Sujet Précédent Sujet Suivant

Scan virus CiD , Analyse svp !

Fermé
RoMz34 - 26 juil. 2008 à 20:20
 RoMz34 - 26 juil. 2008 à 22:56
Bonjour, voici le scan de Hijack , on m'a conseillé de la poster ici , quelqun peu m'aider pour enlever ces satané pub , elle me pourrissent la vie :s !! meme avec Anti pub , merci !! Le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:35, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ManyCam 2.2\ManyCam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\romain_2\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [uPlayMe] "C:\Program Files\uPlayMe\uPlayMe.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\GLOBAL MAIL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BT Softphone 2] "C:\Program Files\BT Softphone 2\BTSoftphone2.exe"
O4 - HKCU\..\Run: [BoltStop] C:\DOCUME~1\romain_2\APPLIC~1\GPLBYT~1\Third mfcd.exe
O4 - HKCU\..\Run: [bait deaf idle setup] C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf\barb view.exe
O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.2\ManyCam.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-746137067-261478967-725345543-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'alexandre')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Print Spooler Service (gueewa8jyeyaw) - Unknown owner - C:\WINDOWS\system32\ubppugudacs.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
A voir également:

17 réponses

Réponse 1 / 17
RoMz34
26 juil. 2008 à 20:25
UP !! svp aidez moi
0
Réponse 2 / 17
Utilisateur anonyme
26 juil. 2008 à 20:26
Salut,

télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)


Tutorial ( aide ) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm
0
Réponse 3 / 17
RoMz34
26 juil. 2008 à 20:40
Voici mon rapport :) !!!


--------------------\\ Lop S&D 4.2.2-4 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : romain_2 ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 26/07/2008 | 20:30:42,92 ] [ PC : MAISON-5BGGWHKL ]
[ MAJ : 25-07-2008 | 17:45 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[22/06/2007|12:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[25/06/2007|12:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[22/06/2007|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[25/06/2007|12:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[22/06/2007|14:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[25/06/2007|12:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[22/06/2007|14:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[25/06/2007|12:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback


[02/07/2008|11:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B31E3E9A-7A94-4183-BD28-22754492D98F}
[12/07/2008|00:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/01/2008|00:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[13/02/2008|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04/03/2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BT
[22/06/2007|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[16/11/2007|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
[27/06/2007|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[24/06/2008|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
[09/05/2008|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Insight Software
[09/05/2008|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Insight Software Solutions
[26/05/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[24/06/2008|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[24/06/2008|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[07/05/2008|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[15/11/2007|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[19/05/2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/07/2008|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[19/01/2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[15/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbError.bmp
[26/05/2008|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[27/06/2007|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[16/05/2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[20/02/2008|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[24/07/2008|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
[02/06/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[07/05/2008|21:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[12/07/2008|00:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\uPlayMe
[22/06/2007|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[25/07/2008|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[22/06/2007|12:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[01/01/2008|23:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[22/06/2007|11:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[24/07/2008|10:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

[22/06/2007|12:10] C:\DOCUME~1\MCAFEE~1\APPLIC~1\desktop.ini
[03/07/2007|20:27] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Microsoft

[22/06/2007|12:10] C:\DOCUME~1\MCAFEE~1.MAI\APPLIC~1\desktop.ini
[14/12/2007|17:27] C:\DOCUME~1\MCAFEE~1.MAI\APPLIC~1\Microsoft
[16/05/2008|16:49] C:\DOCUME~1\MCAFEE~1.MAI\APPLIC~1\SiteAdvisor

