Sujet Précédent Sujet Suivant

Virus : besoin d'aide!!

Fermé
Bd - 3 mars 2009 à 02:44
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 5 mars 2009 à 20:16
Bonjour,
J'ai acheté récement un ordinateur, et du jour au lendemain j'ai choppé un virus, alors même que je prenais soin de ne pas aller sur des sites a fort risques ://
Ce virus se manifeste par le fait que internet explorer est toujours dans mes programmes en cours, alors même que j'utilise firefox, et que de temps a autre des fenêtres internet explorer popent sans aucune action de ma part :-((((
Merci d'avance de votre aide

Ci joint le log hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:43:53, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Tom\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\Garena\Garena.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\MSC\mcshell.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tom\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1208&m=aspire_7730g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1208&m=aspire_7730g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1208&m=aspire_7730g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Close Stupid] "C:\ProgramData\Gplrulerule.eivxxa"
O4 - HKLM\..\Run: [Fork live trust pop] "C:\ProgramData\the face type.uvdnma"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

5 réponses

Réponse 1 / 5
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
3 mars 2009 à 02:45
Salut,

Tu es infecté par Lop.

Je te fais une procédure.
0
Réponse 2 / 5
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
3 mars 2009 à 02:50
--> Désactive l'UAC le temps de la désinfection.

--> Télécharge Lop S&D (par Eric_71 & Angeldark) sur ton Bureau.

--> Double-clique dessus pour lancer l'installation.

--> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).

--> Patiente jusqu'à la fin du scan.

--> Poste le rapport généré (C:\lopR.txt).
0
Bd
3 mars 2009 à 14:27
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz )
BIOS : ZY2 v0.3611 3F11
USER : Tom ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:227 Go (Free:117 Go)
D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 03/03/2009|14:25 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[06/02/2009|20:41] C:\Users\Tom\AppData\Local\Acer Arcade Deluxe
[26/02/2009|05:17] C:\Users\Tom\AppData\Local\Adobe
[06/02/2009|01:18] C:\Users\Tom\AppData\Local\Application Data
[06/02/2009|20:41] C:\Users\Tom\AppData\Local\CyberLink
[03/03/2009|04:56] C:\Users\Tom\AppData\Local\d3d9caps.dat
[01/03/2009|08:23] C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[14/02/2009|17:05] C:\Users\Tom\AppData\Local\eMule
[01/03/2009|02:07] C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
[06/02/2009|01:25] C:\Users\Tom\AppData\Local\Google
[06/02/2009|01:18] C:\Users\Tom\AppData\Local\Historique
[02/03/2009|20:25] C:\Users\Tom\AppData\Local\IconCache.db
[01/03/2009|01:46] C:\Users\Tom\AppData\Local\Microsoft
[06/02/2009|01:39] C:\Users\Tom\AppData\Local\Mozilla
[07/02/2009|10:42] C:\Users\Tom\AppData\Local\PlayMovie
[15/02/2009|05:11] C:\Users\Tom\AppData\Local\PowerCinema
[06/02/2009|20:41] C:\Users\Tom\AppData\Local\SoftDMA
[03/03/2009|14:25] C:\Users\Tom\AppData\Local\Temp
[06/02/2009|01:18] C:\Users\Tom\AppData\Local\Temporary Internet Files
[06/02/2009|01:44] C:\Users\Tom\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[15/02/2009 01:00][--a------] C:\Windows\tasks\McDefragTask.job
[01/03/2009 01:00][--a------] C:\Windows\tasks\McQcTask.job
[02/03/2009 20:28][--ah-----] C:\Windows\tasks\SA.DAT
[02/03/2009 20:26][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[31/10/2008|17:45] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[31/10/2008|18:07] C:\ProgramData\Acer GameZone Console
[31/10/2008|18:13] C:\ProgramData\Adobe
[02/11/2006|14:02] C:\ProgramData\Application Data
[07/02/2009|00:55] C:\ProgramData\Azureus
[06/02/2009|01:17] C:\ProgramData\Bureau
[15/02/2009|05:11] C:\ProgramData\CyberLink
[14/02/2009|16:49] C:\ProgramData\DAEMON Tools Lite
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[14/02/2009|17:05] C:\ProgramData\eMule
[03/03/2009|02:21] C:\ProgramData\Eq Anti Fork Live
[31/10/2008|18:23] C:\ProgramData\eSobi
[06/02/2009|01:17] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[31/10/2008|17:57] C:\ProgramData\FloodLightGames
[06/02/2009|01:19] C:\ProgramData\Google
[03/03/2009|13:59] C:\ProgramData\Gplrulerule.1nahm
[03/03/2009|03:16] C:\ProgramData\Gplrulerule.8icpa
[03/03/2009|04:00] C:\ProgramData\Gplrulerule.8y3o2
[03/03/2009|02:54] C:\ProgramData\Gplrulerule.ae7ji
[03/03/2009|02:21] C:\ProgramData\Gplrulerule.eivxxa
[03/03/2009|02:21] C:\ProgramData\Gplrulerule.ftwwj
[03/03/2009|03:38] C:\ProgramData\Gplrulerule.ohb9ub
[03/03/2009|04:44] C:\ProgramData\Gplrulerule.qk0ac
[03/03/2009|14:21] C:\ProgramData\Gplrulerule.xmhx3to
[03/03/2009|04:22] C:\ProgramData\Gplrulerule.y0hsyf
[07/02/2009|01:22] C:\ProgramData\McAfee
[06/02/2009|01:17] C:\ProgramData\Menu D‚marrer
[06/02/2009|01:27] C:\ProgramData\Microsoft
[31/10/2008|17:46] C:\ProgramData\Microsoft Help
[06/02/2009|01:17] C:\ProgramData\ModŠles
[03/03/2009|02:21] C:\ProgramData\Multi Tray Safe
[11/12/2008|18:26] C:\ProgramData\NVIDIA
[03/03/2009|13:49] C:\ProgramData\nvModes.001
[03/03/2009|13:49] C:\ProgramData\nvModes.dat
[07/02/2009|10:42] C:\ProgramData\SiteAdvisor
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/11/2006|14:02] C:\ProgramData\Templates
[03/03/2009|02:21] C:\ProgramData\the face type.uvdnma

