[2].txt
C:\DOCUME~1\forian\Cookies\forian@banner.32vegas[1].txt
C:\DOCUME~1\forian\Cookies\forian@www.vegasaffiliates[1].txt
C:\DOCUME~1\forian\Cookies\forian@www.lop[1].txt
C:\DOCUME~1\forian\Cookies\forian@www.lop[2].txt
C:\WINDOWS\Tasks\AC8E6D519185E5B5.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cake Wipe Inside Wma"="C:\\Documents and Settings\\All Users\\Application Data\\flag barb cake wipe\\army name.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD
-> 72 [ 70 ## added by CiD ]
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 13:33:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DriveCleaner 2006 Free
[F:432][D:77]-> C:\DOCUME~1\forian\LOCALS~1\Temp
[F:586][D:0]-> C:\DOCUME~1\forian\Cookies
[F:2034][D:4]-> C:\DOCUME~1\forian\LOCALS~1\TEMPOR~1\content.IE5
[F:3][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 10/11/2008|13:37 - Option : [1]
--------------------\\ Fin du rapport a 13:37:49
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : forian ( Administrator )
BOOT : Normal boot
Antivirus : Trend Micro Internet Security 17.0.1367 (Activated)
C:\ (Local Disk) - FAT32 - Total:26 Go (Free:4 Go)
D:\ (Local Disk) - FAT32 - Total:26 Go (Free:16 Go)
E:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go)
G:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 10/11/2008|13:08 )
--------------------\\ Listing des dossiers dans APPLIC~1
[24/08/2005|03:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[24/08/2005|03:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/08/2005|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/12/2005|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[25/08/2005|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[10/12/2005|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[02/07/2006|13:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
[08/11/2008|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag barb cake wipe
[19/11/2005|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[09/11/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[30/10/2006|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[24/08/2005|03:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/10/2006|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\new send rdr up
[20/07/2006|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[19/11/2005|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[08/11/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
[02/07/2006|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/11/2008|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[24/08/2005|03:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[24/08/2005|03:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[21/11/2005|15:25] C:\DOCUME~1\forian\APPLIC~1\Adobe
[13/02/2006|11:09] C:\DOCUME~1\forian\APPLIC~1\AdobeUM
[08/12/2005|12:09] C:\DOCUME~1\forian\APPLIC~1\Ahead
[19/11/2005|13:18] C:\DOCUME~1\forian\APPLIC~1\CyberLink
[30/10/2006|21:31] C:\DOCUME~1\forian\APPLIC~1\Else plus
[24/10/2006|18:16] C:\DOCUME~1\forian\APPLIC~1\Help
[24/08/2005|03:39] C:\DOCUME~1\forian\APPLIC~1\Identities
[23/05/2006|19:25] C:\DOCUME~1\forian\APPLIC~1\Intel
[21/03/2007|21:25] C:\DOCUME~1\forian\APPLIC~1\LimeWire
[20/05/2006|19:23] C:\DOCUME~1\forian\APPLIC~1\Macromedia
[09/11/2008|11:09] C:\DOCUME~1\forian\APPLIC~1\Malwarebytes
[24/08/2005|03:27] C:\DOCUME~1\forian\APPLIC~1\Microsoft
[20/05/2006|19:26] C:\DOCUME~1\forian\APPLIC~1\MSNInstaller
[09/04/2008|11:18] C:\DOCUME~1\forian\APPLIC~1\Samsung
[11/06/2006|16:54] C:\DOCUME~1\forian\APPLIC~1\Sun
[19/11/2005|12:55] C:\DOCUME~1\forian\APPLIC~1\Symantec
[08/02/2007|12:23] C:\DOCUME~1\forian\APPLIC~1\vlc