[01/01/2008|23:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/07/2008|00:12] C:\DOCUME~1\romain_2\APPLIC~1\AccurateRip
[12/07/2008|00:25] C:\DOCUME~1\romain_2\APPLIC~1\Adobe
[31/08/2007|16:07] C:\DOCUME~1\romain_2\APPLIC~1\ALLCapture
[09/04/2008|20:43] C:\DOCUME~1\romain_2\APPLIC~1\Apple Computer
[27/06/2007|08:08] C:\DOCUME~1\romain_2\APPLIC~1\Azureus
[04/03/2008|20:34] C:\DOCUME~1\romain_2\APPLIC~1\BT
[22/06/2007|12:10] C:\DOCUME~1\romain_2\APPLIC~1\desktop.ini
[28/04/2008|22:26] C:\DOCUME~1\romain_2\APPLIC~1\Desktopicon
[01/06/2008|00:01] C:\DOCUME~1\romain_2\APPLIC~1\EoRezo
[07/07/2008|21:07] C:\DOCUME~1\romain_2\APPLIC~1\fretsonfire
[26/06/2007|14:00] C:\DOCUME~1\romain_2\APPLIC~1\Google
[24/07/2008|12:20] C:\DOCUME~1\romain_2\APPLIC~1\Gpl byte
[07/05/2008|22:58] C:\DOCUME~1\romain_2\APPLIC~1\gtk-2.0
[25/06/2007|14:00] C:\DOCUME~1\romain_2\APPLIC~1\Identities
[09/06/2008|13:01] C:\DOCUME~1\romain_2\APPLIC~1\Iminent
[11/04/2008|16:23] C:\DOCUME~1\romain_2\APPLIC~1\ItsLabel
[26/06/2007|20:10] C:\DOCUME~1\romain_2\APPLIC~1\Macromedia
[07/05/2008|22:14] C:\DOCUME~1\romain_2\APPLIC~1\MAGIX
[08/05/2008|00:08] C:\DOCUME~1\romain_2\APPLIC~1\Media Player Classic
[03/02/2008|11:37] C:\DOCUME~1\romain_2\APPLIC~1\Microsoft
[26/06/2007|14:16] C:\DOCUME~1\romain_2\APPLIC~1\Mozilla
[17/03/2008|23:16] C:\DOCUME~1\romain_2\APPLIC~1\Notepad++
[25/06/2008|07:23] C:\DOCUME~1\romain_2\APPLIC~1\OpenOffice.org2
[01/07/2008|11:31] C:\DOCUME~1\romain_2\APPLIC~1\Opera
[15/11/2007|20:45] C:\DOCUME~1\romain_2\APPLIC~1\SiteAdvisor
[04/03/2008|20:34] C:\DOCUME~1\romain_2\APPLIC~1\Skinux
[19/02/2008|20:56] C:\DOCUME~1\romain_2\APPLIC~1\Skype
[19/02/2008|14:39] C:\DOCUME~1\romain_2\APPLIC~1\skypePM
[12/12/2007|17:48] C:\DOCUME~1\romain_2\APPLIC~1\Sun
[28/05/2008|15:04] C:\DOCUME~1\romain_2\APPLIC~1\SystemRequirementsLab
[26/06/2007|14:16] C:\DOCUME~1\romain_2\APPLIC~1\Talkback
[26/04/2008|23:59] C:\DOCUME~1\romain_2\APPLIC~1\teamspeak2
[27/06/2007|11:14] C:\DOCUME~1\romain_2\APPLIC~1\vlc
[06/01/2008|15:08] C:\DOCUME~1\romain_2\APPLIC~1\Winamp
[27/06/2007|13:59] C:\DOCUME~1\romain_2\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[26/07/2008 20:00][--ah-----] C:\WINDOWS\tasks\B60E01029131AA6E.job
[08/07/2008 15:43][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[26/07/2008 16:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 02:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( B60E01029131AA6E.job )=( c:\docume~1\romain_2\applic~1\gplbyt~1\roamtonselse.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[28/05/2008|15:10] C:\Program Files\AC Tool
[02/03/2008|14:15] C:\Program Files\Adobe
[26/07/2008|00:28] C:\Program Files\Antipub
[06/01/2008|00:53] C:\Program Files\Apple Software Update
[09/07/2008|12:06] C:\Program Files\AudioConverter Studio
[13/02/2008|20:41] C:\Program Files\BitComet
[13/02/2008|19:38] C:\Program Files\Bonjour
[05/03/2008|14:48] C:\Program Files\BT Softphone 2
[30/10/2007|14:54] C:\Program Files\Cakewalk
[25/06/2007|12:12] C:\Program Files\CCleaner
[19/05/2008|20:41] C:\Program Files\Circle Developement
[15/11/2007|13:45] C:\Program Files\C-Media
[22/06/2007|11:17] C:\Program Files\ComPlus Applications
[28/05/2008|15:10] C:\Program Files\CSO-DAX Compressor
[18/06/2008|18:01] C:\Program Files\DivX
[06/01/2008|13:21] C:\Program Files\EphPod
[25/07/2008|12:29] C:\Program Files\Fichiers communs
[13/07/2008|22:31] C:\Program Files\Frets on Fire
[07/05/2008|23:02] C:\Program Files\GIMP-2.0
[17/07/2007|09:45] C:\Program Files\Google
[24/07/2008|12:16] C:\Program Files\Gpl byte
[18/06/2008|18:05] C:\Program Files\GUILD WARS
[09/07/2008|00:12] C:\Program Files\Illustrate
[16/07/2008|21:53] C:\Program Files\Iminent
[27/01/2008|21:10] C:\Program Files\InstallShield Installation Information
[11/06/2008|23:29] C:\Program Files\Internet Explorer
[13/02/2008|19:38] C:\Program Files\iPod
[12/07/2008|00:25] C:\Program Files\iTunes
[28/06/2007|14:37] C:\Program Files\Java
[23/07/2008|09:47] C:\Program Files\Lavasoft
[13/07/2008|15:31] C:\Program Files\LimeWire
[24/06/2008|19:25] C:\Program Files\Logitech
[25/07/2008|20:09] C:\Program Files\ManyCam 2.2
[25/06/2007|12:38] C:\Program Files\McAfee
[28/05/2008|15:10] C:\Program Files\Messenger
[19/05/2008|20:41] C:\Program Files\Messenger Plus! Live
[15/06/2008|16:56] C:\Program Files\MessengerDiscovery
[21/02/2008|22:10] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/06/2007|11:19] C:\Program Files\microsoft frontpage
[03/02/2008|11:37] C:\Program Files\Microsoft Office
[28/05/2008|15:10] C:\Program Files\Movie Maker
[26/07/2008|20:03] C:\Program Files\Mozilla Firefox
[22/06/2007|14:36] C:\Program Files\MSI
[22/06/2007|11:17] C:\Program Files\MSN
[22/06/2007|11:17] C:\Program Files\MSN Gaming Zone
[15/06/2008|16:56] C:\Program Files\MSN Messenger
[27/06/2007|15:35] C:\Program Files\MSXML 4.0
[26/07/2008|20:27] C:\Program Files\Navilog1
[22/06/2007|11:32] C:\Program Files\NetMeeting
[17/03/2008|22:58] C:\Program Files\Notepad++
[10/04/2008|21:10] C:\Program Files\OpenOffice.org 2.4
[01/07/2008|09:25] C:\Program Files\Opera
[26/05/2008|21:26] C:\Program Files\Orb Networks
[22/06/2007|15:12] C:\Program Files\Outlook Express
[13/03/2008|23:09] C:\Program Files\PhotoFiltre
[13/02/2008|19:37] C:\Program Files\QuickTime
[15/02/2008|20:16] C:\Program Files\Red Kawa
[23/07/2008|12:41] C:\Program Files\Seagrand
[22/06/2007|11:17] C:\Program Files\Services en ligne
[22/06/2007|14:57] C:\Program Files\Setup Files
[22/06/2007|14:41] C:\Program Files\Silicon Image
[16/05/2008|17:52] C:\Program Files\SiteAdvisor
[02/06/2008|18:36] C:\Program Files\Spybot - Search & Destroy
[28/05/2008|15:04] C:\Program Files\SystemRequirementsLab
[06/04/2008|10:27] C:\Program Files\Teamspeak2_RC2
[31/12/2007|16:13] C:\Program Files\Thrustmaster
[22/06/2007|11:23] C:\Program Files\Uninstall Information
[12/07/2008|11:52] C:\Program Files\uPlayMe
[07/11/2007|17:12] C:\Program Files\Valve
[27/08/2007|13:25] C:\Program Files\VideoLAN
[25/07/2008|12:51] C:\Program Files\Windows Live
[28/05/2008|15:10] C:\Program Files\Windows Media Connect 2
[28/05/2008|15:10] C:\Program Files\Windows Media Player
[22/06/2007|11:32] C:\Program Files\Windows NT
[22/06/2007|11:17] C:\Program Files\WindowsUpdate
[26/06/2007|16:17] C:\Program Files\WinRAR
[22/06/2007|11:19] C:\Program Files\xerox
[09/02/2008|11:24] C:\Program Files\XLink Kai Evolution VII

