Analyse Hijackthis, infection probable

Chessjc · le 1 avril 2009

L'installation ne se fait pas (je suis bien sur un compte administrateur).

Gof · le 1 avril 2009

Refais un essai en le téléchargeant à nouveau, et en essayant de nouveau de l'installer, toujours en Administrateur (clic droit, exécuter en tant que ...).

Si cela ne fonctionne pas malgré tout, on fera autrement.

Chessjc · le 1 avril 2009

c'est bon ça a marché

(faut être idiot pour pas retélécharger mais pris dans mon truc j'avais complètement zappé )

voici le rapport :

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® M processor 1.60GHz )

BIOS : BIOS Version 1.50

USER : Marie Claude ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:53 Go)

D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 01/04/2009|21:51 )

--------------------\\ Listing des dossiers dans APPLIC~1

[01/05/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[23/12/2008|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[23/12/2008|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[30/03/2009|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[16/09/2007|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel

[02/03/2009|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[30/03/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link

[15/12/2007|21:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd

[15/12/2007|21:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

[22/09/2007|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[21/02/2009|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[27/03/2009|10:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

[11/09/2007|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[02/07/2007|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[23/12/2008|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony

[02/07/2007|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[02/07/2007|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL

[20/01/2008|21:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[08/03/2008|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[02/07/2007|19:37] C:\DOCUME~1\claire\APPLIC~1\Adobe

[02/07/2007|19:37] C:\DOCUME~1\claire\APPLIC~1\Identities

[14/02/2009|12:11] C:\DOCUME~1\claire\APPLIC~1\Microsoft

[07/11/2008|14:19] C:\DOCUME~1\claire\APPLIC~1\Ooze cast hold

[02/07/2007|19:37] C:\DOCUME~1\claire\APPLIC~1\Sonic

[09/12/2005|12:22] C:\DOCUME~1\claire\APPLIC~1\Symantec

[02/07/2007|19:37] C:\DOCUME~1\claire\APPLIC~1\toshiba

[02/07/2007|19:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe

[02/07/2007|19:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[02/07/2007|19:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[02/07/2007|19:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic

[09/12/2005|12:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[02/07/2007|19:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

[04/05/2008|21:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/01/2009|19:37] C:\DOCUME~1\MARIEC~1\APPLIC~1\Adobe