--------------------\\ Listing des dossiers dans C:\Program Files

[06/02/2009|01:19] C:\Program Files\Acer
[11/12/2008|18:18] C:\Program Files\Acer Arcade Deluxe
[31/10/2008|18:07] C:\Program Files\Acer GameZone
[11/12/2008|18:10] C:\Program Files\Acer Inc
[11/12/2008|18:18] C:\Program Files\Acer Incorporated
[31/10/2008|17:45] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[31/10/2008|18:14] C:\Program Files\Adobe
[07/02/2009|00:54] C:\Program Files\AskBarDis
[31/10/2008|17:34] C:\Program Files\AVerMedia
[31/10/2008|18:07] C:\Program Files\Big Kahuna Reef
[31/10/2008|17:31] C:\Program Files\Broadcom
[12/02/2009|02:14] C:\Program Files\Common Files
[31/10/2008|18:14] C:\Program Files\Convesoft
[31/10/2008|18:21] C:\Program Files\Cyberlink
[14/02/2009|16:49] C:\Program Files\DAEMON Tools Lite
[12/02/2009|02:14] C:\Program Files\DivX
[14/02/2009|17:05] C:\Program Files\eMule
[31/10/2008|18:22] C:\Program Files\eSobi
[06/02/2009|01:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[03/03/2009|03:51] C:\Program Files\Garena
[06/02/2009|01:19] C:\Program Files\Google
[01/03/2009|02:04] C:\Program Files\Guitar Pro 5
[01/03/2009|21:57] C:\Program Files\InstallShield Installation Information
[11/12/2008|18:04] C:\Program Files\Intel
[21/01/2008|03:35] C:\Program Files\Internet Explorer
[07/02/2009|00:52] C:\Program Files\Java
[07/02/2009|13:32] C:\Program Files\K-Lite Codec Pack
[28/02/2009|21:20] C:\Program Files\Launch Manager
[16/02/2009|17:12] C:\Program Files\Le B‚gaiement de l'enfant
[07/02/2009|10:42] C:\Program Files\McAfee
[31/10/2008|17:37] C:\Program Files\McAfee.com
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[31/10/2008|17:44] C:\Program Files\Microsoft Office
[31/10/2008|17:44] C:\Program Files\Microsoft Works
[31/10/2008|17:42] C:\Program Files\Microsoft.NET
[09/02/2009|20:12] C:\Program Files\mIRC
[21/01/2008|03:35] C:\Program Files\Movie Maker
[02/03/2009|22:19] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[06/02/2009|01:41] C:\Program Files\MSN Messenger
[06/02/2009|01:47] C:\Program Files\MSXML 4.0
[03/03/2009|02:21] C:\Program Files\Multi Tray Safe
[03/03/2009|02:21] C:\Program Files\NetPumper
[31/10/2008|18:11] C:\Program Files\NewTech Infosystems
[31/10/2008|17:25] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[31/10/2008|17:30] C:\Program Files\Synaptics
[01/03/2009|21:57] C:\Program Files\THQ
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[06/02/2009|01:53] C:\Program Files\Ventrilo
[27/02/2009|04:49] C:\Program Files\Vuze
[03/03/2009|04:38] C:\Program Files\Warcraft
[21/02/2009|17:30] C:\Program Files\Warkeys
[31/10/2008|17:35] C:\Program Files\Winbond Electronics Corporation