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/03/2008|15:22] C:\Program Files\Fichiers communs\Adobe
[06/01/2008|00:52] C:\Program Files\Fichiers communs\Apple
[22/06/2007|14:49] C:\Program Files\Fichiers communs\InstallShield
[22/06/2007|14:41] C:\Program Files\Fichiers communs\Java
[24/06/2008|19:25] C:\Program Files\Fichiers communs\logishrd
[07/05/2008|22:13] C:\Program Files\Fichiers communs\MAGIX Shared
[24/03/2008|17:17] C:\Program Files\Fichiers communs\Microsoft Shared
[22/06/2007|11:18] C:\Program Files\Fichiers communs\MSSoap
[22/06/2007|12:10] C:\Program Files\Fichiers communs\ODBC
[01/06/2008|00:04] C:\Program Files\Fichiers communs\Services
[22/06/2007|12:10] C:\Program Files\Fichiers communs\SpeechEngines
[22/06/2007|15:12] C:\Program Files\Fichiers communs\System
[24/03/2008|17:21] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 53 Processus )

iexplore.exe ~ [2124]
iexplore.exe ~ [8844]
iexplore.exe ~ [9592]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\romain_2\LOCALS~1\Temp\bis1CC.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\GLOBAL MAIL.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\DUMBWAVEBURNCORN.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\dzanygnp.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\iqeosely.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\nomzaiog.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\oqfqjosu.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\roamtonselse.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\Third mfcd.exe
C:\Program Files\gplbyt~1
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\romain_2\Cookies\romain_2@advertstream[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@d2.advertserve[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@adin.bigpoint[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@adin.bigpoint[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@adin.bigpoint[3].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@bigpoint[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@bigpoint[3].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.darkorbit.bigpoint[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@banner.cotedazurpalace[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@cotedazurpalace[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@cotedazurpalace[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@cotedazurpalace[3].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@adopt.euroclick[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@pacificpoker[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@32vegas[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@32vegas[3].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@banner.32vegas[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@banner.32vegas[3].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@cachewww.32vegas[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@cc.2xmoinscher[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@www.2xmoinscher[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@www.2xmoinscher[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@888[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@888[2].txt
C:\WINDOWS\Tasks\B60E01029131AA6E.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bait deaf idle setup"="C:\\Documents and Settings\\All Users\\Application Data\\Htm Support Bait Deaf\\barb view.exe"
"BoltStop"="C:\\DOCUME~1\\romain_2\\APPLIC~1\\GPLBYT~1\\Third mfcd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flag Owns Live Grim"="C:\\Documents and Settings\\All Users\\Application Data\\Software rule flag owns\\GLOBAL MAIL.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 20:36:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 9

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

=> C:\DOCUME~1\romain_2\Local Settings\Temp\Adobe Photoshop CS3 v10.0 Extended Incl Keygen [mininova]-1.torrent
=> C:\DOCUME~1\romain_2\Local Settings\Temp\Adobe Photoshop CS3 v10.0 Extended Incl Keygen [mininova].torrent


[F:2684][D:177]-> C:\DOCUME~1\romain_2\LOCALS~1\Temp
[F:446][D:0]-> C:\DOCUME~1\romain_2\Cookies
[F:2670][D:4]-> C:\DOCUME~1\romain_2\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 20:39:28,92
0
Réponse 4 / 17
RoMz34
26 juil. 2008 à 20:41
Voici mon rapport !! :)



--------------------\\ Lop S&D 4.2.2-4 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : romain_2 ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 26/07/2008 | 20:30:42,92 ] [ PC : MAISON-5BGGWHKL ]
[ MAJ : 25-07-2008 | 17:45 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[22/06/2007|12:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[25/06/2007|12:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[22/06/2007|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[25/06/2007|12:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[22/06/2007|14:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[25/06/2007|12:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[22/06/2007|14:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[25/06/2007|12:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback


[02/07/2008|11:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B31E3E9A-7A94-4183-BD28-22754492D98F}
[12/07/2008|00:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/01/2008|00:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[13/02/2008|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04/03/2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BT
[22/06/2007|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[16/11/2007|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
[27/06/2007|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[24/06/2008|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
[09/05/2008|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Insight Software
[09/05/2008|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Insight Software Solutions
[26/05/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[24/06/2008|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[24/06/2008|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[07/05/2008|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[15/11/2007|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[19/05/2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/07/2008|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[19/01/2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[15/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbError.bmp
[26/05/2008|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[27/06/2007|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[16/05/2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[20/02/2008|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[24/07/2008|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
[02/06/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[07/05/2008|21:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[12/07/2008|00:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\uPlayMe
[22/06/2007|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[25/07/2008|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[22/06/2007|12:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[01/01/2008|23:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[22/06/2007|11:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[24/07/2008|10:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

[22/06/2007|12:10] C:\DOCUME~1\MCAFEE~1\APPLIC~1\desktop.ini
[03/07/2007|20:27] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Microsoft

[22/06/2007|12:10] C:\DOCUME~1\MCAFEE~1.MAI\APPLIC~1\desktop.ini
[14/12/2007|17:27] C:\DOCUME~1\MCAFEE~1.MAI\APPLIC~1\Microsoft
[16/05/2008|16:49] C:\DOCUME~1\MCAFEE~1.MAI\APPLIC~1\SiteAdvisor