[24/08/2005|03:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/08/2005|03:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[10/11/2008 13:00][--ah-----] C:\WINDOWS\tasks\AC8E6D519185E5B5.job
[10/11/2008 10:30][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( AC8E6D519185E5B5.job )=( c:\docume~1\forian\applic~1\elsepl~1\Thunkdeafgreat.exe )
--------------------\\ MsgPlus SPONSOR INSTALLED !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"DisplayName"="Messenger Plus! 3 & Sponsor"
"SponsorInstalled"=dword:00000000
--------------------\\ Listing des dossiers dans C:\Program Files
[25/08/2005|08:29] C:\Program Files\Acer
[24/08/2005|03:49] C:\Program Files\Acer Inc
[24/08/2005|03:49] C:\Program Files\Adobe
[24/11/2006|14:33] C:\Program Files\Agnitum
[19/11/2005|14:34] C:\Program Files\Ahead
[04/11/2006|11:11] C:\Program Files\Alwil Software
[09/11/2008|17:45] C:\Program Files\Circle Developement
[20/07/2006|22:54] C:\Program Files\Common Files
[24/08/2005|03:33] C:\Program Files\ComPlus Applications
[24/08/2005|03:46] C:\Program Files\CONEXANT
[25/08/2005|08:27] C:\Program Files\CyberLink
[10/12/2005|19:57] C:\Program Files\D-Tools
[10/12/2005|19:55] C:\Program Files\DVD Shrink
[08/11/2008|22:17] C:\Program Files\Else plus
[02/01/2007|12:48] C:\Program Files\eMule
[24/08/2005|03:28] C:\Program Files\Fichiers communs
[24/08/2005|03:41] C:\Program Files\InstallShield Installation Information
[24/08/2005|03:42] C:\Program Files\Intel
[24/08/2005|03:33] C:\Program Files\Internet Explorer
[18/10/2006|21:30] C:\Program Files\Inventel
[11/06/2006|16:50] C:\Program Files\Java
[19/11/2005|12:47] C:\Program Files\Launch Manager
[09/12/2006|20:55] C:\Program Files\LimeWire
[24/05/2006|20:36] C:\Program Files\Logitech
[09/11/2008|11:09] C:\Program Files\Malwarebytes' Anti-Malware
[24/08/2005|03:32] C:\Program Files\Messenger
[09/11/2008|17:45] C:\Program Files\Messenger Plus! Live
[30/10/2006|21:31] C:\Program Files\MessengerPlus! 3
[24/08/2005|03:35] C:\Program Files\microsoft frontpage
[19/11/2005|12:48] C:\Program Files\Microsoft Office
[20/11/2005|23:26] C:\Program Files\Microsoft Visual Studio
[19/11/2005|12:48] C:\Program Files\Microsoft Works
[20/11/2005|23:27] C:\Program Files\Microsoft.NET
[24/08/2005|03:33] C:\Program Files\Movie Maker
[24/08/2005|03:32] C:\Program Files\MSN
[20/05/2006|23:03] C:\Program Files\MSN Apps
[24/08/2005|03:32] C:\Program Files\MSN Gaming Zone
[29/11/2006|09:09] C:\Program Files\MSXML 4.0
[10/11/2008|12:05] C:\Program Files\Navilog1
[24/08/2005|03:33] C:\Program Files\NetMeeting
[24/08/2005|03:51] C:\Program Files\NewTech Infosystems
[24/08/2005|03:33] C:\Program Files\Outlook Express
[04/11/2006|13:07] C:\Program Files\PeerGuardian2
[30/06/2008|18:47] C:\Program Files\PHOTO CARREFOUR
[24/08/2005|03:45] C:\Program Files\Realtek
[09/04/2006|00:25] C:\Program Files\Samsung
[24/08/2005|03:34] C:\Program Files\Services en ligne
[20/07/2006|21:42] C:\Program Files\Sony
[07/03/2007|13:12] C:\Program Files\SuperCopier2
[24/08/2005|03:47] C:\Program Files\Synaptics
[08/11/2008|23:07] C:\Program Files\Trend Micro
[24/08/2005|03:39] C:\Program Files\Uninstall Information
[09/11/2008|10:36] C:\Program Files\Unlocker
[08/02/2007|12:18] C:\Program Files\VideoLAN
[23/10/2006|12:15] C:\Program Files\Wanadoo
[08/11/2008|22:17] C:\Program Files\Windows Live
[02/02/2007|15:56] C:\Program Files\Windows Media Connect 2
[24/08/2005|03:32] C:\Program Files\Windows Media Player
[24/08/2005|03:32] C:\Program Files\Windows NT
[24/08/2005|03:34] C:\Program Files\WindowsUpdate
[19/11/2005|12:44] C:\Program Files\WinPCap
[24/08/2005|03:35] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[24/08/2005|03:49] C:\Program Files\Fichiers communs\Adobe