[21/01/2008|03:35] C:\Program Files\Windows Calendar
[21/01/2008|03:35] C:\Program Files\Windows Collaboration
[21/01/2008|03:35] C:\Program Files\Windows Defender
[21/01/2008|03:35] C:\Program Files\Windows Journal
[12/02/2009|03:00] C:\Program Files\Windows Mail
[21/01/2008|03:35] C:\Program Files\Windows Media Player
[06/02/2009|01:17] C:\Program Files\Windows NT
[21/01/2008|03:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|03:35] C:\Program Files\Windows Sidebar
[14/02/2009|01:03] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[31/10/2008|18:13] C:\Program Files\Common Files\Adobe
[31/10/2008|18:13] C:\Program Files\Common Files\Adobe AIR
[31/10/2008|17:42] C:\Program Files\Common Files\DESIGNER
[07/02/2009|00:54] C:\Program Files\Common Files\i4j_jres
[14/02/2009|16:52] C:\Program Files\Common Files\InstallShield
[31/10/2008|18:11] C:\Program Files\Common Files\LightScribe
[31/10/2008|17:37] C:\Program Files\Common Files\McAfee
[31/10/2008|17:46] C:\Program Files\Common Files\microsoft shared
[31/10/2008|18:09] C:\Program Files\Common Files\muvee Technologies
[31/10/2008|17:56] C:\Program Files\Common Files\Oberon Media
[12/02/2009|02:14] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|03:35] C:\Program Files\Common Files\System
[06/02/2009|01:52] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 93 Processes )

iexplore.exe ~ [PID:5576]
iexplore.exe ~ [PID:5368]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\Gplrulerule.1nahm
C:\ProgramData\Gplrulerule.8icpa
C:\ProgramData\Gplrulerule.8y3o2
C:\ProgramData\Gplrulerule.ae7ji
C:\ProgramData\Gplrulerule.ftwwj
C:\ProgramData\Gplrulerule.qk0ac
C:\ProgramData\Gplrulerule.eivxxa
C:\ProgramData\Gplrulerule.ohb9ub
C:\ProgramData\Gplrulerule.y0hsyf
C:\ProgramData\the face type.uvdnma
C:\ProgramData\Gplrulerule.xmhx3to
C:\Users\Tom\AppData\Local\Temp\bisC4BB.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\Tom\AppData\Local\Temp\NetPumper.zip
C:\Users\Tom\AppData\Local\Temp\minime.exe
C:\Users\Tom\AppData\Local\Temp\HtmlControl.dll
C:\Users\Tom\AppData\Local\Temp\nslA2AD.tmp
C:\Program Files\NetPumper
C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\Cookies\tom@advertising[2].txt
C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\Cookies\tom@adopt.euroclick[2].txt
C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\Cookies\tom@pacificpoker[1].txt
C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\Cookies\tom@partypoker[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Close Stupid"="\"C:\\ProgramData\\Gplrulerule.xmhx3to\""
"Fork live trust pop"="\"C:\\ProgramData\\the face type.uvdnma\""