[27/06/2008|21:38] C:\DOCUME~1\MARIEC~1\APPLIC~1\AdobeUM

[28/12/2008|20:22] C:\DOCUME~1\MARIEC~1\APPLIC~1\Apple Computer

[16/09/2007|13:22] C:\DOCUME~1\MARIEC~1\APPLIC~1\ArcSoft

[16/09/2007|13:15] C:\DOCUME~1\MARIEC~1\APPLIC~1\Ciel

[12/09/2007|15:35] C:\DOCUME~1\MARIEC~1\APPLIC~1\Encyclopedie Hachette

[10/11/2007|13:11] C:\DOCUME~1\MARIEC~1\APPLIC~1\EPSON

[29/03/2009|12:04] C:\DOCUME~1\MARIEC~1\APPLIC~1\gtk-2.0

[25/10/2007|19:10] C:\DOCUME~1\MARIEC~1\APPLIC~1\Help

[25/02/2009|22:47] C:\DOCUME~1\MARIEC~1\APPLIC~1\Icone

[02/07/2007|19:37] C:\DOCUME~1\MARIEC~1\APPLIC~1\Identities

[15/12/2007|21:20] C:\DOCUME~1\MARIEC~1\APPLIC~1\Image Zone Express

[08/07/2007|20:52] C:\DOCUME~1\MARIEC~1\APPLIC~1\InterVideo

[27/03/2009|10:16] C:\DOCUME~1\MARIEC~1\APPLIC~1\LimeWire

[02/07/2007|11:32] C:\DOCUME~1\MARIEC~1\APPLIC~1\Macromedia

[14/07/2008|22:00] C:\DOCUME~1\MARIEC~1\APPLIC~1\Marie Claude

[19/12/2008|22:41] C:\DOCUME~1\MARIEC~1\APPLIC~1\Microsoft

[01/04/2009|16:12] C:\DOCUME~1\MARIEC~1\APPLIC~1\Mozilla

[01/01/2009|17:50] C:\DOCUME~1\MARIEC~1\APPLIC~1\MSNInstaller

[30/03/2009|12:12] C:\DOCUME~1\MARIEC~1\APPLIC~1\Ooze cast hold

[17/11/2008|23:18] C:\DOCUME~1\MARIEC~1\APPLIC~1\Snapfish

[02/07/2007|19:37] C:\DOCUME~1\MARIEC~1\APPLIC~1\Sonic

[23/12/2008|20:46] C:\DOCUME~1\MARIEC~1\APPLIC~1\Sony

[09/12/2005|12:22] C:\DOCUME~1\MARIEC~1\APPLIC~1\Symantec

[02/07/2007|12:21] C:\DOCUME~1\MARIEC~1\APPLIC~1\Template

[02/07/2007|19:37] C:\DOCUME~1\MARIEC~1\APPLIC~1\toshiba

[11/02/2009|18:43] C:\DOCUME~1\MARIEC~1\APPLIC~1\Windows Live Writer

[02/07/2007|19:37] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[27/03/2009 11:16][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[01/04/2009 21:11][--ah-----] C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_TOSHIBA_Marie Claude.job

[02/07/2007 12:18][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job

[02/07/2007 12:18][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 1.job

[01/04/2009 18:05][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]

"DisplayName"="Messenger Plus! 3 & Sponsor"

"SponsorInstalled"=dword:00000000

--------------------\\ Listing des dossiers dans C:\Program Files

[31/08/2007|08:34] C:\Program Files\Activision

[02/07/2007|19:46] C:\Program Files\Adobe

[02/07/2007|11:37] C:\Program Files\Alwil Software

[23/12/2008|20:28] C:\Program Files\Apple Software Update

[02/07/2007|21:15] C:\Program Files\ArcSoft

[02/07/2007|12:18] C:\Program Files\Atheros

[02/07/2007|19:47] C:\Program Files\ATI Technologies

[20/01/2008|16:14] C:\Program Files\AVIConverter

[30/03/2009|11:38] C:\Program Files\Avira

[16/09/2007|13:32] C:\Program Files\Ciel

[30/03/2009|12:43] C:\Program Files\Circle Developement

[09/12/2005|08:00] C:\Program Files\ComPlus Applications

[30/04/2008|12:49] C:\Program Files\Controle Parental

[01/05/2008|18:35] C:\Program Files\DigimaxReader Eng

[02/07/2007|21:11] C:\Program Files\directx

[30/07/2007|13:20] C:\Program Files\Electronic Arts

[30/03/2009|18:13] C:\Program Files\eMule

[02/07/2007|20:43] C:\Program Files\epson

[28/02/2009|23:43] C:\Program Files\Fichiers communs

[02/03/2009|22:24] C:\Program Files\GIMP-2.0

[27/03/2009|09:31] C:\Program Files\Google

[11/09/2007|20:13] C:\Program Files\Hachette

[15/12/2007|21:19] C:\Program Files\HP

[30/03/2009|11:34] C:\Program Files\InstallShield Installation Information

[12/02/2009|21:16] C:\Program Files\Internet Explorer

[02/07/2007|19:51] C:\Program Files\InterVideo

[08/11/2008|15:36] C:\Program Files\IVT Corporation

[02/07/2007|19:51] C:\Program Files\Java

[08/05/2008|19:23] C:\Program Files\LimeWire

[15/12/2007|21:47] C:\Program Files\Logitech

[02/07/2007|19:51] C:\Program Files\ltmoh

[11/10/2008|18:02] C:\Program Files\Messenger

[20/02/2009|22:21] C:\Program Files\Messenger Plus! Live

[31/08/2008|18:22] C:\Program Files\MessengerPlus! 3

[17/12/2008|22:34] C:\Program Files\Microsoft

[03/07/2007|21:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[02/07/2007|19:51] C:\Program Files\microsoft frontpage