[01/01/2008|23:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/07/2008|00:12] C:\DOCUME~1\romain_2\APPLIC~1\AccurateRip
[12/07/2008|00:25] C:\DOCUME~1\romain_2\APPLIC~1\Adobe
[31/08/2007|16:07] C:\DOCUME~1\romain_2\APPLIC~1\ALLCapture
[09/04/2008|20:43] C:\DOCUME~1\romain_2\APPLIC~1\Apple Computer
[27/06/2007|08:08] C:\DOCUME~1\romain_2\APPLIC~1\Azureus
[04/03/2008|20:34] C:\DOCUME~1\romain_2\APPLIC~1\BT
[22/06/2007|12:10] C:\DOCUME~1\romain_2\APPLIC~1\desktop.ini
[28/04/2008|22:26] C:\DOCUME~1\romain_2\APPLIC~1\Desktopicon
[01/06/2008|00:01] C:\DOCUME~1\romain_2\APPLIC~1\EoRezo
[07/07/2008|21:07] C:\DOCUME~1\romain_2\APPLIC~1\fretsonfire
[26/06/2007|14:00] C:\DOCUME~1\romain_2\APPLIC~1\Google
[24/07/2008|12:20] C:\DOCUME~1\romain_2\APPLIC~1\Gpl byte
[07/05/2008|22:58] C:\DOCUME~1\romain_2\APPLIC~1\gtk-2.0
[25/06/2007|14:00] C:\DOCUME~1\romain_2\APPLIC~1\Identities
[09/06/2008|13:01] C:\DOCUME~1\romain_2\APPLIC~1\Iminent
[11/04/2008|16:23] C:\DOCUME~1\romain_2\APPLIC~1\ItsLabel
[26/06/2007|20:10] C:\DOCUME~1\romain_2\APPLIC~1\Macromedia
[07/05/2008|22:14] C:\DOCUME~1\romain_2\APPLIC~1\MAGIX
[08/05/2008|00:08] C:\DOCUME~1\romain_2\APPLIC~1\Media Player Classic
[03/02/2008|11:37] C:\DOCUME~1\romain_2\APPLIC~1\Microsoft
[26/06/2007|14:16] C:\DOCUME~1\romain_2\APPLIC~1\Mozilla
[17/03/2008|23:16] C:\DOCUME~1\romain_2\APPLIC~1\Notepad++
[25/06/2008|07:23] C:\DOCUME~1\romain_2\APPLIC~1\OpenOffice.org2
[01/07/2008|11:31] C:\DOCUME~1\romain_2\APPLIC~1\Opera
[15/11/2007|20:45] C:\DOCUME~1\romain_2\APPLIC~1\SiteAdvisor
[04/03/2008|20:34] C:\DOCUME~1\romain_2\APPLIC~1\Skinux
[19/02/2008|20:56] C:\DOCUME~1\romain_2\APPLIC~1\Skype
[19/02/2008|14:39] C:\DOCUME~1\romain_2\APPLIC~1\skypePM
[12/12/2007|17:48] C:\DOCUME~1\romain_2\APPLIC~1\Sun
[28/05/2008|15:04] C:\DOCUME~1\romain_2\APPLIC~1\SystemRequirementsLab
[26/06/2007|14:16] C:\DOCUME~1\romain_2\APPLIC~1\Talkback
[26/04/2008|23:59] C:\DOCUME~1\romain_2\APPLIC~1\teamspeak2
[27/06/2007|11:14] C:\DOCUME~1\romain_2\APPLIC~1\vlc
[06/01/2008|15:08] C:\DOCUME~1\romain_2\APPLIC~1\Winamp
[27/06/2007|13:59] C:\DOCUME~1\romain_2\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[26/07/2008 20:00][--ah-----] C:\WINDOWS\tasks\B60E01029131AA6E.job
[08/07/2008 15:43][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[26/07/2008 16:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 02:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( B60E01029131AA6E.job )=( c:\docume~1\romain_2\applic~1\gplbyt~1\roamtonselse.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[28/05/2008|15:10] C:\Program Files\AC Tool
[02/03/2008|14:15] C:\Program Files\Adobe
[26/07/2008|00:28] C:\Program Files\Antipub
[06/01/2008|00:53] C:\Program Files\Apple Software Update
[09/07/2008|12:06] C:\Program Files\AudioConverter Studio
[13/02/2008|20:41] C:\Program Files\BitComet
[13/02/2008|19:38] C:\Program Files\Bonjour
[05/03/2008|14:48] C:\Program Files\BT Softphone 2
[30/10/2007|14:54] C:\Program Files\Cakewalk
[25/06/2007|12:12] C:\Program Files\CCleaner
[19/05/2008|20:41] C:\Program Files\Circle Developement
[15/11/2007|13:45] C:\Program Files\C-Media
[22/06/2007|11:17] C:\Program Files\ComPlus Applications
[28/05/2008|15:10] C:\Program Files\CSO-DAX Compressor
[18/06/2008|18:01] C:\Program Files\DivX
[06/01/2008|13:21] C:\Program Files\EphPod
[25/07/2008|12:29] C:\Program Files\Fichiers communs
[13/07/2008|22:31] C:\Program Files\Frets on Fire
[07/05/2008|23:02] C:\Program Files\GIMP-2.0
[17/07/2007|09:45] C:\Program Files\Google
[24/07/2008|12:16] C:\Program Files\Gpl byte
[18/06/2008|18:05] C:\Program Files\GUILD WARS
[09/07/2008|00:12] C:\Program Files\Illustrate
[16/07/2008|21:53] C:\Program Files\Iminent
[27/01/2008|21:10] C:\Program Files\InstallShield Installation Information
[11/06/2008|23:29] C:\Program Files\Internet Explorer
[13/02/2008|19:38] C:\Program Files\iPod
[12/07/2008|00:25] C:\Program Files\iTunes
[28/06/2007|14:37] C:\Program Files\Java
[23/07/2008|09:47] C:\Program Files\Lavasoft
[13/07/2008|15:31] C:\Program Files\LimeWire
[24/06/2008|19:25] C:\Program Files\Logitech
[25/07/2008|20:09] C:\Program Files\ManyCam 2.2
[25/06/2007|12:38] C:\Program Files\McAfee
[28/05/2008|15:10] C:\Program Files\Messenger
[19/05/2008|20:41] C:\Program Files\Messenger Plus! Live
[15/06/2008|16:56] C:\Program Files\MessengerDiscovery
[21/02/2008|22:10] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/06/2007|11:19] C:\Program Files\microsoft frontpage
[03/02/2008|11:37] C:\Program Files\Microsoft Office
[28/05/2008|15:10] C:\Program Files\Movie Maker
[26/07/2008|20:03] C:\Program Files\Mozilla Firefox
[22/06/2007|14:36] C:\Program Files\MSI
[22/06/2007|11:17] C:\Program Files\MSN
[22/06/2007|11:17] C:\Program Files\MSN Gaming Zone
[15/06/2008|16:56] C:\Program Files\MSN Messenger
[27/06/2007|15:35] C:\Program Files\MSXML 4.0
[26/07/2008|20:27] C:\Program Files\Navilog1
[22/06/2007|11:32] C:\Program Files\NetMeeting
[17/03/2008|22:58] C:\Program Files\Notepad++
[10/04/2008|21:10] C:\Program Files\OpenOffice.org 2.4
[01/07/2008|09:25] C:\Program Files\Opera
[26/05/2008|21:26] C:\Program Files\Orb Networks
[22/06/2007|15:12] C:\Program Files\Outlook Express
[13/03/2008|23:09] C:\Program Files\PhotoFiltre
[13/02/2008|19:37] C:\Program Files\QuickTime
[15/02/2008|20:16] C:\Program Files\Red Kawa
[23/07/2008|12:41] C:\Program Files\Seagrand
[22/06/2007|11:17] C:\Program Files\Services en ligne
[22/06/2007|14:57] C:\Program Files\Setup Files
[22/06/2007|14:41] C:\Program Files\Silicon Image
[16/05/2008|17:52] C:\Program Files\SiteAdvisor
[02/06/2008|18:36] C:\Program Files\Spybot - Search & Destroy
[28/05/2008|15:04] C:\Program Files\SystemRequirementsLab
[06/04/2008|10:27] C:\Program Files\Teamspeak2_RC2
[31/12/2007|16:13] C:\Program Files\Thrustmaster
[22/06/2007|11:23] C:\Program Files\Uninstall Information
[12/07/2008|11:52] C:\Program Files\uPlayMe
[07/11/2007|17:12] C:\Program Files\Valve
[27/08/2007|13:25] C:\Program Files\VideoLAN
[25/07/2008|12:51] C:\Program Files\Windows Live
[28/05/2008|15:10] C:\Program Files\Windows Media Connect 2
[28/05/2008|15:10] C:\Program Files\Windows Media Player
[22/06/2007|11:32] C:\Program Files\Windows NT
[22/06/2007|11:17] C:\Program Files\WindowsUpdate
[26/06/2007|16:17] C:\Program Files\WinRAR
[22/06/2007|11:19] C:\Program Files\xerox
[09/02/2008|11:24] C:\Program Files\XLink Kai Evolution VII