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 14:25:50
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Tom\Documents\Azureus Downloads\Warhammer 40,000 - Dawn of War\Keygen
C:\Users\Tom\Documents\Azureus Downloads\Warhammer 40,000 - Dawn of War\No Cd Crack
C:\Users\Tom\Documents\Azureus Downloads\Warhammer 40,000 - Dawn of War\Keygen\HAANDI's multikeygen (9).exe
C:\Users\Tom\Documents\Azureus Downloads\Warhammer 40,000 - Dawn of War\No Cd Crack\W40k.exe
C:\Users\Tom\Downloads\eMule\Incoming\(incl. KeyGen) warhammer 40000 dawn of war 2 crack.zip
C:\Users\Tom\Downloads\eMule\Incoming\NOCD + KEYGEN + CRACK Warhammer 40000 Dawn of War Dark Crusade By MarciO.rar
C:\Users\Tom\Downloads\eMule\Incoming\Warhammer 40,000 [ 40K WH40K W40K] Dawn of War Soulstorm serial0 keygen0.exe


[F:671][D:66]-> C:\Users\Tom\AppData\Local\Temp
[F:81][D:1]-> C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1937][D:5]-> C:\Users\Tom\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:6][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 03/03/2009|14:27 - Option : [1]

--------------------\\ Fin du rapport a 14:27:04
[ UAC => 1 ]



Voila! et merci!
0
Réponse 3 / 5
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
3 mars 2009 à 15:47
--> Double-clique sur le raccourci de Lop S&D pour le lancer.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Choisis cette fois-ci l'option 2 (Suppression).

--> Ne ferme pas la fenêtre lors de la suppression !

--> Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0
Bd
3 mars 2009 à 18:31
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz )
BIOS : ZY2 v0.3611 3F11
USER : Tom ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:227 Go (Free:116 Go)
D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 03/03/2009|18:20 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\Tom\AppData\Local\Temp\NetPumper.zip
Supprime! - C:\Users\Tom\AppData\Local\Temp\minime.exe
Supprime! - C:\Users\Tom\AppData\Local\Temp\HtmlControl.dll
Supprime! - C:\Users\Tom\AppData\Local\Temp\nslA2AD.tmp
Supprime! - C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\Cookies\tom@advertising[2].txt
Supprime! - C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\Cookies\tom@pacificpoker[1].txt
Supprime! - C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\Cookies\tom@partypoker[2].txt
Supprime! - C:\ProgramData\Gplrulerule.1nahm
Supprime! - C:\ProgramData\Gplrulerule.8icpa
Supprime! - C:\ProgramData\Gplrulerule.8y3o2
Supprime! - C:\ProgramData\Gplrulerule.ae7ji
Supprime! - C:\ProgramData\Gplrulerule.ftwwj
Supprime! - C:\ProgramData\Gplrulerule.qk0ac
Supprime! - C:\ProgramData\Gplrulerule.eivxxa
Supprime! - C:\ProgramData\Gplrulerule.ohb9ub
Supprime! - C:\ProgramData\Gplrulerule.y0hsyf
Supprime! - C:\ProgramData\the face type.uvdnma
Supprime! - C:\ProgramData\Gplrulerule.xmhx3to
Supprime! - C:\Users\Tom\AppData\Local\Temp\bisC4BB.exe
Supprime! - C:\Program Files\NetPumper
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[06/02/2009|20:41] C:\Users\Tom\AppData\Local\Acer Arcade Deluxe
[26/02/2009|05:17] C:\Users\Tom\AppData\Local\Adobe