[02/07/2007|12:19] C:\Program Files\Microsoft Office

[26/02/2009|08:07] C:\Program Files\Microsoft Silverlight

[08/03/2008|16:50] C:\Program Files\Microsoft SQL Server Compact Edition

[17/12/2008|22:27] C:\Program Files\Microsoft Sync Framework

[02/07/2007|11:57] C:\Program Files\Microsoft Visual Studio

[10/09/2008|22:14] C:\Program Files\Microsoft Works

[02/07/2007|19:51] C:\Program Files\Microsoft.NET

[11/10/2008|17:57] C:\Program Files\Movie Maker

[01/04/2009|18:08] C:\Program Files\Mozilla Firefox

[14/07/2007|15:52] C:\Program Files\MSN

[02/07/2007|19:52] C:\Program Files\MSN Gaming Zone

[03/07/2007|20:57] C:\Program Files\MSXML 4.0

[11/10/2008|17:53] C:\Program Files\NetMeeting

[28/05/2008|17:40] C:\Program Files\NRJ

[01/05/2008|18:35] C:\Program Files\Offre Wanadoo

[02/07/2007|19:52] C:\Program Files\Online Services

[20/02/2009|22:21] C:\Program Files\Ooze cast hold

[11/10/2008|17:53] C:\Program Files\Outlook Express

[29/08/2008|19:45] C:\Program Files\PhotoFiltre

[29/07/2008|23:04] C:\Program Files\PhotoFiltre Studio

[23/12/2008|20:31] C:\Program Files\QuickTime

[02/07/2007|19:52] C:\Program Files\Realtek

[02/07/2007|21:13] C:\Program Files\Samsung

[02/07/2007|12:23] C:\Program Files\Securitoo

[02/07/2007|19:53] C:\Program Files\Services en ligne

[02/07/2007|19:53] C:\Program Files\Sonic

[23/12/2008|20:33] C:\Program Files\Sony

[23/12/2008|20:33] C:\Program Files\Sony Ericsson

[02/07/2007|11:39] C:\Program Files\Symantec

[02/07/2007|19:53] C:\Program Files\Synaptics

[02/07/2007|19:54] C:\Program Files\TOSHIBA

[30/03/2009|11:45] C:\Program Files\Trend Micro

[16/09/2007|13:08] C:\Program Files\Uninstall Information

[01/03/2009|00:11] C:\Program Files\Wanadoo

[21/02/2009|12:09] C:\Program Files\Windows Live

[08/03/2008|16:43] C:\Program Files\Windows Live Favorites

[17/12/2008|22:23] C:\Program Files\Windows Live SkyDrive

[17/12/2008|22:28] C:\Program Files\Windows Live Toolbar

[20/01/2008|18:12] C:\Program Files\Windows Media Connect 2

[11/10/2008|17:53] C:\Program Files\Windows Media Player

[11/10/2008|17:53] C:\Program Files\Windows NT

[09/12/2005|08:01] C:\Program Files\WindowsUpdate

[02/07/2007|19:54] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[01/05/2008|20:47] C:\Program Files\Fichiers communs\Adobe

[16/09/2007|13:25] C:\Program Files\Fichiers communs\Ciel

[02/07/2007|11:57] C:\Program Files\Fichiers communs\DESIGNER

[28/02/2009|23:43] C:\Program Files\Fichiers communs\France Telecom

[15/12/2007|21:19] C:\Program Files\Fichiers communs\HP

[02/07/2007|20:46] C:\Program Files\Fichiers communs\InstallShield

[02/07/2007|19:48] C:\Program Files\Fichiers communs\Java

[16/12/2007|10:01] C:\Program Files\Fichiers communs\LogiShrd

[21/02/2009|12:01] C:\Program Files\Fichiers communs\Microsoft Shared

[02/07/2007|19:48] C:\Program Files\Fichiers communs\MSSoap

[02/07/2007|19:48] C:\Program Files\Fichiers communs\ODBC

[16/09/2007|13:34] C:\Program Files\Fichiers communs\Sage

[02/07/2007|19:48] C:\Program Files\Fichiers communs\Services

[02/07/2007|19:48] C:\Program Files\Fichiers communs\SpeechEngines

[11/10/2008|17:53] C:\Program Files\Fichiers communs\System

[17/12/2008|22:02] C:\Program Files\Fichiers communs\Windows Live

[08/03/2008|16:21] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 60 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link

C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link\Bleh Vc.dat

C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link\error audio.dat

C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link\SEND ATOM.dat

C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsb19.tmp

C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsd60.tmp

C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsf16.tmp

C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsg64.tmp

C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsn1F.tmp

C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsu69.tmp

C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsy66.tmp

C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsz63.tmp

C:\Program Files\Circle Developement

C:\DOCUME~1\MARIEC~1\Cookies\marie [email protected][1].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@advertstream[2].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][1].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@advertising[1].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][1].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@bigpoint[2].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][2].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][1].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][2].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][1].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@casinoking[2].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][1].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@cotedazurpalace[2].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][1].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][2].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@pacificpoker[2].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][1].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@partypoker[1].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@partypoker[2].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][2].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@vegasred[1].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][2].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][1].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@2xmoinscher[1].txt

C:\DOCUME~1\MARIEC~1\Cookies\[email protected][2].txt

C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@888[1].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-01 21:52:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 669

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:1949][D:138]-> C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp

[F:2293][D:0]-> C:\DOCUME~1\MARIEC~1\Cookies

[F:15843][D:71]-> C:\DOCUME~1\MARIEC~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 01/04/2009|21:56 - Option : [1]

--------------------\\ Fin du rapport a 21:56:44

Modifié le 1 avril 2009 par Chessjc

Gof · le 1 avril 2009

Bien.

Rends toi dans ton Panneau Ajout/Suppression de programmes, et viens sélectionner Windows Live Messenger Plus.

Désinstalle le, (tes paramètres seront conservés). Tu pourras le retélécharger ici si tu le souhaites, mais fais attention à ne pas installer le sponsor ; c'est lui qui est responsable de cette infection.

Cette infection a la particularité malgré les publicités de te prôtéger à ton insu de certains sites de faux utilitaires de sécurité via des modifications dans le fichier hosts. C'est pourquoi, avec ton accord, je te suggère de laisser les entrées ajoutées par l'infection, elles ne font rien de mal.

Relance Lop S&D

Choisis cette fois ci l'Option 3 ( Suppression )
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

Assure toi d'avoir l'accès aux fichiers et dossiers cachés.

Pour afficher les fichiers et dossiers cachés du systéme :

Démarrer, Poste de travail ou autre dossier, Menu Outils -> Option des dossiers -> onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation
---> Répondre OUI à la demande de confirmation

Cliquer Appliquer puis OK

Supprime les répertoires suivants si présents (je n'ai pas le nom complet du répertoire en bleu, mais tu le trouveras facilement avec le début du nom) :

C:\Documents and Settings\MARIEC~1\Application Data\Ooze cast hold <= ce répertoire
C:\Documents and Settings\claire\Application Data\Ooze cast hold <ce répertoire

Vide ta corbeille. Il faudra me dire si tu as pu supprimé ces deux répertoires en me postant le rapport de l'outil.

Chessjc · le 1 avril 2009

J'ai désinstallé le programme et pu supprimer les 2 répertoires

voici le rapport :

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® M processor 1.60GHz )

BIOS : BIOS Version 1.50

USER : Marie Claude ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:53 Go)

D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [3] ( 01/04/2009|23:09 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link\Bleh Vc.dat

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link\error audio.dat

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link\SEND ATOM.dat

Supprime! - C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsb19.tmp

Supprime! - C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsd60.tmp

Supprime! - C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsf16.tmp

Supprime! - C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsg64.tmp

Supprime! - C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsn1F.tmp

Supprime! - C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsu69.tmp

Supprime! - C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsy66.tmp

Supprime! - C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\nsz63.tmp

Supprime! - C:\DOCUME~1\MARIEC~1\Cookies\marie [email protected][1].txt

Supprime! - C:\DOCUME~1\MARIEC~1\Cookies\marie_claude@advertstream[2].txt