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/03/2008|15:22] C:\Program Files\Fichiers communs\Adobe
[06/01/2008|00:52] C:\Program Files\Fichiers communs\Apple
[22/06/2007|14:49] C:\Program Files\Fichiers communs\InstallShield
[22/06/2007|14:41] C:\Program Files\Fichiers communs\Java
[24/06/2008|19:25] C:\Program Files\Fichiers communs\logishrd
[07/05/2008|22:13] C:\Program Files\Fichiers communs\MAGIX Shared
[24/03/2008|17:17] C:\Program Files\Fichiers communs\Microsoft Shared
[22/06/2007|11:18] C:\Program Files\Fichiers communs\MSSoap
[22/06/2007|12:10] C:\Program Files\Fichiers communs\ODBC
[01/06/2008|00:04] C:\Program Files\Fichiers communs\Services
[22/06/2007|12:10] C:\Program Files\Fichiers communs\SpeechEngines
[22/06/2007|15:12] C:\Program Files\Fichiers communs\System
[24/03/2008|17:21] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 53 Processus )

iexplore.exe ~ [2124]
iexplore.exe ~ [8844]
iexplore.exe ~ [9592]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\romain_2\LOCALS~1\Temp\bis1CC.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\GLOBAL MAIL.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\DUMBWAVEBURNCORN.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\dzanygnp.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\iqeosely.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\nomzaiog.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\oqfqjosu.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\roamtonselse.exe
C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\Third mfcd.exe
C:\Program Files\gplbyt~1
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\romain_2\Cookies\romain_2@advertstream[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@d2.advertserve[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@adin.bigpoint[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@adin.bigpoint[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@adin.bigpoint[3].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@bigpoint[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@bigpoint[3].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.darkorbit.bigpoint[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@banner.cotedazurpalace[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@cotedazurpalace[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@cotedazurpalace[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@cotedazurpalace[3].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@adopt.euroclick[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@pacificpoker[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@32vegas[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@32vegas[3].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@banner.32vegas[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@banner.32vegas[3].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@cachewww.32vegas[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@cc.2xmoinscher[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@www.2xmoinscher[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@www.2xmoinscher[2].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@888[1].txt
C:\DOCUME~1\romain_2\Cookies\romain_2@888[2].txt
C:\WINDOWS\Tasks\B60E01029131AA6E.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bait deaf idle setup"="C:\\Documents and Settings\\All Users\\Application Data\\Htm Support Bait Deaf\\barb view.exe"
"BoltStop"="C:\\DOCUME~1\\romain_2\\APPLIC~1\\GPLBYT~1\\Third mfcd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flag Owns Live Grim"="C:\\Documents and Settings\\All Users\\Application Data\\Software rule flag owns\\GLOBAL MAIL.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 20:36:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 9

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

=> C:\DOCUME~1\romain_2\Local Settings\Temp\Adobe Photoshop CS3 v10.0 Extended Incl Keygen [mininova]-1.torrent
=> C:\DOCUME~1\romain_2\Local Settings\Temp\Adobe Photoshop CS3 v10.0 Extended Incl Keygen [mininova].torrent