[06/02/2009|01:18] C:\Users\Tom\AppData\Local\Application Data
[06/02/2009|20:41] C:\Users\Tom\AppData\Local\CyberLink
[03/03/2009|04:56] C:\Users\Tom\AppData\Local\d3d9caps.dat
[01/03/2009|08:23] C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[14/02/2009|17:05] C:\Users\Tom\AppData\Local\eMule
[01/03/2009|02:07] C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
[06/02/2009|01:25] C:\Users\Tom\AppData\Local\Google
[06/02/2009|01:18] C:\Users\Tom\AppData\Local\Historique
[02/03/2009|20:25] C:\Users\Tom\AppData\Local\IconCache.db
[01/03/2009|01:46] C:\Users\Tom\AppData\Local\Microsoft
[06/02/2009|01:39] C:\Users\Tom\AppData\Local\Mozilla
[07/02/2009|10:42] C:\Users\Tom\AppData\Local\PlayMovie
[15/02/2009|05:11] C:\Users\Tom\AppData\Local\PowerCinema
[06/02/2009|20:41] C:\Users\Tom\AppData\Local\SoftDMA
[03/03/2009|18:20] C:\Users\Tom\AppData\Local\Temp
[06/02/2009|01:18] C:\Users\Tom\AppData\Local\Temporary Internet Files
[06/02/2009|01:44] C:\Users\Tom\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[15/02/2009 01:00][--a------] C:\Windows\tasks\McDefragTask.job
[01/03/2009 01:00][--a------] C:\Windows\tasks\McQcTask.job
[02/03/2009 20:28][--ah-----] C:\Windows\tasks\SA.DAT
[02/03/2009 20:26][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[31/10/2008|17:45] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[31/10/2008|18:07] C:\ProgramData\Acer GameZone Console
[31/10/2008|18:13] C:\ProgramData\Adobe
[02/11/2006|14:02] C:\ProgramData\Application Data
[07/02/2009|00:55] C:\ProgramData\Azureus
[06/02/2009|01:17] C:\ProgramData\Bureau
[15/02/2009|05:11] C:\ProgramData\CyberLink
[14/02/2009|16:49] C:\ProgramData\DAEMON Tools Lite
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[14/02/2009|17:05] C:\ProgramData\eMule
[03/03/2009|02:21] C:\ProgramData\Eq Anti Fork Live
[31/10/2008|18:23] C:\ProgramData\eSobi
[06/02/2009|01:17] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[31/10/2008|17:57] C:\ProgramData\FloodLightGames
[06/02/2009|01:19] C:\ProgramData\Google
[03/03/2009|15:04] C:\ProgramData\Gplrulerule.1i0a8
[03/03/2009|16:10] C:\ProgramData\Gplrulerule.215jb
[03/03/2009|14:42] C:\ProgramData\Gplrulerule.5skpm
[03/03/2009|17:16] C:\ProgramData\Gplrulerule.6hcgnq
[03/03/2009|17:37] C:\ProgramData\Gplrulerule.bwgvd5
[03/03/2009|16:54] C:\ProgramData\Gplrulerule.fvao3
[03/03/2009|15:26] C:\ProgramData\Gplrulerule.ico4nt
[03/03/2009|16:32] C:\ProgramData\Gplrulerule.lah70z
[03/03/2009|15:48] C:\ProgramData\Gplrulerule.o3jid
[03/03/2009|17:59] C:\ProgramData\Gplrulerule.ub89vkw
[07/02/2009|01:22] C:\ProgramData\McAfee
[06/02/2009|01:17] C:\ProgramData\Menu D‚marrer
[06/02/2009|01:27] C:\ProgramData\Microsoft
[31/10/2008|17:46] C:\ProgramData\Microsoft Help
[06/02/2009|01:17] C:\ProgramData\ModŠles
[03/03/2009|02:21] C:\ProgramData\Multi Tray Safe
[11/12/2008|18:26] C:\ProgramData\NVIDIA
[03/03/2009|18:00] C:\ProgramData\nvModes.001
[03/03/2009|18:00] C:\ProgramData\nvModes.dat
[07/02/2009|10:42] C:\ProgramData\SiteAdvisor
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/11/2006|14:02] C:\ProgramData\Templates