[24/11/2006|14:33] C:\Program Files\Fichiers communs\Agnitum Shared
[10/12/2005|19:42] C:\Program Files\Fichiers communs\Ahead
[20/11/2005|23:26] C:\Program Files\Fichiers communs\DESIGNER
[24/08/2005|03:41] C:\Program Files\Fichiers communs\InstallShield
[11/06/2006|16:18] C:\Program Files\Fichiers communs\Java
[24/05/2006|20:37] C:\Program Files\Fichiers communs\Logitech
[24/08/2005|03:28] C:\Program Files\Fichiers communs\Microsoft Shared
[24/08/2005|03:33] C:\Program Files\Fichiers communs\MSSoap
[24/08/2005|03:51] C:\Program Files\Fichiers communs\muvee Technologies
[24/08/2005|03:51] C:\Program Files\Fichiers communs\NewTech Infosystems
[24/08/2005|03:28] C:\Program Files\Fichiers communs\ODBC
[24/08/2005|03:33] C:\Program Files\Fichiers communs\Services
[20/07/2006|21:42] C:\Program Files\Fichiers communs\Sony Shared
[24/08/2005|03:28] C:\Program Files\Fichiers communs\SpeechEngines
[24/08/2005|03:33] C:\Program Files\Fichiers communs\System
[08/11/2008|22:17] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 56 Processes )
IEXPLORE.EXE ~ [PID:820]
iexplore.exe ~ [PID:1612]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS
C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\uslhqaqs.exe
C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\JoyPokeForkBlue.exe
C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\Thunkdeafgreat.exe
C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\sctnbgpm.exe
C:\Program Files\ELSE PLUS
C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag barb cake wipe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag barb cake wipe\army name.exe
C:\DOCUME~1\forian\APPLIC~1\elsepl~1
C:\DOCUME~1\forian\APPLIC~1\elsepl~1\uslhqaqs.exe
C:\DOCUME~1\forian\APPLIC~1\elsepl~1\JoyPokeForkBlue.exe
C:\DOCUME~1\forian\APPLIC~1\elsepl~1\Thunkdeafgreat.exe
C:\DOCUME~1\forian\APPLIC~1\elsepl~1\sctnbgpm.exe
C:\Program Files\elsepl~1
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\forian\Cookies\forian@d2.advertserve[1].txt
C:\DOCUME~1\forian\Cookies\forian@advertising[1].txt
C:\DOCUME~1\forian\Cookies\forian@fr.xblaster.bigpoint[1].txt
C:\DOCUME~1\forian\Cookies\forian@bigpoint[1].txt
C:\DOCUME~1\forian\Cookies\forian@casinoking[1].txt
C:\DOCUME~1\forian\Cookies\forian@banner.casinoking[2].txt
C:\DOCUME~1\forian\Cookies\forian@banner.cotedazurpalace[2].txt
C:\DOCUME~1\forian\Cookies\forian@adopt.euroclick[2].txt
C:\DOCUME~1\forian\Cookies\forian@pacificpoker[4].txt
C:\DOCUME~1\forian\Cookies\forian@pacificpoker[2].txt
C:\DOCUME~1\forian\Cookies\forian@pacificpoker[1].txt
C:\DOCUME~1\forian\Cookies\forian@partypoker[2].txt
C:\DOCUME~1\forian\Cookies\forian@32vegas[2].txt
C:\DOCUME~1\forian\Cookies\forian@banner.32vegas[1].txt
C:\DOCUME~1\forian\Cookies\forian@www.vegasaffiliates[1].txt
C:\DOCUME~1\forian\Cookies\forian@www.lop[1].txt
C:\DOCUME~1\forian\Cookies\forian@www.lop[2].txt
C:\WINDOWS\Tasks\AC8E6D519185E5B5.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cake Wipe Inside Wma"="C:\\Documents and Settings\\All Users\\Application Data\\flag barb cake wipe\\army name.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD
-> 72 [ 70 ## added by CiD ]
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 13:33:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DriveCleaner 2006 Free
[F:432][D:77]-> C:\DOCUME~1\forian\LOCALS~1\Temp
[F:586][D:0]-> C:\DOCUME~1\forian\Cookies
[F:2034][D:4]-> C:\DOCUME~1\forian\LOCALS~1\TEMPOR~1\content.IE5
[F:3][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 10/11/2008|13:37 - Option : [1]
--------------------\\ Fin du rapport a 13:37:49
Re,
Et ben ........