[F:2684][D:177]-> C:\DOCUME~1\romain_2\LOCALS~1\Temp
[F:446][D:0]-> C:\DOCUME~1\romain_2\Cookies
[F:2670][D:4]-> C:\DOCUME~1\romain_2\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 20:39:28,92
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
Utilisateur anonyme
26 juil. 2008 à 20:42
Relance Lop S&D


* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)
0
Réponse 6 / 17
RoMz34
26 juil. 2008 à 20:47
Voici le rapport avec l'option 2 , Suppression + Hosts :


--------------------\\ Lop S&D 4.2.2-4 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : romain_2 ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 26/07/2008 | 20:42:54,35 ] [ PC : MAISON-5BGGWHKL ]
[ MAJ : 25-07-2008 | 17:45 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\GLOBAL MAIL.exe
Supprime! - C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\DUMBWAVEBURNCORN.exe
Supprime! - C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\dzanygnp.exe
Supprime! - C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\iqeosely.exe
Supprime! - C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\nomzaiog.exe
Supprime! - C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\oqfqjosu.exe
Supprime! - C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\roamtonselse.exe
Supprime! - C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1\Third mfcd.exe
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@advertstream[2].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@d2.advertserve[1].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@adin.bigpoint[1].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@adin.bigpoint[2].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@adin.bigpoint[3].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@bigpoint[1].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@bigpoint[3].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.darkorbit.bigpoint[1].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.seafight.bigpoint[1].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@fr1.seafight.bigpoint[2].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@cotedazurpalace[3].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@32vegas[1].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@32vegas[3].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@banner.32vegas[2].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@banner.32vegas[3].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@cachewww.32vegas[2].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@cc.2xmoinscher[2].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@www.2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@www.2xmoinscher[2].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@888[1].txt
Supprime! - C:\DOCUME~1\romain_2\Cookies\romain_2@888[2].txt
Supprime! - C:\WINDOWS\Tasks\B60E01029131AA6E.job
Supprime! - C:\DOCUME~1\romain_2\LOCALS~1\Temp\bis1CC.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
Supprime! - C:\DOCUME~1\romain_2\APPLIC~1\gplbyt~1
Supprime! - C:\Program Files\gplbyt~1
Supprime! - C:\Program Files\Circle Developement
RestaurÚ! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[22/06/2007|12:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[25/06/2007|12:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[22/06/2007|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[25/06/2007|12:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[22/06/2007|14:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[25/06/2007|12:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[22/06/2007|14:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[25/06/2007|12:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback


[02/07/2008|11:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B31E3E9A-7A94-4183-BD28-22754492D98F}
[12/07/2008|00:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/01/2008|00:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[13/02/2008|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04/03/2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BT
[22/06/2007|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[16/11/2007|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
[27/06/2007|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[09/05/2008|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Insight Software
[09/05/2008|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Insight Software Solutions
[26/05/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[24/06/2008|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[24/06/2008|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[07/05/2008|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[15/11/2007|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[19/05/2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/07/2008|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[19/01/2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[15/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbError.bmp
[26/05/2008|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[27/06/2007|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[16/05/2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[20/02/2008|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[02/06/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[07/05/2008|21:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[12/07/2008|00:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\uPlayMe
[22/06/2007|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[25/07/2008|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[22/06/2007|12:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[01/01/2008|23:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[22/06/2007|11:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[24/07/2008|10:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

[22/06/2007|12:10] C:\DOCUME~1\MCAFEE~1\APPLIC~1\desktop.ini
[03/07/2007|20:27] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Microsoft

[22/06/2007|12:10] C:\DOCUME~1\MCAFEE~1.MAI\APPLIC~1\desktop.ini
[14/12/2007|17:27] C:\DOCUME~1\MCAFEE~1.MAI\APPLIC~1\Microsoft
[16/05/2008|16:49] C:\DOCUME~1\MCAFEE~1.MAI\APPLIC~1\SiteAdvisor