--------------------\\ Listing des dossiers dans C:\Program Files

[06/02/2009|01:19] C:\Program Files\Acer
[11/12/2008|18:18] C:\Program Files\Acer Arcade Deluxe
[31/10/2008|18:07] C:\Program Files\Acer GameZone
[11/12/2008|18:10] C:\Program Files\Acer Inc
[11/12/2008|18:18] C:\Program Files\Acer Incorporated
[31/10/2008|17:45] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[31/10/2008|18:14] C:\Program Files\Adobe
[07/02/2009|00:54] C:\Program Files\AskBarDis
[31/10/2008|17:34] C:\Program Files\AVerMedia
[31/10/2008|18:07] C:\Program Files\Big Kahuna Reef
[31/10/2008|17:31] C:\Program Files\Broadcom
[12/02/2009|02:14] C:\Program Files\Common Files
[31/10/2008|18:14] C:\Program Files\Convesoft
[31/10/2008|18:21] C:\Program Files\Cyberlink
[14/02/2009|16:49] C:\Program Files\DAEMON Tools Lite
[12/02/2009|02:14] C:\Program Files\DivX
[14/02/2009|17:05] C:\Program Files\eMule
[31/10/2008|18:22] C:\Program Files\eSobi
[06/02/2009|01:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[03/03/2009|16:26] C:\Program Files\Garena
[06/02/2009|01:19] C:\Program Files\Google
[01/03/2009|02:04] C:\Program Files\Guitar Pro 5
[01/03/2009|21:57] C:\Program Files\InstallShield Installation Information
[11/12/2008|18:04] C:\Program Files\Intel
[21/01/2008|03:35] C:\Program Files\Internet Explorer
[07/02/2009|00:52] C:\Program Files\Java
[07/02/2009|13:32] C:\Program Files\K-Lite Codec Pack
[28/02/2009|21:20] C:\Program Files\Launch Manager
[16/02/2009|17:12] C:\Program Files\Le B‚gaiement de l'enfant
[07/02/2009|10:42] C:\Program Files\McAfee
[31/10/2008|17:37] C:\Program Files\McAfee.com
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[31/10/2008|17:44] C:\Program Files\Microsoft Office
[31/10/2008|17:44] C:\Program Files\Microsoft Works
[31/10/2008|17:42] C:\Program Files\Microsoft.NET
[09/02/2009|20:12] C:\Program Files\mIRC
[21/01/2008|03:35] C:\Program Files\Movie Maker
[02/03/2009|22:19] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[06/02/2009|01:41] C:\Program Files\MSN Messenger
[06/02/2009|01:47] C:\Program Files\MSXML 4.0
[03/03/2009|02:21] C:\Program Files\Multi Tray Safe
[31/10/2008|18:11] C:\Program Files\NewTech Infosystems
[31/10/2008|17:25] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[31/10/2008|17:30] C:\Program Files\Synaptics
[01/03/2009|21:57] C:\Program Files\THQ
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[06/02/2009|01:53] C:\Program Files\Ventrilo
[27/02/2009|04:49] C:\Program Files\Vuze
[03/03/2009|16:44] C:\Program Files\Warcraft
[21/02/2009|17:30] C:\Program Files\Warkeys
[31/10/2008|17:35] C:\Program Files\Winbond Electronics Corporation
[21/01/2008|03:35] C:\Program Files\Windows Calendar
[21/01/2008|03:35] C:\Program Files\Windows Collaboration
[21/01/2008|03:35] C:\Program Files\Windows Defender
[21/01/2008|03:35] C:\Program Files\Windows Journal
[12/02/2009|03:00] C:\Program Files\Windows Mail
[21/01/2008|03:35] C:\Program Files\Windows Media Player
[06/02/2009|01:17] C:\Program Files\Windows NT
[21/01/2008|03:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|03:35] C:\Program Files\Windows Sidebar
[14/02/2009|01:03] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[31/10/2008|18:13] C:\Program Files\Common Files\Adobe
[31/10/2008|18:13] C:\Program Files\Common Files\Adobe AIR
[31/10/2008|17:42] C:\Program Files\Common Files\DESIGNER
[07/02/2009|00:54] C:\Program Files\Common Files\i4j_jres
[14/02/2009|16:52] C:\Program Files\Common Files\InstallShield
[31/10/2008|18:11] C:\Program Files\Common Files\LightScribe
[31/10/2008|17:37] C:\Program Files\Common Files\McAfee
[31/10/2008|17:46] C:\Program Files\Common Files\microsoft shared
[31/10/2008|18:09] C:\Program Files\Common Files\muvee Technologies
[31/10/2008|17:56] C:\Program Files\Common Files\Oberon Media
[12/02/2009|02:14] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|03:35] C:\Program Files\Common Files\System
[06/02/2009|01:52] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 90 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

C:\ProgramData\Gplrulerule.1i0a8
C:\ProgramData\Gplrulerule.215jb
C:\ProgramData\Gplrulerule.5skpm
C:\ProgramData\Gplrulerule.fvao3
C:\ProgramData\Gplrulerule.o3jid
C:\ProgramData\Gplrulerule.6hcgnq
C:\ProgramData\Gplrulerule.bwgvd5
C:\ProgramData\Gplrulerule.ico4nt
C:\ProgramData\Gplrulerule.lah70z
C:\ProgramData\Gplrulerule.ub89vkw