Relance Lop S&D
Choisis cette fois ci l'Option 2 ( Suppression )
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,
Nouvelle tâche, tape explorer.exe et valide )
Refait un hijackthis.
merci
Et ben ........
Relance Lop S&D
Choisis cette fois ci l'Option 2 ( Suppression )
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,
Nouvelle tâche, tape explorer.exe et valide )
Refait un hijackthis.
merci
alors smss.exe je le trouve dans 3 fichiers:
- C:\i386\SYSTEM32
- C:\windows\system32
- C:\windows\softwaredistribution\download\7a1946fba2b8886ae6be37be6d51ae57
- C:\i386\SYSTEM32
- C:\windows\system32
- C:\windows\softwaredistribution\download\7a1946fba2b8886ae6be37be6d51ae57
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Dernoer rapport et je refais hisjack
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : forian ( Administrator )
BOOT : Normal boot
Antivirus : Trend Micro Internet Security 17.0.1367 (Activated)
C:\ (Local Disk) - FAT32 - Total:26 Go (Free:3 Go)
D:\ (Local Disk) - FAT32 - Total:26 Go (Free:16 Go)
E:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go)
G:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 10/11/2008|17:02 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\JoyPokeForkBlue.exe
Supprime! - C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\Thunkdeafgreat.exe
Supprime! - C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\sctnbgpm.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag barb cake wipe\army name.exe
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\DOCUME~1\forian\Cookies\forian@d2.advertserve[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@advertising[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@fr.xblaster.bigpoint[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@bigpoint[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@casinoking[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@banner.casinoking[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@pacificpoker[4].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@pacificpoker[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@partypoker[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@32vegas[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@banner.32vegas[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@www.vegasaffiliates[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@www.lop[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@www.lop[2].txt
Supprime! - C:\WINDOWS\Tasks\AC8E6D519185E5B5.job
Supprime! - C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS
Supprime! - C:\Program Files\ELSE PLUS
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag barb cake wipe
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[24/08/2005|03:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[24/08/2005|03:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/08/2005|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/12/2005|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[25/08/2005|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[10/12/2005|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[19/11/2005|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[09/11/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[30/10/2006|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[24/08/2005|03:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/10/2006|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\new send rdr up
[20/07/2006|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[19/11/2005|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[08/11/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
[02/07/2006|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/11/2008|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[24/08/2005|03:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[24/08/2005|03:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[21/11/2005|15:25] C:\DOCUME~1\forian\APPLIC~1\Adobe
[13/02/2006|11:09] C:\DOCUME~1\forian\APPLIC~1\AdobeUM
[08/12/2005|12:09] C:\DOCUME~1\forian\APPLIC~1\Ahead
[19/11/2005|13:18] C:\DOCUME~1\forian\APPLIC~1\CyberLink
[24/10/2006|18:16] C:\DOCUME~1\forian\APPLIC~1\Help
[24/08/2005|03:39] C:\DOCUME~1\forian\APPLIC~1\Identities
[23/05/2006|19:25] C:\DOCUME~1\forian\APPLIC~1\Intel
[21/03/2007|21:25] C:\DOCUME~1\forian\APPLIC~1\LimeWire
[20/05/2006|19:23] C:\DOCUME~1\forian\APPLIC~1\Macromedia
[09/11/2008|11:09] C:\DOCUME~1\forian\APPLIC~1\Malwarebytes
[24/08/2005|03:27] C:\DOCUME~1\forian\APPLIC~1\Microsoft
[20/05/2006|19:26] C:\DOCUME~1\forian\APPLIC~1\MSNInstaller
[09/04/2008|11:18] C:\DOCUME~1\forian\APPLIC~1\Samsung
[11/06/2006|16:54] C:\DOCUME~1\forian\APPLIC~1\Sun
[19/11/2005|12:55] C:\DOCUME~1\forian\APPLIC~1\Symantec
[08/02/2007|12:23] C:\DOCUME~1\forian\APPLIC~1\vlc
[24/08/2005|03:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/08/2005|03:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[10/11/2008 16:39][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ MsgPlus SPONSOR INSTALLED !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"SponsorInstalled"=dword:00000000
--------------------\\ Listing des dossiers dans C:\Program Files
[25/08/2005|08:29] C:\Program Files\Acer
[24/08/2005|03:49] C:\Program Files\Acer Inc
[24/08/2005|03:49] C:\Program Files\Adobe
[24/11/2006|14:33] C:\Program Files\Agnitum
[19/11/2005|14:34] C:\Program Files\Ahead
[04/11/2006|11:11] C:\Program Files\Alwil Software
[20/07/2006|22:54] C:\Program Files\Common Files
[24/08/2005|03:33] C:\Program Files\ComPlus Applications
[24/08/2005|03:46] C:\Program Files\CONEXANT
[25/08/2005|08:27] C:\Program Files\CyberLink
[10/12/2005|19:57] C:\Program Files\D-Tools
[10/12/2005|19:55] C:\Program Files\DVD Shrink
[02/01/2007|12:48] C:\Program Files\eMule
[24/08/2005|03:28] C:\Program Files\Fichiers communs
[24/08/2005|03:41] C:\Program Files\InstallShield Installation Information
[24/08/2005|03:42] C:\Program Files\Intel
[24/08/2005|03:33] C:\Program Files\Internet Explorer
[18/10/2006|21:30] C:\Program Files\Inventel
[11/06/2006|16:50] C:\Program Files\Java
[19/11/2005|12:47] C:\Program Files\Launch Manager
[09/12/2006|20:55] C:\Program Files\LimeWire
[24/05/2006|20:36] C:\Program Files\Logitech
[09/11/2008|11:09] C:\Program Files\Malwarebytes' Anti-Malware
[24/08/2005|03:32] C:\Program Files\Messenger
[09/11/2008|17:45] C:\Program Files\Messenger Plus! Live
[30/10/2006|21:31] C:\Program Files\MessengerPlus! 3
[24/08/2005|03:35] C:\Program Files\microsoft frontpage
[19/11/2005|12:48] C:\Program Files\Microsoft Office
[20/11/2005|23:26] C:\Program Files\Microsoft Visual Studio
[19/11/2005|12:48] C:\Program Files\Microsoft Works
[20/11/2005|23:27] C:\Program Files\Microsoft.NET
[24/08/2005|03:33] C:\Program Files\Movie Maker
[24/08/2005|03:32] C:\Program Files\MSN
[20/05/2006|23:03] C:\Program Files\MSN Apps
[24/08/2005|03:32] C:\Program Files\MSN Gaming Zone
[29/11/2006|09:09] C:\Program Files\MSXML 4.0
[10/11/2008|12:05] C:\Program Files\Navilog1
[24/08/2005|03:33] C:\Program Files\NetMeeting
[24/08/2005|03:51] C:\Program Files\NewTech Infosystems
[24/08/2005|03:33] C:\Program Files\Outlook Express
[04/11/2006|13:07] C:\Program Files\PeerGuardian2
[30/06/2008|18:47] C:\Program Files\PHOTO CARREFOUR
[24/08/2005|03:45] C:\Program Files\Realtek
[09/04/2006|00:25] C:\Program Files\Samsung
[24/08/2005|03:34] C:\Program Files\Services en ligne
[20/07/2006|21:42] C:\Program Files\Sony
[07/03/2007|13:12] C:\Program Files\SuperCopier2
[24/08/2005|03:47] C:\Program Files\Synaptics
[08/11/2008|23:07] C:\Program Files\Trend Micro
[24/08/2005|03:39] C:\Program Files\Uninstall Information
[09/11/2008|10:36] C:\Program Files\Unlocker
[08/02/2007|12:18] C:\Program Files\VideoLAN
[23/10/2006|12:15] C:\Program Files\Wanadoo
[08/11/2008|22:17] C:\Program Files\Windows Live
[02/02/2007|15:56] C:\Program Files\Windows Media Connect 2
[24/08/2005|03:32] C:\Program Files\Windows Media Player
[24/08/2005|03:32] C:\Program Files\Windows NT
[24/08/2005|03:34] C:\Program Files\WindowsUpdate
[19/11/2005|12:44] C:\Program Files\WinPCap
[24/08/2005|03:35] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[24/08/2005|03:49] C:\Program Files\Fichiers communs\Adobe
[24/11/2006|14:33] C:\Program Files\Fichiers communs\Agnitum Shared
[10/12/2005|19:42] C:\Program Files\Fichiers communs\Ahead
[20/11/2005|23:26] C:\Program Files\Fichiers communs\DESIGNER
[24/08/2005|03:41] C:\Program Files\Fichiers communs\InstallShield
[11/06/2006|16:18] C:\Program Files\Fichiers communs\Java
[24/05/2006|20:37] C:\Program Files\Fichiers communs\Logitech
[24/08/2005|03:28] C:\Program Files\Fichiers communs\Microsoft Shared
[24/08/2005|03:33] C:\Program Files\Fichiers communs\MSSoap
[24/08/2005|03:51] C:\Program Files\Fichiers communs\muvee Technologies
[24/08/2005|03:51] C:\Program Files\Fichiers communs\NewTech Infosystems
[24/08/2005|03:28] C:\Program Files\Fichiers communs\ODBC
[24/08/2005|03:33] C:\Program Files\Fichiers communs\Services
[20/07/2006|21:42] C:\Program Files\Fichiers communs\Sony Shared
[24/08/2005|03:28] C:\Program Files\Fichiers communs\SpeechEngines
[24/08/2005|03:33] C:\Program Files\Fichiers communs\System
[08/11/2008|22:17] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 60 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 17:07:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DriveCleaner 2006 Free
[F:434][D:77]-> C:\DOCUME~1\forian\LOCALS~1\Temp
[F:576][D:0]-> C:\DOCUME~1\forian\Cookies
[F:2671][D:4]-> C:\DOCUME~1\forian\LOCALS~1\TEMPOR~1\content.IE5
[F:3][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 10/11/2008|13:37 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/11/2008|17:08 - Option : [2]
--------------------\\ Fin du rapport a 17:08:57
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : forian ( Administrator )
BOOT : Normal boot
Antivirus : Trend Micro Internet Security 17.0.1367 (Activated)
C:\ (Local Disk) - FAT32 - Total:26 Go (Free:3 Go)
D:\ (Local Disk) - FAT32 - Total:26 Go (Free:16 Go)
E:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go)
G:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 10/11/2008|17:02 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\JoyPokeForkBlue.exe
Supprime! - C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\Thunkdeafgreat.exe
Supprime! - C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS\sctnbgpm.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag barb cake wipe\army name.exe
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\DOCUME~1\forian\Cookies\forian@d2.advertserve[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@advertising[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@fr.xblaster.bigpoint[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@bigpoint[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@casinoking[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@banner.casinoking[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@pacificpoker[4].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@pacificpoker[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@partypoker[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@32vegas[2].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@banner.32vegas[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@www.vegasaffiliates[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@www.lop[1].txt
Supprime! - C:\DOCUME~1\forian\Cookies\forian@www.lop[2].txt
Supprime! - C:\WINDOWS\Tasks\AC8E6D519185E5B5.job
Supprime! - C:\DOCUME~1\forian\APPLIC~1\ELSE PLUS
Supprime! - C:\Program Files\ELSE PLUS
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag barb cake wipe
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[24/08/2005|03:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[24/08/2005|03:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/08/2005|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/12/2005|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[25/08/2005|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[10/12/2005|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[19/11/2005|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[09/11/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[30/10/2006|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[24/08/2005|03:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/10/2006|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\new send rdr up
[20/07/2006|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[19/11/2005|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[08/11/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
[02/07/2006|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/11/2008|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[24/08/2005|03:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[24/08/2005|03:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[21/11/2005|15:25] C:\DOCUME~1\forian\APPLIC~1\Adobe
[13/02/2006|11:09] C:\DOCUME~1\forian\APPLIC~1\AdobeUM
[08/12/2005|12:09] C:\DOCUME~1\forian\APPLIC~1\Ahead
[19/11/2005|13:18] C:\DOCUME~1\forian\APPLIC~1\CyberLink
[24/10/2006|18:16] C:\DOCUME~1\forian\APPLIC~1\Help
[24/08/2005|03:39] C:\DOCUME~1\forian\APPLIC~1\Identities
[23/05/2006|19:25] C:\DOCUME~1\forian\APPLIC~1\Intel
[21/03/2007|21:25] C:\DOCUME~1\forian\APPLIC~1\LimeWire
[20/05/2006|19:23] C:\DOCUME~1\forian\APPLIC~1\Macromedia
[09/11/2008|11:09] C:\DOCUME~1\forian\APPLIC~1\Malwarebytes
[24/08/2005|03:27] C:\DOCUME~1\forian\APPLIC~1\Microsoft
[20/05/2006|19:26] C:\DOCUME~1\forian\APPLIC~1\MSNInstaller
[09/04/2008|11:18] C:\DOCUME~1\forian\APPLIC~1\Samsung
[11/06/2006|16:54] C:\DOCUME~1\forian\APPLIC~1\Sun
[19/11/2005|12:55] C:\DOCUME~1\forian\APPLIC~1\Symantec
[08/02/2007|12:23] C:\DOCUME~1\forian\APPLIC~1\vlc
[24/08/2005|03:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/08/2005|03:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[10/11/2008 16:39][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ MsgPlus SPONSOR INSTALLED !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"SponsorInstalled"=dword:00000000
--------------------\\ Listing des dossiers dans C:\Program Files
[25/08/2005|08:29] C:\Program Files\Acer
[24/08/2005|03:49] C:\Program Files\Acer Inc
[24/08/2005|03:49] C:\Program Files\Adobe
[24/11/2006|14:33] C:\Program Files\Agnitum
[19/11/2005|14:34] C:\Program Files\Ahead
[04/11/2006|11:11] C:\Program Files\Alwil Software
[20/07/2006|22:54] C:\Program Files\Common Files
[24/08/2005|03:33] C:\Program Files\ComPlus Applications
[24/08/2005|03:46] C:\Program Files\CONEXANT
[25/08/2005|08:27] C:\Program Files\CyberLink
[10/12/2005|19:57] C:\Program Files\D-Tools
[10/12/2005|19:55] C:\Program Files\DVD Shrink
[02/01/2007|12:48] C:\Program Files\eMule
[24/08/2005|03:28] C:\Program Files\Fichiers communs
[24/08/2005|03:41] C:\Program Files\InstallShield Installation Information
[24/08/2005|03:42] C:\Program Files\Intel
[24/08/2005|03:33] C:\Program Files\Internet Explorer
[18/10/2006|21:30] C:\Program Files\Inventel
[11/06/2006|16:50] C:\Program Files\Java
[19/11/2005|12:47] C:\Program Files\Launch Manager
[09/12/2006|20:55] C:\Program Files\LimeWire
[24/05/2006|20:36] C:\Program Files\Logitech
[09/11/2008|11:09] C:\Program Files\Malwarebytes' Anti-Malware
[24/08/2005|03:32] C:\Program Files\Messenger
[09/11/2008|17:45] C:\Program Files\Messenger Plus! Live
[30/10/2006|21:31] C:\Program Files\MessengerPlus! 3
[24/08/2005|03:35] C:\Program Files\microsoft frontpage
[19/11/2005|12:48] C:\Program Files\Microsoft Office
[20/11/2005|23:26] C:\Program Files\Microsoft Visual Studio
[19/11/2005|12:48] C:\Program Files\Microsoft Works
[20/11/2005|23:27] C:\Program Files\Microsoft.NET
[24/08/2005|03:33] C:\Program Files\Movie Maker
[24/08/2005|03:32] C:\Program Files\MSN
[20/05/2006|23:03] C:\Program Files\MSN Apps
[24/08/2005|03:32] C:\Program Files\MSN Gaming Zone
[29/11/2006|09:09] C:\Program Files\MSXML 4.0
[10/11/2008|12:05] C:\Program Files\Navilog1
[24/08/2005|03:33] C:\Program Files\NetMeeting
[24/08/2005|03:51] C:\Program Files\NewTech Infosystems
[24/08/2005|03:33] C:\Program Files\Outlook Express
[04/11/2006|13:07] C:\Program Files\PeerGuardian2
[30/06/2008|18:47] C:\Program Files\PHOTO CARREFOUR
[24/08/2005|03:45] C:\Program Files\Realtek
[09/04/2006|00:25] C:\Program Files\Samsung
[24/08/2005|03:34] C:\Program Files\Services en ligne
[20/07/2006|21:42] C:\Program Files\Sony
[07/03/2007|13:12] C:\Program Files\SuperCopier2
[24/08/2005|03:47] C:\Program Files\Synaptics
[08/11/2008|23:07] C:\Program Files\Trend Micro
[24/08/2005|03:39] C:\Program Files\Uninstall Information
[09/11/2008|10:36] C:\Program Files\Unlocker
[08/02/2007|12:18] C:\Program Files\VideoLAN
[23/10/2006|12:15] C:\Program Files\Wanadoo
[08/11/2008|22:17] C:\Program Files\Windows Live
[02/02/2007|15:56] C:\Program Files\Windows Media Connect 2
[24/08/2005|03:32] C:\Program Files\Windows Media Player
[24/08/2005|03:32] C:\Program Files\Windows NT
[24/08/2005|03:34] C:\Program Files\WindowsUpdate
[19/11/2005|12:44] C:\Program Files\WinPCap
[24/08/2005|03:35] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[24/08/2005|03:49] C:\Program Files\Fichiers communs\Adobe
[24/11/2006|14:33] C:\Program Files\Fichiers communs\Agnitum Shared
[10/12/2005|19:42] C:\Program Files\Fichiers communs\Ahead
[20/11/2005|23:26] C:\Program Files\Fichiers communs\DESIGNER
[24/08/2005|03:41] C:\Program Files\Fichiers communs\InstallShield
[11/06/2006|16:18] C:\Program Files\Fichiers communs\Java
[24/05/2006|20:37] C:\Program Files\Fichiers communs\Logitech
[24/08/2005|03:28] C:\Program Files\Fichiers communs\Microsoft Shared
[24/08/2005|03:33] C:\Program Files\Fichiers communs\MSSoap
[24/08/2005|03:51] C:\Program Files\Fichiers communs\muvee Technologies
[24/08/2005|03:51] C:\Program Files\Fichiers communs\NewTech Infosystems
[24/08/2005|03:28] C:\Program Files\Fichiers communs\ODBC
[24/08/2005|03:33] C:\Program Files\Fichiers communs\Services
[20/07/2006|21:42] C:\Program Files\Fichiers communs\Sony Shared
[24/08/2005|03:28] C:\Program Files\Fichiers communs\SpeechEngines
[24/08/2005|03:33] C:\Program Files\Fichiers communs\System
[08/11/2008|22:17] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 60 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 17:07:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DriveCleaner 2006 Free
[F:434][D:77]-> C:\DOCUME~1\forian\LOCALS~1\Temp
[F:576][D:0]-> C:\DOCUME~1\forian\Cookies
[F:2671][D:4]-> C:\DOCUME~1\forian\LOCALS~1\TEMPOR~1\content.IE5
[F:3][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 10/11/2008|13:37 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/11/2008|17:08 - Option : [2]
--------------------\\ Fin du rapport a 17:08:57
voila le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:02, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:02, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
Re,
ton rapport ne montre plus rien de mauvais :
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques
Télécharge toolscleaner sur ton Bureau :
toolscleaner
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
Tutoriel toolscleaner
Désactive et réactive la Restauration du système :
1 Dans la barre des tâches de Windows, clique sur Démarrer.
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
4 Clique sur Appliquer.
5 Ensuite décoche "Désactiver la restauration du systeme"
6 clique sur appliquer puis ok
7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
ton rapport ne montre plus rien de mauvais :
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques
Télécharge toolscleaner sur ton Bureau :
toolscleaner
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
Tutoriel toolscleaner
Désactive et réactive la Restauration du système :
1 Dans la barre des tâches de Windows, clique sur Démarrer.
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
4 Clique sur Appliquer.
5 Ensuite décoche "Désactiver la restauration du systeme"
6 clique sur appliquer puis ok
7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\fixnavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\forian\Shared\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\forian\Shared\Bureau\SmitFraudfix: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\forian\Shared\Bureau\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\fixnavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Lop SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\forian\Shared\Bureau\SmitFraudfix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
-->- Recherche:
C:\fixnavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\forian\Shared\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\forian\Shared\Bureau\SmitFraudfix: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\forian\Shared\Bureau\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\fixnavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Lop SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\forian\Shared\Bureau\SmitFraudfix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