[01/01/2008|23:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/07/2008|00:12] C:\DOCUME~1\romain_2\APPLIC~1\AccurateRip
[12/07/2008|00:25] C:\DOCUME~1\romain_2\APPLIC~1\Adobe
[31/08/2007|16:07] C:\DOCUME~1\romain_2\APPLIC~1\ALLCapture
[09/04/2008|20:43] C:\DOCUME~1\romain_2\APPLIC~1\Apple Computer
[27/06/2007|08:08] C:\DOCUME~1\romain_2\APPLIC~1\Azureus
[04/03/2008|20:34] C:\DOCUME~1\romain_2\APPLIC~1\BT
[22/06/2007|12:10] C:\DOCUME~1\romain_2\APPLIC~1\desktop.ini
[28/04/2008|22:26] C:\DOCUME~1\romain_2\APPLIC~1\Desktopicon
[01/06/2008|00:01] C:\DOCUME~1\romain_2\APPLIC~1\EoRezo
[07/07/2008|21:07] C:\DOCUME~1\romain_2\APPLIC~1\fretsonfire
[26/06/2007|14:00] C:\DOCUME~1\romain_2\APPLIC~1\Google
[07/05/2008|22:58] C:\DOCUME~1\romain_2\APPLIC~1\gtk-2.0
[25/06/2007|14:00] C:\DOCUME~1\romain_2\APPLIC~1\Identities
[09/06/2008|13:01] C:\DOCUME~1\romain_2\APPLIC~1\Iminent
[11/04/2008|16:23] C:\DOCUME~1\romain_2\APPLIC~1\ItsLabel
[26/06/2007|20:10] C:\DOCUME~1\romain_2\APPLIC~1\Macromedia
[07/05/2008|22:14] C:\DOCUME~1\romain_2\APPLIC~1\MAGIX
[08/05/2008|00:08] C:\DOCUME~1\romain_2\APPLIC~1\Media Player Classic
[03/02/2008|11:37] C:\DOCUME~1\romain_2\APPLIC~1\Microsoft
[26/06/2007|14:16] C:\DOCUME~1\romain_2\APPLIC~1\Mozilla
[17/03/2008|23:16] C:\DOCUME~1\romain_2\APPLIC~1\Notepad++
[25/06/2008|07:23] C:\DOCUME~1\romain_2\APPLIC~1\OpenOffice.org2
[01/07/2008|11:31] C:\DOCUME~1\romain_2\APPLIC~1\Opera
[15/11/2007|20:45] C:\DOCUME~1\romain_2\APPLIC~1\SiteAdvisor
[04/03/2008|20:34] C:\DOCUME~1\romain_2\APPLIC~1\Skinux
[19/02/2008|20:56] C:\DOCUME~1\romain_2\APPLIC~1\Skype
[19/02/2008|14:39] C:\DOCUME~1\romain_2\APPLIC~1\skypePM
[12/12/2007|17:48] C:\DOCUME~1\romain_2\APPLIC~1\Sun
[28/05/2008|15:04] C:\DOCUME~1\romain_2\APPLIC~1\SystemRequirementsLab
[26/06/2007|14:16] C:\DOCUME~1\romain_2\APPLIC~1\Talkback
[26/04/2008|23:59] C:\DOCUME~1\romain_2\APPLIC~1\teamspeak2
[27/06/2007|11:14] C:\DOCUME~1\romain_2\APPLIC~1\vlc
[06/01/2008|15:08] C:\DOCUME~1\romain_2\APPLIC~1\Winamp
[27/06/2007|13:59] C:\DOCUME~1\romain_2\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[08/07/2008 15:43][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[26/07/2008 16:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 02:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[28/05/2008|15:10] C:\Program Files\AC Tool
[02/03/2008|14:15] C:\Program Files\Adobe
[26/07/2008|00:28] C:\Program Files\Antipub
[06/01/2008|00:53] C:\Program Files\Apple Software Update
[09/07/2008|12:06] C:\Program Files\AudioConverter Studio
[13/02/2008|20:41] C:\Program Files\BitComet
[13/02/2008|19:38] C:\Program Files\Bonjour
[05/03/2008|14:48] C:\Program Files\BT Softphone 2
[30/10/2007|14:54] C:\Program Files\Cakewalk
[25/06/2007|12:12] C:\Program Files\CCleaner
[15/11/2007|13:45] C:\Program Files\C-Media
[22/06/2007|11:17] C:\Program Files\ComPlus Applications
[28/05/2008|15:10] C:\Program Files\CSO-DAX Compressor
[18/06/2008|18:01] C:\Program Files\DivX
[06/01/2008|13:21] C:\Program Files\EphPod
[25/07/2008|12:29] C:\Program Files\Fichiers communs
[13/07/2008|22:31] C:\Program Files\Frets on Fire
[07/05/2008|23:02] C:\Program Files\GIMP-2.0
[17/07/2007|09:45] C:\Program Files\Google
[18/06/2008|18:05] C:\Program Files\GUILD WARS
[09/07/2008|00:12] C:\Program Files\Illustrate
[16/07/2008|21:53] C:\Program Files\Iminent
[27/01/2008|21:10] C:\Program Files\InstallShield Installation Information
[11/06/2008|23:29] C:\Program Files\Internet Explorer
[13/02/2008|19:38] C:\Program Files\iPod
[12/07/2008|00:25] C:\Program Files\iTunes
[28/06/2007|14:37] C:\Program Files\Java
[23/07/2008|09:47] C:\Program Files\Lavasoft
[13/07/2008|15:31] C:\Program Files\LimeWire
[24/06/2008|19:25] C:\Program Files\Logitech
[25/07/2008|20:09] C:\Program Files\ManyCam 2.2
[25/06/2007|12:38] C:\Program Files\McAfee
[28/05/2008|15:10] C:\Program Files\Messenger
[19/05/2008|20:41] C:\Program Files\Messenger Plus! Live
[15/06/2008|16:56] C:\Program Files\MessengerDiscovery
[21/02/2008|22:10] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/06/2007|11:19] C:\Program Files\microsoft frontpage
[03/02/2008|11:37] C:\Program Files\Microsoft Office
[28/05/2008|15:10] C:\Program Files\Movie Maker
[26/07/2008|20:39] C:\Program Files\Mozilla Firefox
[22/06/2007|14:36] C:\Program Files\MSI
[22/06/2007|11:17] C:\Program Files\MSN
[22/06/2007|11:17] C:\Program Files\MSN Gaming Zone
[15/06/2008|16:56] C:\Program Files\MSN Messenger
[27/06/2007|15:35] C:\Program Files\MSXML 4.0
[26/07/2008|20:27] C:\Program Files\Navilog1
[22/06/2007|11:32] C:\Program Files\NetMeeting
[17/03/2008|22:58] C:\Program Files\Notepad++
[10/04/2008|21:10] C:\Program Files\OpenOffice.org 2.4
[01/07/2008|09:25] C:\Program Files\Opera
[26/05/2008|21:26] C:\Program Files\Orb Networks
[22/06/2007|15:12] C:\Program Files\Outlook Express
[13/03/2008|23:09] C:\Program Files\PhotoFiltre
[13/02/2008|19:37] C:\Program Files\QuickTime
[15/02/2008|20:16] C:\Program Files\Red Kawa
[23/07/2008|12:41] C:\Program Files\Seagrand
[22/06/2007|11:17] C:\Program Files\Services en ligne
[22/06/2007|14:57] C:\Program Files\Setup Files
[22/06/2007|14:41] C:\Program Files\Silicon Image
[16/05/2008|17:52] C:\Program Files\SiteAdvisor
[02/06/2008|18:36] C:\Program Files\Spybot - Search & Destroy
[28/05/2008|15:04] C:\Program Files\SystemRequirementsLab
[06/04/2008|10:27] C:\Program Files\Teamspeak2_RC2
[31/12/2007|16:13] C:\Program Files\Thrustmaster
[22/06/2007|11:23] C:\Program Files\Uninstall Information
[12/07/2008|11:52] C:\Program Files\uPlayMe
[07/11/2007|17:12] C:\Program Files\Valve
[27/08/2007|13:25] C:\Program Files\VideoLAN
[25/07/2008|12:51] C:\Program Files\Windows Live
[28/05/2008|15:10] C:\Program Files\Windows Media Connect 2
[28/05/2008|15:10] C:\Program Files\Windows Media Player
[22/06/2007|11:32] C:\Program Files\Windows NT
[22/06/2007|11:17] C:\Program Files\WindowsUpdate
[26/06/2007|16:17] C:\Program Files\WinRAR
[22/06/2007|11:19] C:\Program Files\xerox
[09/02/2008|11:24] C:\Program Files\XLink Kai Evolution VII

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/03/2008|15:22] C:\Program Files\Fichiers communs\Adobe
[06/01/2008|00:52] C:\Program Files\Fichiers communs\Apple
[22/06/2007|14:49] C:\Program Files\Fichiers communs\InstallShield
[22/06/2007|14:41] C:\Program Files\Fichiers communs\Java
[24/06/2008|19:25] C:\Program Files\Fichiers communs\logishrd
[07/05/2008|22:13] C:\Program Files\Fichiers communs\MAGIX Shared
[24/03/2008|17:17] C:\Program Files\Fichiers communs\Microsoft Shared
[22/06/2007|11:18] C:\Program Files\Fichiers communs\MSSoap
[22/06/2007|12:10] C:\Program Files\Fichiers communs\ODBC
[01/06/2008|00:04] C:\Program Files\Fichiers communs\Services
[22/06/2007|12:10] C:\Program Files\Fichiers communs\SpeechEngines
[22/06/2007|15:12] C:\Program Files\Fichiers communs\System
[24/03/2008|17:21] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 49 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 20:44:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 9

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

=> C:\DOCUME~1\romain_2\Local Settings\Temp\Adobe Photoshop CS3 v10.0 Extended Incl Keygen [mininova]-1.torrent
=> C:\DOCUME~1\romain_2\Local Settings\Temp\Adobe Photoshop CS3 v10.0 Extended Incl Keygen [mininova].torrent


[F:2683][D:177]-> C:\DOCUME~1\romain_2\LOCALS~1\Temp
[F:420][D:0]-> C:\DOCUME~1\romain_2\Cookies
[F:2670][D:4]-> C:\DOCUME~1\romain_2\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 20:46:28,60
0
Réponse 7 / 17
RoMz34
26 juil. 2008 à 20:52
Excuse moi si je te presse un peu , mais je vais bientot allez manger !! j'aimerai regler sa dans la soiré si possible , en tout cas merci de ton aide :)
0
Réponse 8 / 17
Utilisateur anonyme
26 juil. 2008 à 20:52
Telecharge malwarebytes

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

0
Réponse 9 / 17
RoMz34
26 juil. 2008 à 20:54
Merci pendant le rapport je vais manger , j'essaie de revenir au plus vite !! a tout de suite
0
Réponse 10 / 17
RoMz34
26 juil. 2008 à 22:05
Et voici le rapport , apres un heure de durs labeurs , le logiciel a detecter deux infections !! peut etre a l'origine de mon rallentissement instantané du PC ! Raport :

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 995
Windows 5.1.2600 Service Pack 2

21:59:11 26/07/2008
mbam-log-7-26-2008 (21-59-11).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 126323
Temps écoulé: 1 hour(s), 1 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\romain_2\LOCALS~1\Temp\services.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\romain_2\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 11 / 17
RoMz34
26 juil. 2008 à 22:07
j'espere que tu est encore la , en tout cas j'ai l'impression que sa a tres bien marché car je n'ai plus aucune fenetre de pub !!! et je t'en remercie beaucoup car apparament meme le rallentissement a l'air estompé :) MERCI ENOREMEMENT !!
0
Réponse 12 / 17
Utilisateur anonyme
26 juil. 2008 à 22:15
réouvre malewarebyte
va sur quarantaine
supprime tout

refais un scan hijackthis et post le nouveau rapport stp
0
Réponse 13 / 17
RoMz34
26 juil. 2008 à 22:19
Et voila , aprés avoir supprimer le Trojans dans la quarantaines , voici le rapport de Hijack This :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:55, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\ManyCam 2.2\ManyCam.exe
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [uPlayMe] "C:\Program Files\uPlayMe\uPlayMe.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BT Softphone 2] "C:\Program Files\BT Softphone 2\BTSoftphone2.exe"
O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.2\ManyCam.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Print Spooler Service (gueewa8jyeyaw) - Unknown owner - C:\WINDOWS\system32\ubppugudacs.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
0
Réponse 14 / 17
Utilisateur anonyme
26 juil. 2008 à 22:24
Réouvre hijackthis
fais scan only
coches ces lignes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

tu les coches et tu clic sur fix checked

ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"registre" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

ensuite :


* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).



0
Réponse 15 / 17
RoMz34
26 juil. 2008 à 22:51
Excuse moi mais je crois que je l'ai fait deux foi et le rapport est vide :s : le voici :

-->- Recherche:


---------------------------------
-->- Suppression:
0
Réponse 16 / 17
Utilisateur anonyme
26 juil. 2008 à 22:53
ok c est good

bonnes vacances

@++
0
Réponse 17 / 17
RoMz34
26 juil. 2008 à 22:56
MERCIIIIIIIIIIIIIIIIIIIIIIIIIII x 100000000000000000000000000000 tu est vraiment sympa de m'avoir aidé , je n'ai plus de pub mon ordinateur ne bug plus , le bonheure , tout sa pour meme pas 2 h !! et je ne calcule pas le nombre d'heure que je vai gagner merci , heureusement que y'a des gens comme toi pour aidez les novices qui a leurs tour aiderons !! :) voila merci
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
scan comics
daraen -
dsyren -

1 réponse
comment lire des bd gratuitement en ligne sur internet ?
theodu13480 -
Ereka -

2 réponses
Problème lecture Scan manga
léa -
nagisa_hl -

14 réponses