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\Cookies\tom@adopt.euroclick[1].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 18:20:53
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Tom\Documents\Azureus Downloads\Warhammer 40,000 - Dawn of War\Keygen
C:\Users\Tom\Documents\Azureus Downloads\Warhammer 40,000 - Dawn of War\No Cd Crack
C:\Users\Tom\Documents\Azureus Downloads\Warhammer 40,000 - Dawn of War\Keygen\HAANDI's multikeygen (9).exe
C:\Users\Tom\Documents\Azureus Downloads\Warhammer 40,000 - Dawn of War\No Cd Crack\W40k.exe
C:\Users\Tom\Downloads\eMule\Incoming\(incl. KeyGen) warhammer 40000 dawn of war 2 crack.zip
C:\Users\Tom\Downloads\eMule\Incoming\NOCD + KEYGEN + CRACK Warhammer 40000 Dawn of War Dark Crusade By MarciO.rar
C:\Users\Tom\Downloads\eMule\Incoming\Warhammer 40,000 [ 40K WH40K W40K] Dawn of War Soulstorm serial0 keygen0.exe


[F:674][D:65]-> C:\Users\Tom\AppData\Local\Temp
[F:78][D:1]-> C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1998][D:5]-> C:\Users\Tom\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:6][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 03/03/2009|14:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 03/03/2009|18:22 - Option : [2]

--------------------\\ Fin du rapport a 18:22:22
[ UAC => 1 ]
0
Réponse 4 / 5
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
3 mars 2009 à 20:46
--> Télécharge DirLook sur ton Bureau.

--> Clique droit sur DirLook.exe et choisis Exécuter en tant qu'administrateur.

--> Copie le texte ci-dessous :




C:\Program Files\Multi Tray Safe
C:\ProgramData\Multi Tray Safe
C:\ProgramData\Eq Anti Fork Live




--> Dans la petite fenêtre de DirLook, faire un clic droit dans la zone blanche et choisir Coller.
Note : les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de DirLook.

--> Clique sur le bouton DirLook pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, le Bloc-notes s'ouvre.
Note : Dans le Bloc-notes, vérifie dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.

--> Enregistre le rapport sous le nom DirLook1.txt et ferme le Bloc-notes.

--> Ferme DirLook en cliquant sur le bouton Exit puis poste le rapport.
0
Bd
5 mars 2009 à 20:10
DirLook.exe v2.0 by jpshortstuff
Log created at 20:10 on 05/03/2009
==================================[b]
Contents of "C:\Program Files\Multi Tray Safe"
[/b]
[b][color=blue]---FOLDERS---[/b][/color]

(none found)

[b][color=blue]---FILES---[/b][/color]

(none found)

==================================[b]
Contents of "C:\ProgramData\Multi Tray Safe"
[/b]
[b][color=blue]---FOLDERS---[/b][/color]

(none found)

[b][color=blue]---FILES---[/b][/color]

[b]lkzqqobx.exe[/b] (745472 bytes - created on 03/03/2009 at 01:21, modified on 03/03/2009 at 01:21) --a---
[b]TRANS DRAW.exe[/b] (610304 bytes - created on 03/03/2009 at 01:21, modified on 03/03/2009 at 01:21) --a---

==================================[b]
Contents of "C:\ProgramData\Eq Anti Fork Live"
[/b]
[b][color=blue]---FOLDERS---[/b][/color]

(none found)

[b][color=blue]---FILES---[/b][/color]

[b]Face bend.dat[/b] (4446236 bytes - created on 03/03/2009 at 01:21, modified on 03/03/2009 at 13:49) --a---
[b]Face bend.exe[/b] (745472 bytes - created on 03/03/2009 at 01:21, modified on 03/03/2009 at 13:49) --a---

==================================
[b][color=blue]=EOF=[/b][/color]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
5 mars 2009 à 20:16
Ce sont bien des dossiers Lop. Je reviens plus tard.

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
C:\ProgramData\Gplrulerule.1i0a8
C:\ProgramData\Gplrulerule.215jb
C:\ProgramData\Gplrulerule.5skpm
C:\ProgramData\Gplrulerule.fvao3
C:\ProgramData\Gplrulerule.o3jid
C:\ProgramData\Gplrulerule.6hcgnq
C:\ProgramData\Gplrulerule.bwgvd5
C:\ProgramData\Gplrulerule.ico4nt
C:\ProgramData\Gplrulerule.lah70z
C:\ProgramData\Gplrulerule.ub89vkw
C:\Program Files\Multi Tray Safe
C:\ProgramData\Multi Tray Safe
C:\ProgramData\Eq Anti Fork Live

:commands
[purity]
[emptytemp]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses